Date of Graduation


Document Type


Degree Name

Doctor of Philosophy in Business Administration (PhD)

Degree Level



Information Systems


Varun Grover

Committee Member

Rajiv Sabherwal

Second Committee Member

Vernon Richardson

Third Committee Member

Amber Young


cybersecurity, data breach, information systems


The role of information in today’s economy is essential as organizations that can effectively store and leverage information about their stakeholders can gain an advantage in their markets. The extensive digitization of business information can make organizations vulnerable to data breaches. A data breach is the unauthorized access to sensitive, protected, or confidential data resulting in the compromise of information security. Data breaches affect not only the breached organization but also various related stakeholders. After a data breach, stakeholders of the breached organizations show negative behaviors, which causes the breached organizations to face financial and non-financial costs. As such, the objective of this dissertation is to better understand the effect of data breaches on the stakeholders of the breached organization and the factors that can inhibit the negative behaviors. This dissertation uses a multi-method investigation to examine two external stakeholders, customers and shareholders, in a data breach aftermath. Essay 1 identifies data breach event and announcement characteristics and examines the impact of these characteristics on the customers’ and shareholders’ behaviors. Essay 2 investigates the effective strategy that the breached organizations can adopt after a data breach incident by examining the impact of various data breach response strategies. It also investigates the effect of response times with respect to data breach notification laws on the stakeholders. Each essay constitutes two studies with appropriate research methods for the two stakeholders under investigation. The dissertation is expected to provide several implications for research and practice.