Home > Research > Seminars > Content

Seminars

Prof. Carol Ou's Lecture Notice

Publish Date: 2021/06/21 10:31:53    Hits:

 

Title: Does security breach matter? A study on risk assessment and companies’ response strategy

Time:2021.6.23 14:30-16:30

Tencent ID:140 702 133

 

Seminar Speaker: Prof. Carol Ou, Department of Management, Tilburg University, the Netherlands

Bio: Carol Ou is a Professor of Digital Transformation and Information Management. She is currently the Head of Management Department at Tilburg University, the Netherlands. Her research interests include digital transformation, applied business intelligence, computer-mediated communication, social commerce, smart recommendation agents and knowledge management. Her publications have appeared in such journals as MISQ, JAIS, ISJ, JASIST, CACM, DSS, IJIM, I&M, IJHCIS, among others. Carol is serving as a senior editor for Information Systems Journals, Information & Management, as well as IT & People. She chaired many tracks in the major conferences on Information Systems such as ICIS, ECIS and PACIS. She is also a Certified IS Auditor and an Academic Advocate of IS Audit and Control Association. Her website ishttps://research.tilburguniversity.edu/en/persons/carol-ou.

Abstract

We address a long-standing debate in the Information Systems literature on whether there is a relationship among security breach, consumers’ perceived risk and their online re-purchase intention. We shed light onto this debate by investigating the effect of security breach announcements (i.e., denial of service, threat of information and virus attack) and companies’ response strategy. We draw on the risk literature and the protection motivation theory to conceptualize the proposed models. To test the models, we obtained empirical data from two vignette-based surveys. The first set of data demonstrates that security breach announcements have a short-term negative impact on consumers’ perceived risk, which can be mitigated by companies’ reputation. The second set of data suggests companies’ response strategy does matter in handling security breach, but with interesting nuanced details. We discuss the implications of our findings for theory and practice, and delineate an agenda for future research on this topic.