دانلود رایگان مقاله انگلیسی اعتماد و رفتارهای امنیتی مصرف کننده به دنبال نقض اطلاعات - امرالد 2018

Abstract

Purpose – The purpose of this study was to determine how security statement certainty (overconfident, underconfident and realistic) and behavioral intentions of potential consumers impact the perceptions of companies in the presence or absence of a past security breach. Design/methodology/approach – The study exposed participants to three types of security statements and randomly assigned them to the presence or absence of a previous breach. Participants then evaluated the company and generated a hypothetical password for that company. Findings – This study found that the presence or absence of a previous breach had a large impact on company perceptions, but a minimal impact on behavioral intentions to be personally more secure. Research limitations/implications – The authors found that the presence or absence of a previous breach had a large impact on company perceptions, but minimal impact on behavioral intentions to be personally more secure. Practical implications – Companies need to be cautious about how much confidence they convey to consumers. Companies should not rely on consumers engaging in secure online practices, even following a breach. Social implications – Companies need to communicate personal security behaviors to consumers in a way that still instills confidence in the company but encourages personal responsibility. Originality/value – The confidence of company security statements and presence of a previous breach were examined for their impact on company perception and a novel dependent variable of password complexity.

Discussion

We explored the impact of security statement strength (overconfident, underconfident and realistic) and the presence of a security breach on perceptions of companies and intended and actual security behaviors. Our first hypothesis: that companies who have experienced a security breach will be perceived as less trustworthy and spur higher consumer security behavior compared to companies that have not been breached, was partially supported. Specifically, we found that individuals reported more trust in companies when they had never been breached. However, participants did not create more complex passwords or indicate more security engagement in response to known data breaches. This interesting result was contrary to our predictions. Our second hypothesis, which related to the manipulation of the confidence of the security statements, was not supported.

It appears that even contradictory information (i.e. overconfidence þ the presence of a breach) does not seem to motivate participants towards the behavioral intention of a more complex password. Further, there is no evidence that overconfident companies suffer much in the way of detrimental trust effects, as compared to realistic or underconfident companies when they have the presence of a breach. Further, we expected that the confidence projected in a company security statement would influence perceptions of trust and intended user security behavior, and there is some evidence to support our results. Specifically, Belanger et al. (2002) found that trust in a company is more generally determined first by the pleasure features of online use, then by the perceived security features and rarely by security statements themselves. Further, Metzger (2006) found that consumer trust is more strongly influenced by reputation rather than the framing of security assurances. Thus, this study provides further support that company statements are less important than perhaps previously considered when it comes to trusting a company.