Data Breach Crisis The impact of crisis type, pre-crisis reputation, and crisis response strategy on perception on organizations

Due to the rise of the Internet, the automatic collection of information of online users and transformation into extensive data collections keeps on expanding. The threat for online users is that these data gathering practices of organizations could result in the occurrence of a data breach crisis. For organizations situated in a data breach crisis, it is challenging to manage stakeholders' perceptions and engagement in secondary crisis communications. The issue of data breach crisis is a relatively new topic, which makes it relevant to explore this with an audience-centered focus since little research has been done on this context. This study was conducted using three data breach crisis types (intentional and internal crisis vs. unintentional and internal crisis vs. intentional and external crisis), two crisis response strategies (denial vs. no response) and a different pre-crisis reputation (high vs. low). These factors, in combination with two stakeholder emotions, namely anger and sympathy, and individual privacy concerns, were connected to the perception on organizations. Also, emotion and individual privacy concerns were connected to secondary crisis communication. In this way, the results of this study provide a broad understanding of which factors are essential for organizations to keep in mind to control stakeholders’ perceptions and the resulting secondary crisis communications. The following research questions were conducted: “How do crisis type (intentional and internal vs. unintentional and internal vs. intentional and external), crisis response strategy (denial vs. no response) and pre-crisis reputation (high vs. low) affect the perception on organizations after a data breach crisis?” and “What are the roles of emotion and individual privacy concerns on the perception on organizations and secondary crisis communication?”. An experiment design was developed by using the online tool ‘Qualtrics’ to answer the research questions. The online experiment was implemented by using a 3 X 2 X 2 factorial between-subject design for a total of twelve conditions. A convenience sampling method was distributed by using the online tool ‘Amazon Mechanical Turk’. After cleaning the data, 563 participants were included in the final dataset. The results showed a significant impact of the difference of an intentional and internal data breach crisis and an intentional and external data breach crisis, the difference between high and low pre-crisis reputation, and intensity of emotion on the perception on organizations. Also, the intensity of emotion and individual privacy concerns had a significant impact on secondary crisis communication. When an organization has to deal with managing a data breach crisis, the results indicate that the most important aspects to keep in mind are the internal or external occurrence of the crisis, the reputation of the organization before the crisis, stakeholders’ emotions towards the organization, and individual privacy concerns. More extensive research on this field is required for both marketers and scholars to develop a deeper understanding of the impact of data breach crisis on stakeholders.