Responding to Cyberattacks: The Persuasiveness of Claiming Victimhood

IF 9.8 2区管理学 Q1 BUSINESS Journal of Service Research Pub Date : 2024-09-07 DOI:10.1177/10946705241271337

Paolo Antonetti, Ilaria Baghi

{"title":"Responding to Cyberattacks: The Persuasiveness of Claiming Victimhood","authors":"Paolo Antonetti, Ilaria Baghi","doi":"10.1177/10946705241271337","DOIUrl":null,"url":null,"abstract":"Evidence shows that, in the aftermath of cyberattacks, organizations usually accept responsibility for having failed to protect stakeholders’ data more effectively. While this strategy is reasonable in many circumstances, research suggests that it would be unsuitable in situations where the data breach is caused exclusively by criminal actors, what scholars refer to as a “victim crisis.” We argue that, in this type of situations, organizations can apologize while claiming victimhood. We present a model of moderated mediation explaining the persuasiveness of this strategy as a response to cyberattacks. In five experiments, we show that an apology claiming victimhood outperforms an apology accepting or rejecting responsibility. However, claiming victimhood is effective only when evidence of harm is provided and when the organization cannot be construed as being partly responsible for the attack. Furthermore, claiming victimhood is more effective if the focal organization is perceived as virtuous and the cybercriminal as very competent. The study contributes to the literature on service failure and recovery by offering the first account of how claims of victimhood can be deployed effectively. Furthermore, the study raises important managerial implications by proposing a novel communication strategy that can be deployed in the aftermath of cyberattacks.","PeriodicalId":48358,"journal":{"name":"Journal of Service Research","volume":"22 1","pages":""},"PeriodicalIF":9.8000,"publicationDate":"2024-09-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Service Research","FirstCategoryId":"91","ListUrlMain":"https://doi.org/10.1177/10946705241271337","RegionNum":2,"RegionCategory":"管理学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"BUSINESS","Score":null,"Total":0}

引用次数: 0

Abstract

Evidence shows that, in the aftermath of cyberattacks, organizations usually accept responsibility for having failed to protect stakeholders’ data more effectively. While this strategy is reasonable in many circumstances, research suggests that it would be unsuitable in situations where the data breach is caused exclusively by criminal actors, what scholars refer to as a “victim crisis.” We argue that, in this type of situations, organizations can apologize while claiming victimhood. We present a model of moderated mediation explaining the persuasiveness of this strategy as a response to cyberattacks. In five experiments, we show that an apology claiming victimhood outperforms an apology accepting or rejecting responsibility. However, claiming victimhood is effective only when evidence of harm is provided and when the organization cannot be construed as being partly responsible for the attack. Furthermore, claiming victimhood is more effective if the focal organization is perceived as virtuous and the cybercriminal as very competent. The study contributes to the literature on service failure and recovery by offering the first account of how claims of victimhood can be deployed effectively. Furthermore, the study raises important managerial implications by proposing a novel communication strategy that can be deployed in the aftermath of cyberattacks.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

应对网络攻击：自称受害者的说服力

有证据表明，在网络攻击发生后，组织通常会为未能更有效地保护利益相关者的数据而承担责任。虽然这种策略在很多情况下都是合理的，但研究表明，如果数据泄露完全是由犯罪分子造成的，也就是学者们所说的 "受害者危机"，那么这种策略就不合适了。我们认为，在这种情况下，组织可以在道歉的同时声称自己是受害者。我们提出了一个调节中介模型来解释这种策略作为网络攻击对策的说服力。在五个实验中，我们发现声称自己是受害者的道歉比接受或拒绝承担责任的道歉更有效。然而，只有在提供了伤害证据，且组织不能被视为对攻击负有部分责任时，声称自己是受害者才会有效。此外，如果焦点组织被认为是良善的，而网络犯罪分子非常能干，那么声称自己是受害者会更有效。本研究首次阐述了如何有效利用受害者身份声明，从而为有关服务故障和恢复的文献做出了贡献。此外，本研究还提出了一种可在网络攻击发生后部署的新型沟通策略，从而对管理产生了重要影响。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

Journal of Service Research BUSINESS-

CiteScore

20.30

自引率

6.50%

发文量

期刊介绍： The Journal of Service Research (JSR) is recognized as the foremost service research journal globally. It is an indispensable resource for staying updated on the latest advancements in service research. With its accessible and applicable approach, JSR equips readers with the essential knowledge and strategies needed to navigate an increasingly service-oriented economy. Brimming with contributions from esteemed service professionals and scholars, JSR presents a wealth of articles that offer invaluable insights from academia and industry alike.