Abstract
Data breach is a serious global security and trust concern. Data breaches have both direct and indirect as well as a short-term and long-term financial implications for the victim organization. One of the significant long-term financial costs is the loss of consumer trust in the organization. It seems that the sheer number and size of data breaches, insider data breaches, in particular, is not about to slow down anytime soon. There is a need to heighten information security to prevent such breaches, and there is a need to deploy trust-building strategies to minimize the trust fallout from such breaches. There is plenty of evidence that consumers use corporate social responsibility (CSR) as a means of differentiating one company from another. In this paper, we examine if CSR strategies such as embracing a social cause (LGBT and nature) could assist in repairing organizational trust in the wake of a data breach.
You have full access to this open access chapter, Download conference paper PDF
Similar content being viewed by others
Keywords
1 Introduction
Data breach is a serious global security and trust concern. According to Breachlevelindex.com (2017), more than 5 million records are lost or stolen every day. The site reports that India had 274 million records lost or stolen since 2003, while the US had 5.8 billion records lost or stolen during the same period. According to Infosecurity-magazine.com insider threats are responsible for 43% of all data breaches (Seals 2015). Data breaches have both direct and indirect as well as a short-term as well as long-term financial implications for the victim organization (Bansal et al. 2015, 2017). One of the significant long-term financial costs is the loss of consumer trust in the organization (Bansal and Zahedi 2015, Target 2015).
It seems that the sheer number and size of data breaches, insider data breaches, in particular, is not about to slow down anytime soon. There is a need to heighten information security to prevent such breaches, and there is a need to deploy trust-building strategies to minimize the trust fallout from such breaches. There is plenty of evidence that consumers use corporate social responsibility (CSR) as a means of differentiating one company from another. For instance, Gupta and Pirsch (2006) cite that around 80% of users trust organizations that back a social cause. However, to date, there has been no systematic examination of the results of perceived CSR activities on trust violation and repair. In this paper, we examine if CSR strategies such as embracing a social cause (LGBT and nature) could assist in repairing organizational trust in the wake of a data breach.
The remainder of this paper is organized as follows: the following section presents the research model and the hypotheses. Research methodology and results are presented next. The paper concludes by discussing the theoretical, practical, and social implications along with future research directions.
2 Theoretical Model
Ellen et al. (2006) grouped CSR efforts into four categories. First, egoistic driven motives – that exploit the cause rather than help it. Second, strategic driven motives – that support the attainment of business goals (e.g., create positive impressions) while supporting the cause. Third, stakeholder-driven motives – that support the cause primarily because of pressure from stakeholders. Last, values-driven motives – that pertain to benevolence-motivated giving. In this paper, we examine the signaling effect of social cause endorsement by a website using images (Zahedi and Bansal 2011). The use of website image in such a way could be argued to be a strategic or stakeholder driven CSR initiative (Ellen et al. 2006).
There is growing evidence that CSR activities help generate returns - in the form of increased purchase intentions as well as higher prices (Bhattacharya et al. 2009; Yoon et al. 2006). Such socially responsible organizations signal that they care for and are interested in healthy and enduring relationships with their stakeholders (Waddock and Smith, 2000). Gupta and Pirsch (2006) stated that “[i]ndividuals who support such companies satisfy their humanitarian desires and thus perceive they are obtaining additional value from their purchases” (p. 325).
Numerous theories have been brought to bear on the subject of CSR. Examples include agency theory, stakeholder theory, stewardship theory, RBV, institutional theory, and theory of the firm (see McWilliams and Siegel 2001). In this research, we examine CSR initiatives from an attribution theory perspective. Attribution theory suggests that if the behavior of the other party is consistent with prior expectations, then the cause of action is attributed internally to him/her. Otherwise, it is attributed to external situations (Jones and Nisbett 1971; Jarvenpaa et al. 2004). Thus, using an attribution theory perspective, we argue that in the case of a data breach and subsequent apology by a website, users would be more forgiving if the website comes across as more benevolent towards its stakeholders (Shankar et al. 2002). We argue that depicting images advocating and embracing a social cause would signal the strategic/stakeholder driven CSR efforts of the website. Such images, in turn, would make the users attribute the breach failure to external situational characteristics (instead of attributing it to the website), and thus dampen the effect of the data breach and enhance the effect of corporate apology. The research model is shown in Fig. 1 and discussed below.
-
Hypothesis 1. The level of initial trust is higher for websites signaling a higher level of social cause endorsements (such as LGBT and nature issues).
