The purpose of this study was to determine how security statement certainty (overconfident, underconfident and realistic) and behavioral intentions of potential consumers impact the perceptions of companies in the presence or absence of a past security breach.
The study exposed participants to three types of security statements and randomly assigned them to the presence or absence of a previous breach. Participants then evaluated the company and generated a hypothetical password for that company.
This study found that the presence or absence of a previous breach had a large impact on company perceptions, but a minimal impact on behavioral intentions to be personally more secure.
The authors found that the presence or absence of a previous breach had a large impact on company perceptions, but minimal impact on behavioral intentions to be personally more secure.
Companies need to be cautious about how much confidence they convey to consumers. Companies should not rely on consumers engaging in secure online practices, even following a breach.
Companies need to communicate personal security behaviors to consumers in a way that still instills confidence in the company but encourages personal responsibility.
The confidence of company security statements and presence of a previous breach were examined for their impact on company perception and a novel dependent variable of password complexity.
