Purpose: Data security has become an essential concern for businesses as it directly influences the trust between consumers and businesses. Data breaches and cyberattacks are becoming more frequent, highlighting the need for strong security measures as the consequences of a data breach can be devastating, leading to financial losses, reputational damage and stakeholder distrust. In this sense, our purpose is to analyze data security practices that create value for consumers.
Design/methodology/approach: To explore big data practices, an exploratory descriptive approach was applied. Initially, we use the JUST Capital 2020 database with 922 companies divided into six industries and identified those most recognized by which ones consumers for their perceive data security actions. In a second step, we analyzed annual reports to understand which actions related to the topic the companies adopt.
Findings: We analyzed data from 922 U.S.-listed companies and found that the information technology sector had the highest scores in data security, whereas the manufacturing sector ranked the lowest. Nearly 48% of firms had weak security measures, highlighting widespread vulnerabilities. We found a pattern of companies’ best practices that create more value to consumers regarding data security, such as following regulatory policies, having risk management programs, promoting internal and external audits and inspections, and allocating staff focused on data security.
Originality: The originality of our study lies in the analysis of consumer value perception related to data security variables while validating the use of a new and promising database in stakeholder management research. In addition, our findings emphasize the growing need for stronger data protection, especially in industries where it is not yet a priority.
Research limitations/implications: Our study contributes to the stakeholder management literature on value creation by investigating the consumer value perception regarding data security, exposing both the degree of importance that consumers attach to this issue and the consequences affecting the behavior of companies.
Practical implications: We identified the best data security practices adopted by companies and analyzed patterns influencing managerial decisions, such as concerns over financial sanctions and potential damage to brand reputation in the event of a data breach. In sum, our findings suggest that to meet consumer demands and create value, companies should implement a security strategy with strong authentication, encryption, and risk management.
Acquisti, A., Brandimarte, L., & Loewenstein, G. (2015). Privacy and human behavior in the age of information. Science, 347(6221), 509-514.
Ahmad, H. I. (2020). Doing Better by Doing Good: Discussing the Value Potential of Selected “Just Companies”. International Journal of Financial Research, 11(2), 40-50.
Anthem. (n.d.). Privacy & security standards. Anthem Corporate Responsibility. https://anthemcorporateresponsibility.com
Barocas, S., & Nissenbaum, H. (2014). Big data’s end run around procedural privacy protections. Communications ofthe ACM, 57(11), 31–33. https://doi.org/10.1145/2668897
Barney, J. (2018). Editor’s comments: Positioning a theory paper for publication. Academy of management review, 43(3), 345-348.
Boaventura, J. M. G., Bosse, D. A., Manuela Cunha de Mascena, K., &Sarturi, G. (2020). Value distribution to stakeholders: The influence of stakeholder power and strategic importance in public firms. Long Range Planning, 53(2), 101883. https://doi.org/10.1016/j.lrp.2019.05.003
Boaventura, J. M. G., Cardoso, F. R., da Silva, E. S., & da Silva, R. S. (2009). Teoria dos Stakeholders e Teoria da Firma: Un estudo sobre a hierarquização das funções-objetivo em empresas brasileiras. Revista Brasileira de Gestao de Negocios, 11(32), 289–307. https://doi.org/10.7819/rbgn.v11i32.378
Campos, D., & dos Reis Carreiro, F. (2024). Compliance e gestão de riscos em tempos de inovação e disrupção digital. Revista de Gestão e Secretariado, 15(4), e3743-e3743.
Chaorasiya, V., & SHRIVASTAVA, A. (2015). A survey on big data: techniques and technologies. International Journal of Research and Development in Applied Science and Engineering, 8(1), 1-4.
Donaldson, T., & Preston, L. E. (1995). The Stakeholder Theory of The Corporation: Concepts, Evidence, And Implications and from the specific comments of many people, including Professors Aupperle. Academy of Management Review, 20(1), 65–91. https://doi.org/10.5465/amr.1995.9503271992
Farhad, M. A. (2024). Consumer data protection laws and their impact on business models in the tech industry. Telecommunications Policy, 48(9), 102836. https://doi.org/10.1016/j.telpol.2024.102836
Freeman, R. E. (1984). Strategic management: A stakeholder approach. In Strategic Management: A Stakeholder Approach. https://doi.org/10.1017/CBO9781139192675
Freeman, R. E., Harrison, J. S., Wicks, A. C., Parmar, B. L., & De Colle, S. (2010). Stakeholder theory: The state of the art.