-
Hypothesis 2. The level of violated trust in the wake of an insider data breach is higher for websites signaling a higher level of social cause endorsements (such as LGBT and nature issues).
-
Hypothesis 3. The level of repaired trust in the wake of an insider data breach and a subsequent corporate apology is higher for websites signaling a higher level of social cause endorsements (such as LGBT and nature issues).
3 Research Methodology
We created four website home pages each with a different image – as shown in Fig. 2 below. We used Qualtrics to design an experimental survey to collect the data. Respondents were randomly assigned to view a website, and they were asked to answer questions about the website and also asked to provide individual traits and demographics. Figure 3 shows the flow process of the experiment. Respondents were quizzed to make sure that they had sifted through the website (homepage). Data were collected from students and families living in a Midwestern US region. 476 unique respondents completed the survey. Only 394 of the 476 respondents answered a quiz question about the website name correctly. We included only these 396 in our analysis.
We divided our sample into four groups based on the image each group saw on the website: straight, lesbian, gay or nature. Table 1 provides gender and mean age values for these four groups.
We used existing items wherever possible. Privacy concern (PC), trust (ability - ABL, benevolence - BEN, integrity - INT and overall trust), reputation (REP), design (DES), perceived seriousness of the breach news (SERIOUS), and trust propensity (TRPR) items were taken from Bansal and Zahedi (2015). Insider news and apology vignettes were taken from Bansal et al. (2017). Acceptance of LGBT (LGBT) items were adapted from Herek (1988), and perceived corporate citizenship (PCC) items were adapted from Lichtenstein et al. (2004).
We cleaned the data before conducting the analysis. We also performed exploratory factor analysis to identify the items that demonstrate high factor loadings and low cross-loadings. All items except for one reputation item demonstrated high loadings and low cross-loadings. We then averaged the items to generate the respective constructs (Shamir et al. 1998). All analyses were carried out with SPSS v 23.
4 Results
We analyzed the data using ANOVA. We carried out three different ANOVA tests to examine the three hypotheses. Results as shown in Tables 2, 3, and 4, and depicted graphically in Figs. 4, 5 and 6, reveal that H1 and H2 are not supported, H3 is supported at .05 level for overall trust and benevolence based trust, and at .10 level for ability-based trust. H3 is not supported for integrity based trust. We briefly discuss the results below.
Hypothesis 1 - Initial Trust: In the first step we examined whether the initial trust differed across the four website scenarios studied. We controlled for privacy concern, perceived website reputation, perceived website design, trust propensity, perceived corporate citizenship, user gender, and user age. We also controlled for one’s acceptance of the LGBT community. The results showed that H1 is not supported. The p values are all higher than .05 for all trust types (as shown in Table 2). The graphs in Fig. 4 show that mean values for initial trust are slightly higher for the three websites depicting a social cause (LGBT and nature), especially for ability and benevolence based trust. However, the differences are not significant.
Hypothesis 2 - Violated Trust. In the second step, we examined whether the violated trust differed across the four website scenarios studied. We controlled for the perceived seriousness of the breach news along with the variables controlled in H1. We also controlled for the respective initial trust when examining the differences in violated trust. For instance, we controlled for initial integrity based trust when examining integrity based trust violation. The results (Table 3) show that H2 is not supported. The p values are higher than .05 for all trust types. The graphs in Fig. 5 show that mean values for violated trust are slightly lower for the websites depicting social cause endorsements (LGBT and nature) for benevolence based trust, however; the difference is not significant.
Hypothesis 3 - Repaired Trust. In the third and last step, we examined if the repaired trust differed across the four websites studied. In this step, we controlled for mean violated trust along with the control variables used in H2. Results support H3 for overall trust and benevolence trust at .05 level, and ability based trust at .10 level (Overall F test in Table 4). Results (Fig. 6) show that trust regained is higher for websites with “social responsibility” (except for integrity based trust).
Post hoc analysis (also in Table 4) suggests that the lesbian scenario garnered more trust (as compared to the straight scenario) for all four trust types. The analysis also shows that the nature scenario emerged as second best and improved trust for both benevolence based and overall trust. However, the gay scenario improved trust only for benevolence based trust. Thus, benevolence trust was regained across all three (lesbian, gay and nature) website scenarios (as compared to the straight scenario) followed by the overall trust which was regained significantly only for two scenarios (lesbian and nature).
