Purpose Data security breaches are an increasingly common and costly problem for organizations, yet there are critical gaps in our understanding of the role of stakeholder relationship management and crisis communication in relation to data breaches. In fact, though there have been some studies focusing on data breaches, little is known about what might constitute a “typical” response to data breaches whether those responses are effective at maintaining the stakeholders' relationship with the organization, their commitment to use the organization after the crisis, or the reputational threat of the crisis. Further, even less is known about the factors most influencing response and outcome evaluation during data breaches. Design/methodology/approach We identify a “typical” response strategy to data breaches and then evaluate the role of this response in comparison to situation, stakeholder demographics and relationships between stakeholders, the issue and the organization using an experimental design. This experiment focuses on a 2 (type of organization) × 2 (prior knowledge of breach risk) with a control group design. Findings Findings suggest that rather than employing reactive crisis response messaging the role of public relations should focus on proactive relationship building between organizations and key stakeholders. Originality/value For the last several decades much of the field of crisis communication has assumed that in the context of a crisis the response strategy itself would materially help the organization. These data suggest that the field crisis communication may have been making the wrong assumption. In fact, these data suggest that reactive crisis response has little-to-no effect once we consider the relationships between organizations, the issue and stakeholders. The findings show that an ongoing program of crisis capacity building is to an organization's strategic advantage when data security breaches occur.
ORCID: 
CORE (COnnecting REpositories)
CORE (COnnecting REpositories)