Abstract:

The research explored the effects and the impact of business data breaches on brand reputation and employee integrity, using the 2019 Desjardins Group Canada breach as a case study. The breach in question compromised personally identifiable information of over 9.7 million customers and Desjardins members, revealing vulnerability in data security, governance, and organizational culture. In addition to financial losses, the incident eroded client trust and loyalty, created an internal crisis and uncertainty within the organization. The research examines the effects of the breach on stakeholder confidence, business resilience, and employee morale using a mixed research approach which includes interviews, surveys, and secondary data analysis. The research reveals a significant decline in public trust, financial impacts, and brand damage. Employees faced increased stress levels, low morale, and declining confidence in leadership, which highlighted the human toll of cybersecurity failures. The research explores how perceived risks and threats, protective measures, and trust dynamics can influence stakeholder responses. It emphasizes the necessity of a clear crisis management process, transparency, and robust cybersecurity frameworks to mitigate the adverse effects of data breaches. Organizations that acted swiftly and communicated transparently could restore stakeholder trust and confidence. To enhance information security, businesses should invest in governance, employee training, and cultivate a security-focused culture. Additionally, policymakers should advocate for stringent data protection laws and regulations, mandatory breach disclosures, and cross-sector collaboration to strengthen cybersecurity resilience. This research offers valuable insights for businesses, regulators, and scholars confronting cybersecurity risks and threats in an increasingly digital landscape.

References:

[1].   Alazab, M., Broadhurst, R., Bou-Harb, E., & Hutchings, A., 2015, Cybercrime: Risks and Responses. International Journal of Cyber Criminology, 9(2), 143-159.

[2].   Arcuri, A., 2015, The Impact of Data Breaches on Customer Trust: A Comparative Analysis. Journal of Business Ethics, 127(3), 491-504.

[3].   Barney, J., 1991, Firm Resources and Sustained Competitive Advantage. Journal of Management, 17(1), 99-120.

[4].   N. Kshetri, Recent US cybersecurity policy initiatives: challenges and implications, Computer, 48 2015

[5].   D. Massa, R., Valverde, A fraud detection system based on anomaly intrusion detection for E-commerce applications, Comput Inf Sci, 7 2024.

[6].   Braun, V., & Clarke, V., 2006, Using Thematic Analysis in Psychology. Qualitative Research in Psychology, 3(2), 77-101.

[7].   Cavusoglu, H., Mishra, B., & Raghunathan, S., 2004, The Effect of Internet Security Breach Announcements on Market Value: Capital Market Reactions for Breached Firms and Internet Security Developers. International Journal of Electronic Commerce, 9(1), 69-104.

[8].   Gatzlaff, K. M., & McCullough, K. A., 2010, The Effect of Data Breaches on Shareholder Wealth. Risk Management and Insurance Review, 13(1), 61-83.

[9].   Gordon, L. A., Loeb, M. P., & Zhou, L., 2010, The Impact of Information Security Breaches: Has There Been a Downward Shift in Costs? Journal of Computer Security, 19(1), 33-56.

[10].  Herath, T., & Rao, H. R., 2009, Encouraging Information Security Behaviors in Organizations: Role of Penalties, Pressures, and Perceived Effectiveness. Decision Support Systems, 47(2), 154-165.

[11].  ISO/IEC. 2013. ISO/IEC 27001: Information Security Management. International Organization for Standardization.

[12].  Lwin, M. O., Wirtz, J., & Williams, J. D., 2017, Consumer Online Privacy Concerns and Responses: A Power-Responsibility Equilibrium Perspective. Journal of the Academy of Marketing Science, 35(4), 572-585.

[13].  Mayer, R. C., Davis, J. H., & Schoorman, F. D., 1995, An Integrative Model of Organizational Trust. Academy of Management Review, 20(3), 709-734.

[14].  Mitropoulos, S., Patsakis, C., & Douligeris, C., 2006, Incident Response Planning: The Critical Role of Crisis Communication. Journal of Information Security, 7(2), 137-147.