5 Discussion
Even though researchers agree that CSR could provide a differentiation strategy (McWilliams and Kiegel 2001), “there exists little conceptual clarity regarding when, how, and why firms might be able to achieve their strategic goals, such as gaining a competitive advantage, through their CSR actions” (Du et al. 2011, p. 1528). Thus, this research serves two critical theoretical functions: it adds to our understanding of the role of CSR actions in achieving strategic goals, and it also provides additional insight into various strategies that could help mitigate a trust crisis following a data breach.
Prior research suggests that consumers are likely to view attributions of stakeholder and strategic driven motives negatively or unresponsively (Vlachos et al. 2009), as they believe the company is acting to avoid retribution from stakeholders or they suspect that the company is trying to get a strategic benefit in return. In this study, the unresponsiveness showed towards the initial and violated trust (p-value > .05) validates such apprehensions. However, the fact that the CSR initiatives did improve trust rebuilding (T3) shows that strategic and stakeholder driven CSR initiatives might not translate into immediate trust gains, but they do have the potential to supplement trust rebuilding efforts when followed by an apology. The fact that benevolence based trust scored higher than other trust types is consistent with the findings of Hegner et al. (2016) who found in their study using 304 Dutch respondents, that “rebuilding strategy has a more positive effect on benevolence-based than ability-based trust.”
The work has managerial, theoretical, and social implications. The results suggest that managers may need to be aware of perceived CSR as a critical variable in rebuilding trust following a crisis, notably a data breach. Socially, the work shows that society in general, and the sample demographics (Midwestern US), are more accepting of two females raising a child and aptly reward the website with improved repaired trust following a data breach and subsequent corporate apology. Even though the US Supreme Court bars states from banning same-sex marriages, and courts in India recognize third-gender (Crocker 2017), US federal laws have no workplace protection for LGBT employees (Zapulla 2017) and there are minimal protections for transgender individuals in India (Crocker 2017); the results suggest that there might be economic returns to supporting such a cause.
This research shows that the LGBT driven CSR efforts could help in trust rebuilding efforts, especially in the Midwestern US region. However, it is known that CSR issues are country specific (e.g., Maignan and Ralston 2002). A social cause that is worth pursuing in one country might not be a noble goal in another country. For instance, two dozen countries allow same-sex marriages, mostly in Europe and the America (PEW 2017), and at the same time, in 74 countries, same-sex marriages are considered a criminal offense (Fenton 2016). The stakeholder theory of trust (Shankar et al. 2002) suggests that relationships and alliances with one stakeholder (say customers in the US) impacts trust with other stakeholders (say customers in India). In today’s digital age many businesses have a global outreach. Several Indian IT businesses, for instance, drive revenues from western countries where same-sex marriages are now legal. It will be interesting to study the cross-cultural impact of LGBT endorsements and other CSR exercises on trust building/rebuilding by a multinational firm in two different countries in which it operates, one that legalizes the social cause, and the other that does not. Similarly, it would be of interest to examine the cross-cultural efficacy of different CSR social causes and different strategies of embracing them – strategic driven versus value driven for example (Ellen et al. 2006).
References
Bansal, G., Benzshawel, A., Estrada, D.: Insider data breaches and trust violation: the role of privacy concern, age and gender. In: Proceedings of 12th Midwest Association for Information Systems Conference. University of Illinois, Springfield (2017)
Bansal, G., Zahedi, F.M.: Trust violation and repair: the information privacy perspective. Decis. Support Syst. 71, 62–77 (2015)
Bhattacharya, C.B., Korschun, D., Sankar, S.: Strengthening stakeholder-company relationships through mutually beneficial corporate social responsibility initiatives. J. Bus. Eth. 85, 257–272 (2009)
