What to do after a data breach? Examining apology and compensation as response strategies for health service providers

Innovative IT-enabled health services promise tremendous benefits for customers and service providers alike. Simultaneously, health services by nature process sensitive customer information, and data breaches have become an everyday phenomenon. The challenge that health service providers face is to find effective recovery strategies after data breaches to retain customer trust and loyalty. We theorize and investigate how two widely applied recovery actions (namely apology and compensation) affect customer reactions after a data breach in the specific context of fitness trackers. Drawing on expectation confirmation theory, we argue that the recovery actions derived from practice, apology, and compensation address the assimilation-contrast model’s tolerance range and, thus, always lead to satisfaction with the recovery strategy, which positively influences customers’ behavior. We employ an experimental investigation and collect data from fitness tracker users during a running event. In the end, we found substantial support for our research model. Health service providers should determine specific customer expectations and align their data breach recovery strategies accordingly.

Data breach recovery areas: an exploration of organization's recovery strategies for surviving data breaches

PurposeData breaches are an increasing phenomenon in today's digital society. Despite the preparations an organization must take to prevent a data breach, it is still necessary to develop strategies in the event of a data breach. This paper explores the key recovery areas necessary for data breach recovery.Design/methodology/approachStakeholder theory and three recovery areas (customer, employee and process recovery) are proposed as necessary theoretical lens to study data breach recovery. Three data breach cases (Anthem, Equifax, and Citrix) were presented to provide merit to the argument of the proposed theoretical foundations of stakeholder theory and recovery areas for data breach recovery research.FindingsInsights from these cases reveal four areas of recovery are necessary for data breach recovery – customer recovery, employee recovery, process recovery and regulatory recovery.Originality/valueThese areas are presented in the data recovery areas model and are necessary for: (1) organizations to focus on these areas when resolving data breaches and (2) future data breach recovery researchers in developing their research in the field.

Three Essays on Corporate Financial Constraints

<p><b>This thesis is composed of three self-contained empirical essays in corporate finance, with the first two exploring the financial policy and credit risk implications of data breaches, and the third examining whether financing influences the sensitivity of cash and investment to asset tangibility. In the first essay, we contribute to the growing debate on cybersecurity risks and how firms can insulate themselves, at least partially, from the adverse effects of data breach risks. Specifically, we examine the effects of data breach disclosure laws and the subsequent disclosure of data breaches on the cash policies of corporations in the United States (U.S.). Exploiting a series of natural experiments regarding staggered state-level data breach disclosure laws, we find that the passage of mandatory disclosure laws leads to an increase in cash holdings. Our finding suggests that mandatory data breach disclosure laws increase the ex ante risks related to data breaches, hence, firms hold on to more cash as a precautionary motive. Further, we find firms that suffer data breaches adjust their financial policies by holding more cash as well as decreasing external finance and investment.</b></p> <p>The second essay examines the impact of data breaches on firm credit risk. Using firm-level credit ratings and credit default swap (CDS) spreads to proxy for credit risk, we find that data breaches lead to increases in firm credit risk. Firms exposed to data breaches are more likely to experience credit rating downgrades and an increase in the CDS spread of traded bonds. Also, firms who suffer data breaches report lower sales and ROA, experience an increase in financial distress, and conditional on a data breach incident, the likelihood of a future data breach increases. Lastly, these effects are magnified for firms with low-interest coverage ratios.</p> <p>In the third essay, using the financial deregulation of seasoned equity issuance in the U.S. as an exogenous shock to access to equity markets, I investigate the influence of financing on the sensitivity of cash and investment to asset tangibility. I show that financing dampens the sensitivity of cash and investment to asset tangibility and promotes investment and firm growth. This provides evidence that public firms even in well-developed financial markets such as the U.S., benefit from financial deregulation that removes barriers to external equity financing, shedding light on the role of financial markets in fostering growth.</p>

Three Essays on Corporate Financial Constraints

<p><b>This thesis is composed of three self-contained empirical essays in corporate finance, with the first two exploring the financial policy and credit risk implications of data breaches, and the third examining whether financing influences the sensitivity of cash and investment to asset tangibility. In the first essay, we contribute to the growing debate on cybersecurity risks and how firms can insulate themselves, at least partially, from the adverse effects of data breach risks. Specifically, we examine the effects of data breach disclosure laws and the subsequent disclosure of data breaches on the cash policies of corporations in the United States (U.S.). Exploiting a series of natural experiments regarding staggered state-level data breach disclosure laws, we find that the passage of mandatory disclosure laws leads to an increase in cash holdings. Our finding suggests that mandatory data breach disclosure laws increase the ex ante risks related to data breaches, hence, firms hold on to more cash as a precautionary motive. Further, we find firms that suffer data breaches adjust their financial policies by holding more cash as well as decreasing external finance and investment.</b></p> <p>The second essay examines the impact of data breaches on firm credit risk. Using firm-level credit ratings and credit default swap (CDS) spreads to proxy for credit risk, we find that data breaches lead to increases in firm credit risk. Firms exposed to data breaches are more likely to experience credit rating downgrades and an increase in the CDS spread of traded bonds. Also, firms who suffer data breaches report lower sales and ROA, experience an increase in financial distress, and conditional on a data breach incident, the likelihood of a future data breach increases. Lastly, these effects are magnified for firms with low-interest coverage ratios.</p> <p>In the third essay, using the financial deregulation of seasoned equity issuance in the U.S. as an exogenous shock to access to equity markets, I investigate the influence of financing on the sensitivity of cash and investment to asset tangibility. I show that financing dampens the sensitivity of cash and investment to asset tangibility and promotes investment and firm growth. This provides evidence that public firms even in well-developed financial markets such as the U.S., benefit from financial deregulation that removes barriers to external equity financing, shedding light on the role of financial markets in fostering growth.</p>

Analisis Forensik Pada Aplikasi Peduli Lindungi Terhadap Kebocoran Data Pribadi

PPeduli Lindungi Application is an application coming from the Ministry of Communication and Information Technology Indonesia which has function to tracking and stop spread of Coronavirus Disease (COVID-19). Its application has personal data which includes, registration number, date of birth, full name, address and telephone number. However, Peduli Lindungi Application is one of the factors which are caused of personal data breach. Digital forensics is a scientific field that has functions to find out facts and finding a crime case. It wishes that will get directions whether this application is safety or not. The researchers hope that the people will not be afraid to use Peduli Lindungi Application and also can support the government programs to prevent the spread of Covid-19. The result of forensic analysis with static and dynamic analysis models, it shows that Peduli Lindungi Application is safe to used and it is not as dangerous applications. The results of this analysis show that Peduli Lindungi application has their own permission configurations based on the users. There is no malware in the script or activities and there is no database and data stored in smartphone memory as well as some encrypted program data. Personal data breach is caused by lacking of people knowledge to protect their personal data. Moreover , sometimes people forget to protect their security of their smartphones.