[15].  NIST. 2018, Framework for Improving Critical Infrastructure Cybersecurity. National Institute of Standards and Technology.

[16].  Ponemon Institute. 2019, Cost of a Data Breach Report 2019. IBM Security.

[17].  Ponemon Institute. 2020, 2020 Data Breach Investigations Report. Verizon.

[18].  Rogers, R. W., 1975, A Protection Motivation Theory of Fear Appeals and Attitude Change. Journal of Psychology, 91(1), 93-114.

[19].  Romanosky, S., 2016, Examining the Costs and Causes of Cyber Incidents. Journal of Cybersecurity, 2(2), 121-135.

[20].  Samarati, P., & De Capitani di Vimercati, S., 2001, Access Control: Policies, Models, and Mechanisms. Foundations of Security Analysis and Design, 2171, 137-196.

[21].  M. Loganathan, E. Kirubakaran, A study on Cyber Crimes and protection, Int J Comput Sci Issue, 18 2021 7-35.

[22].  Stallings, W., 2013, Network Security Essentials: Applications and Standards. Pearson Education.

[23].  Von Solms, B., & Von Solms, R., 2004, The 10 Deadly Sins of Information Security Management. Computers & Security, 23(5), 371-376.

[24].  Whitener, E. M., Brodt, S. E., Korsgaard, M. A., & Werner, J. M., 1998, Managers as Initiators of Trust: An Exchange Relationship Framework for Understanding Managerial Trustworthy Behavior. Academy of Management Review, 23(3), 513-530.

[25].  Yin, R. K., 2014, Case Study Research: Design and Methods. Sage Publications.

[26].  Elhoseny, M., Darwiesh, A., El-Baz, A. H., Rodrigues, J. J., Enhancing cryptocurrency security using AI risk management model. IEEE Consum Electron Mag. 2023;13(1):48–53. doi: 10.1109/MCE.2023.3238848.

[27].  Osamy, W., Khedr, A. M., Salim, A., AlAli, A. I., El-Sawy, A. A., Recent studies utilizing artificial intelligence techniques for solving data collection, aggregation and dissemination challenges in wireless sensor networks: A review. Electronics. 2022;11(3):313. doi: 10. 3390/electronics11030313.

[28].  Amaldi, E., Capone, A., Cesana, M., Filippini, I., Malucelli, F., Optimization models and methods for planning wireless mesh networks. Comput Networks. 2008;52(11):2159–71. doi: 10.1016/j.comnet.2008.02.020.

[29].  Bentotahewa, V., Hewage, C., Williams, J., Solutions to Big Data privacy and security challenges associated with COVID-19 surveillance systems. Front Big Data. 2021; 4:645204. doi: 10.3389/fdata.2021.645204

[30].  Nawaf, L., Optimizing IoT security by implementing Artificial Intelligence – Infosecurity Magazine; June 2022, [online]. https://www.

[31].  Bago, P., Cyber security and artificial intelligence. Economy Finance. 2023;10(2):189–212. doi: 10.33908/ef.2023.2.5.

[32].  Office of the Privacy Commissioner of Canada. 2020, Commissioner’s findings: Investigation into Desjardins’ handling of a data breach. Office of the Privacy Commissioner of Canada. https://www.priv.gc.ca/en/opc-actions-and-decisions/investigations/investigations-into-businesses/2020/pipeda-2020-005/

[33].  Office of the Privacy Commissioner of Canada. 2020, December 14. Statement from the Privacy Commissioner of Canada on the government’s response to the Desjardins investigation. Office of the Privacy Commissioner of Canada. https://www.priv.gc.ca/en/opc-news/speeches-and-statements/2020/s-d_20201214/

[34].  Office of the Privacy Commissioner of Canada. 2020, December 14. The government response to Desjardin's investigation is a step forward, but stronger privacy laws are still needed. Office of the Privacy Commissioner of Canada. https://www.priv.gc.ca/en/opc-news/news-and-announcements/2020/nr-c_20121