Freeman, R. E. (2011). Managing for Stakeholders. SSRN Electronic Journal, 1–22. https://doi.org/10.2139/ssrn.1186402
Günther, W. A., Mehrizi, M. H. R., Huysman, M., & Feldberg, F. (2017). Debating big data: A literature review on realizing value from big data. The Journal of Strategic Information Systems, 26(3), 191-209. https://doi.org/10.1016/j.jsis.2017.07.003
Harrison, J. S., Bosse, D. A., & Phillips, R. A. (2010). Managing for stakeholders, stakeholder utility functions, and competitive advantage. Strategic management journal, 31(1), 58-74. https://doi.org/10.1002/smj.801
Harrison, J. S., & Wicks, A. C. (2013). Stakeholder Theory, Value, and Firm Performance. Business Ethics Quarterly, 23(1), 97–124. https://doi.org/10.5840/beq20132314
IBM. (2023). IBM Security X-Force Threat Intelligence Index 2023. IBM. https://www.ibm.com/reports/threat-intelligence
International Organization for Standardization & International Electrotechnical Commission. (2013). ISO/IEC 27002:2013 – Information technology – Security techniques – Code of practice for information security controls. ISO. https://www.iso.org
JUST Capital. (2020). Amidst Crisis, What Americans Want From Corporate America. October. Retrieved from: https://accounts.justcapital.com/download?file=8e34607577671197b1205f745d0ab170
JUST Capital. (2020, October). Amidst crisis, what Americans want from corporate America. [Relatório]. JUST Capital. https://accounts.justcapital.com/download?file=8e34607577671197b1205f745d0ab170
JUST Capital. (2023). JUST Capital’s quarterly review of stakeholder performance: Q4 2023. JUST Capital. https://justcapital.com/reports/just-capitals-quarterly-review-of-stakeholder-performance-q4-2023/
JUST Capital. (n.d.). Mission & impact. JUST Capital. https://justcapital.com/mission-impact/
Liu, C., & Babar, M. A. (2024). Corporate cybersecurity risk and data breaches: A systematic review of empirical research. Australian Journal of Management, 03128962241293658.
Lopes, I. M., Guarda, T., & Oliveira, P. (2019). How ISO 27001 Can Help Achieve GDPR Compliance. Iberian Conference on Information Systems and Technologies, CISTI, 2019-June(June), 1–6. https://doi.org/10.23919/CISTI.2019.8760937
Martin, K. D., Borah, A., & Palmatier, R. W. (2017). Data Privacy: Effects on Customer and Firm Performance. Journal of Marketing, 81(1), 36-58. https://doi.org/10.1509/jm.15.0497
Madsen, A. K. (2015). Between technical features and analytic capabilities: Charting a relational affordance space for digital social analytics. Big Data and Society, 2(1), 1–15. https://doi.org/10.1177/2053951714568727
Nikiforova, A. (2022, April). Data security as a top priority in the digital world: preserve data value by being proactive and thinking security first. In The International Research & Innovation Forum (pp. 3-15). Cham: Springer International Publishing.
NSFOCUS, Inc. (2019a). Cybersecurity insights. InTech, 66(2).
NSFOCUS, Inc. (2019b). Vulnerability and threat trends research report 1-day. NSFOCUS.
Orbik, Z., & Zozuľaková, V. (2019). Corporate Social and Digital Responsibility. Management Systems in Production Engineering, 27(2), 79–83. https://doi.org/10.1515/mspe-2019-0013
Parmar, B. L., Freeman, R. E., Harrison, J. S., Wicks, A. C., Purnell, L., & De Colle, S. (2010). Stakeholder theory: The state of the art. The academy of management annals, 4(1), 403-445. https://doi.org/10.1080/19416520.2010.495581
Priem, R. L. (2007). A consumer perspective on value creation. Academy of Management Review, 32(1), 219–235. https://doi.org/10.5465/AMR.2007.23464055
Santos, R. de O. S., Jr., Uchôa, M. T., Olar, A. I., & Boaventura, J. M. G. (2024). Value Distribution to Stakeholders: Insights from U.S. Publicly Traded Companies. Revista Ciências Administrativas, 30, 1-17. DOI: http://doi.org/10.5020/2318-0722.2024.30.e14322
Shankar, N., & Mohammed, Z. (2020). Surviving data breaches: A multiple case study analysis. Journal of Comparative International Management, 23(1), 35-54. https://doi.org/10.7202/1071508ar
Soares, C. S., Sarturi, G., & Boaventura, J. M. G. (2014). Afinal, o que é distribuir valor para os stakeholders? Engema, 17.
Soares de Souza, T., & Tomei, P. A. (2024). CULTURA ORGANIZACIONAL E LEI GERAL DE PROTEÇÃO DE DADOS (LGPD). Revista Pensamento Contemporâneo em Administração, 18(4).
Solove, D. J. (2013). Introduction: Privacy self-management and the consent dilemma. Harvard Law Review, 126(7), 1880–1903.
Someh, I., Davern, M., Breidbach, C. F., & Shanks, G. (2019). Ethical issues in big data analytics: A stakeholder perspective. Communications of the Association for Information Systems, 44(1), 718–747. https://doi.org/10.17705/1CAIS.04434
Surfshark. (2024). Data breach recap 2024. Surfshark. https://surfshark.com/research/study/data-breach-recap-2024
Tankard, C. (2016). What the GDPR means for businesses. Network Security, 2016(6), 5–8. https://doi.org/10.1016/S1353-4858(16)30056-3
Valentinov, V., & Chia, R. (2022). Stakeholder theory: A process-ontological perspective. Business Ethics, the Environment & Responsibility, 31(3), 762–776. https://doi.org/10.1111/beer.12441
This work is licensed under a Creative Commons Attribution 4.0 International License.
Revista Alcance is a Brazilian free access journal, published every four months, linked to the Graduate Program in Administration and the Professional Master’s degree in Administration, Internationalization and Logistics Program of the University of Vale do Itajaí – Univali. We seek to publish theoretical-empirical and technological articles in the areas of Business Administration. Different theoretical and methodological perspectives are welcome, as long as they are consistent with and relevant to the development of the area.
