After hackers stole millions of LinkedIn passwords this month, resulting in a $5 million class-action lawsuit, the social networking site’s response to its customers reportedly left much to be desired. If managers were to look at such data leaks as more than just system failures, could they respond more quickly and effectively?
Arvind Malhotra and Claudia Kubowicz Malhotra, both of Kenan-Flagler Business School, University of North Carolina at Chapel Hill, published “Evaluating Customer Information Breaches as Service Failures: An Event Study Approach” in the February 2011 issue of the Journal of Service Research. To see the latest articles from the journal, click here.
Firms are collecting more information about their customers than ever before in an attempt to understand and better serve customer needs. At the same time, firms are becoming more vulnerable to the compromise of customer information through security breaches. This study attempts to associate breach reports with the decline in market value of firms using an event study. The results show that firms suffer significant market value depreciation over a short as well as a long time window. Further, the greatest devaluation occurs when larger amounts of customer information are compromised at large companies. Due to the greater potential of customer backlash, negative publicity and liability risk, managers must view customer information breaches as service failures rather than as information system failures. Employing established service failure recovery strategies may allow firms to quickly and proactively address customer privacy concerns and thereby mitigate negative market reaction to information breaches.