Breachlevelindex.com: Data Breach Statistics (2017). http://breachlevelindex.com/. Accessed 27 July 2016
Crocker, L.: How India Embraces The ‘Third Gender’: Laxmi Narayan Tripathi at ‘Women in The World’, 4 July 2017. http://www.thedailybeast.com/how-india-embraces-the-third-gender-laxmi-narayan-tripathi-at-women-in-the-world. Accessed 26 July 2017
Du, S., Bhattacharya, C.B., Sen, S.: Corporate social responsibility and competitive advantage: overcoming the trust barrier. Manag. Sci. 57(9), 1528–1545 (2011)
Ellen, P.S., Web, D.J., Mohr, L.A.: Building corporate associations: consumer attributions for corporate social responsibility programs. J. Acad. Mark. Sci. 34(2), 147–157 (2006)
Fenton: LGBT relationships are illegal in 74 countries, research finds, 17 May 2016. http://www.independent.co.uk/news/world/gay-lesbian-bisexual-relationships-illegal-in-74-countries-a7033666.html. Accessed 27 July 2017
Gupta, S., Pirsch, J.: The company-cause-customer fit decision in cause-related marketing. J. Consum. Mark. 23(6), 314–326 (2006)
Hegner, S.M., Beldad, A.D., Kraesgenberg, A.: The impact of crisis response strategy, crisis type, and corporate social responsibility on post-crisis consumer trust and purchase intention. Corp. Reput. Rev. 19(4), 357–370 (2016)
Herek, G.M.: Heterosexuals’ attitudes toward lesbians and gay men: correlates and gender differences. Journal Sex Res. 25(4), 451–477 (1988)
Jarvenpaa, S.L., Shaw, T.R., Staples, D.S.: Toward contextualized theories of trust: the role of trust in global virtual teams. Inf. Syst. Res. 15(3), 250–267 (2004)
Jones, E.E., Nisbett, R.E.: The Actor and the Observer: Divergent Perceptions of the Causes of Behavior. General Learning Press, Morristown (1971)
Lichtenstein, D.R., Drumwright, M.E., Braig, B.M.: The effect of corporate social responsibility on customer donations to corporate-supported nonprofits. J. Mark. 68, 16–32 (2004)
Maignan, I., Ralston, D.A.: Corporate social responsibility in Europe and the U.S.: insights from businesses’ self - presentations. J. Int. Bus. Stud. 33, 497–514 (2002)
McWilliams, A., Siegel, D.: Corporate social responsibility: a theory of the firm perspective. Acad. Manag. Rev. 26(1), 117–127 (2001)
PEW Research Center: Gay Marriage Around the World, 30 June 2017. http://www.pewforum.org/2017/06/30/gay-marriage-around-the-world-2013/. Accessed 27 July 2017
Seals, T.: Insider Threats Responsible for 43% of Data Breaches, 25 September 2015. https://www.infosecurity-magazine.com/news/insider-threats-reponsible-for-43/. Accessed 27 July 2016
Shamir, B., Zakay, E., Breinin, E., Popper, M.: Correlates of charismatic leader behavior in military units: subordinates’ attitudes, unit characteristics, and superiors’ appraisals of leader performance. Acad. Manag. J. 41(4), 387–409 (1998)
Shankar, V., Urban, G.L., Sultan, F.: Online trust: a stakeholder perspective, concepts, implications, and future directions. J. Strateg. Inf. Syst. 11, 325–344 (2002)
Target: 2015 Annual Report (2015). https://corporate.target.com/_media/TargetCorp/annualreports/2015/pdfs/Target-2015-Annual-Report.pdf. Accessed 27 July 2017
Vlachos, P.A., Tsamakos, A., Vrechopoulos, A.P., Avramidis, P.K.: Corporate social responsibility: attributions, loyalty, and the mediating role of trust. Acad. Mark. Sci. J. 37(2), 170–180 (2009)
Waddock, S., Smith, N.: Relationships: the real challenge of corporate global citizenship. Bus. Soc. Rev. 105(1), 47–62 (2000)
Yoon, Y., Gurhan-Canli, Z., Schwarz, N.: The effect of corporate social responsibility (CSR) activities on companies with bad reputations. J. Consum. Psychol. 16(4), 377–390 (2006)
Zahedi, F.M., Bansal, G.: Cultural signifiers of web site images. J. Manag. Inf. Syst. 28(1), 147–200 (2011)
Zappulla, A.: The simple reason why so many businesses support LGBT rights, 14 January 2017. https://www.weforum.org/agenda/2017/01/why-so-many-businesses-support-lgbt-rights/. Accessed 26 July 2017
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG, part of Springer Nature
About this paper
Cite this paper
Bansal, G. (2018). Data Breaches and Trust Rebuilding: Moderating Impact of Signaling of Corporate Social Responsibility. In: Nah, FH., Xiao, B. (eds) HCI in Business, Government, and Organizations. HCIBGO 2018. Lecture Notes in Computer Science(), vol 10923. Springer, Cham. https://doi.org/10.1007/978-3-319-91716-0_19
Download citation
DOI: https://doi.org/10.1007/978-3-319-91716-0_19
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-91715-3
Online ISBN: 978-3-319-91716-0
eBook Packages: Computer ScienceComputer Science (R0)