Ransomware attacks are becoming a concern for the whole business, not just IT departments. A ransomware attack infects an organizations systems like other viruses, but unlike other viruses, it encrypts the organizations data and requests a ransom. These attacks can disrupt core services, have a global reach, an extended duration, and be repeated several times. While their ability to destabilise an organization’s operations for a period of time is clear, the longer term effect on the consumer is less understood. Consumers can develop strong habits of using certain organizations and their systems. Their habits develop over time, with their trust increasing in the organization in contact directly, and the institutions supporting it. The consumer now shares a significant amount of personal information with the systems they have a habit of using. These repeated positive experiences create an inertia that is hard for the consumer to break out of. Recent research explores whether the global, extended, and repeated ransomware attacks reduce the trust and inertia sufficiently to change long held habits in using an organization’s systems.
The model developed captures the cumulative effect of this form of attack and evaluates if it is sufficiently harmful to overcome the loyalty and inertia built over time. As you can see in the second figure the model covers the five factors that influence the consumer’s decision to stop using an organization’s system because of a ransomware attack. The factors are in two groups. The first group is the ransomware attack that includes the (1) ransomware attack effect and (2) repetition. The second group is the E-commerce environment status quo which includes (3) inertia, (4) trust (organizational and institutional) and (5) information privacy.
There are three implications. Firstly, by understanding the impact on the consumer better, we can develop a better strategy to reduce the effectiveness of ransomware attacks. Secondly, processes can be created to manage such disasters as they are happening and maintain a positive relationship with the consumer. Lastly, organizations can build up a ‘buffer’ of goodwill and loyalty that would ‘absorb’ the negative impact on the consumer from an attack, and stop them reaching the point where they decide to switch system.
Zarifis A., Cheng X., Jayawickrama U. & Corsi S. (2022) ‘Can Global, Extended and Repeated Ransomware Attacks Overcome the User’s Status Quo Bias and Cause a Switch of System?’, International Journal of Information Systems in the Service Sector (IJISSS), vol.14, iss.1, pp.1-16. Available from (open access): https://doi.org/10.4018/IJISSS.289219
Zarifis A. & Cheng X. (2018) ‘The Impact of Extended Global Ransomware Attacks on Trust: How the Attacker’s Competence and Institutional Trust Influence the Decision to Pay’, Proceedings of the Americas Conference on Information Systems (AMCIS), pp.2-11. Available from: https://aisel.aisnet.org/amcis2018/Security/Presentations/31/
Dr Alex Zarifis research and teaching are on the practical applications of technology in business. His research interests include trust, electronic business, artificial intelligence, blockchain, Insurtech and Fintech. He has worked at several universities including the University of Cambridge, University of Manchester and the University of Mannheim. Dr Alex has worked on large EU and UK funded research projects at the Karlsruhe Institute of Technology, Loughborough University and the University of Cambridge. He also participated in creating the first, government recognised, university degree on blockchain technologies in the world. He obtained his PhD from the University of Manchester.
Blog by Dr Alex Zarifis of University of Nicosia and University of Cambridge