Customers who feel afraid in the wake of a data breach care more about the size and scope of the breach than do angry customers, according to research from Binghamton University, State University of New York.
The findings also extend to the stock market, where a company’s stock price can be influenced by the size of the breach when the news coverage emphasizes fear, rather than anger.
“The emotions of fear and anger will elicit different reactions,” said Subimal Chatterjee, distinguished professor in marketing at Binghamton University’s School of Management. “In the wake of a data breach, we wanted to explore those different reactions and see if people acted to protect themselves or directed feelings toward those responsible.”
Chatterjee partnered with faculty across multiple disciplines within the School of Management. Working with Sumantra Sarkar, assistant professor of management information systems, Cihan Uzmanoglu, assistant professor of finance, and Xiang Gao, a Binghamton University PhD alumnus now at the Paseka School of Business at Minnesota State University, the group conducted three studies to get to their findings.
“So much business is now conducted online, and while that provides many conveniences, it opens up new threats. Data breaches are constantly in the news, and the scope of some of these breaches are huge,” Sarkar said. “When you hear that millions of people may be impacted, how do you react?”
Two of the studies surveyed how consumers reacted to the scope of a data breach. They found that only the customers who felt fear after a breach were sensitive to the size and scope of the breach, while scope didn’t matter to angry consumers.
“Fearful consumers were sensitive to knowing, for example, if the breach only affected 100 customers or 10 million customers, and we found that the larger the scope, the larger the reaction,” said Chatterjee. “Meanwhile, angry consumers didn’t care if it was 10 customers or 10 million customers. Their focus wasn’t on the scope. They were directing their focus and anger on the perpetrator.”
The findings suggest that among consumers who are fearful, the larger the breach the more likely they are to think that they are at risk. And the threat becomes more vivid to them as the scope of the breach increases.
“Consumers may often find themselves imaging the worst-case scenario when these large-scale data breaches happen. Is my information safe? Is my credit card information being used by the hackers? These images will help determine whether they’ll ever make a purchase from that company again,” said Chatterjee.
A third study examined 12,000 news stories about data breaches. Testing for keywords that suggested either a fearful or angry response in the coverage, the researchers then compared the findings to stock prices for affected companies at the time of the coverage.
They found that the stock market reacts similarly to how consumers react: Fear makes the stock market sensitive to the scope of a data breach, while anger makes the stock market insensitive to the scope of a data breach.
“The intuition is that changes in stock prices should reveal the underlying consumer reactions to news of data breaches,” said Uzmanoglu. “Using this approach, we show that data breaches that affect more customers are associated with more negative stock returns, and that this effect primarily comes from data breaches that trigger emotions of fear rather than anger.”
Easing fears in the wake of a data breach should be a priority, the researchers said.
“From day one, you need to let your customers know that you are on top of this and move to ease those fears they may have. You don’t want them picturing that worst-case scenario,” said Chatterjee.
Researchers say this could mean clarifying your company’s disaster recovery plans, training customers on the basics of data security, or offering free services such as credit monitoring or fraud protection services.
The researchers also recommend being extra careful about how you communicate the scope of the data breach, as fearful customers will be very sensitive to the size of breaches.
“If you have 500 million customers that were affected by a breach, but it only represents around 16 percent of your customer base, you may want to focus on that smaller number in your communications to minimize the threat to fearful customers,” Chatterjee said.