Crisis communication in organizational data breach situations: Facebook data breach 2018

Thumbnail Image
Journal Title
Journal ISSN
Volume Title
School of Business | Bachelor's thesis
Degree programme
(Mikkeli) Bachelor’s Program in International Business
64 + 7
Objectives The main objective of this study was to explore how effective crisis communication can help an organization facing a data breach to minimize the organizational damage caused by the data breach crisis. In an optimal situation, this research explains why certain crisis response guidelines and communication characteristics are useful in data breaches and how they affect the relationship between the organization and the crisis stakeholders. In addition to this, this research should be helpful for all organizations facing a data breach in the future, as it shows from the perspective of a giant global social network company, which forms of crisis communication are useful and which are not. Summary This research studies the existing literature on traditional organizational crises and on crisis management and crisis communication and compares the information to modern data breach crises. To use the information from the literature effectively, information from the literature review will be compared to a big data company Facebook’s recent data breach in September 2018, affecting initially over 50 million people. The research aim is to find out, how crisis communication is the most effective when an organization is facing a data breach. This bachelor’s thesis is a qualitative study and it uses a combination of common effective crisis communication characteristics and a traditional crisis communication theory, SCCT by Timothy Coombs, as guidelines for a recent major data breach case. Conclusions The common characteristics of effective crisis communication are still expected from a company facing a data breach by the media and the crisis stakeholders, especially when individuals’ personal data is affected. However, a common crisis communication theory SCCT is proven to be mostly incompatible with modern data breach crisis, which means that there is a need for a guiding theory for data breach crisis communication including the characteristics required by the crisis stakeholders and the media. In addition to this, this research concludes that regardless of effective or ineffective crisis communication, the company’s prior crisis history and reputation have a significant effect on how crisis communication is responded to.
Thesis advisor
Charles, Mirja-Liisa
organizational crisis, crisis management, crisis communication, data breach, Situational Crisis Communication theory (SCCT)
Other note