Reaction of users as potential victims of information security breach

Purpose The purpose of this study is to examine whether users’ perceived moral affect explains the effect of perceived intensity of emotional distress on responsibility judgment of a perpetrator and company, respectively, in an ill and good intention breach. Design/methodology/approach Participants completed a questionnaire containing items measuring their perceived intensity of emotional distress, perceived moral affect and responsibility judgment of a perpetrator and company, respectively. Findings The results support the mediating hypothesis on responsibility judgment of a perpetrator regardless of intention. The mediating hypothesis is also supported in an ill intention breach in responsibility judgment of a company. However, the mediating effect is not observed in a good intention breach when users assess a company’s responsibility. Originality/value The findings support the notion that users use the consequentialism approach when assessing a perpetrator’s responsibility because they focus on the victims’ emotional distress and discount a perpetrator’s intent, resulting in similar mediating effect of perceived moral affect in an ill and good intention breach. The results also indicate that perceived moral affect increases the negative effect of perceived intensity of emotional distress on responsibility judgment of a company, suggesting that users may exhibit empathetic feelings toward a company and perceive it as a victim of an ill intention breach. The lack of mediating effect in responsibility judgment of a company in a good intention breach may be attributed to the diminished effect of a perpetrator’s feelings of regret, sorrow, guilt and shame for causing emotional distress to the victims.