{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,22]],"date-time":"2026-01-22T10:11:22Z","timestamp":1769076682961,"version":"3.49.0"},"reference-count":138,"publisher":"Emerald","issue":"4","license":[{"start":{"date-parts":[[2023,5,26]],"date-time":"2023-05-26T00:00:00Z","timestamp":1685059200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.emerald.com\/insight\/site-policies"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["ITP"],"published-print":{"date-parts":[[2024,5,6]]},"abstract":"<jats:sec><jats:title content-type=\"abstract-subheading\">Purpose<\/jats:title><jats:p>Cyber-attacks that generate technical disruptions in organisational operations and damage the reputation of organisations have become all too common in the contemporary organisation. This paper explores the reputation repair strategies undertaken by organisations in the event of becoming victims of cyber-attacks.<\/jats:p><\/jats:sec><jats:sec><jats:title content-type=\"abstract-subheading\">Design\/methodology\/approach<\/jats:title><jats:p>For developing the authors\u2019 contribution in the context of the Internet service providers' industry, the authors draw on a qualitative case study of TalkTalk, a British telecommunications company providing business to business (B2B) and business to customer (B2C) Internet services, which was a victim of a \u201csignificant and sustained\u201d cyber-attack in October 2015. Data for the enquiry is sourced from publicly available archival documents such as newspaper articles, press releases, podcasts and parliamentary hearings on the TalkTalk cyber-attack.<\/jats:p><\/jats:sec><jats:sec><jats:title content-type=\"abstract-subheading\">Findings<\/jats:title><jats:p>The findings suggest a dynamic interplay of technical and rhetorical responses in dealing with cyber-attacks. This plays out in the form of marshalling communication and mortification techniques, bolstering image and riding on leader reputation, which serially combine to strategically orchestrate reputational repair and stigma erasure in the event of a cyber-attack.<\/jats:p><\/jats:sec><jats:sec><jats:title content-type=\"abstract-subheading\">Originality\/value<\/jats:title><jats:p>Analysing a prototypical case of an organisation in dire straits following a cyber-attack, the paper provides a systematic characterisation of the setting-in-motion of strategic responses to manage, revamp and ameliorate damaged reputation during cyber-attacks, which tend to negatively shape the evaluative perceptions of the organisation's salient audience.<\/jats:p><\/jats:sec>","DOI":"10.1108\/itp-08-2022-0589","type":"journal-article","created":{"date-parts":[[2023,5,25]],"date-time":"2023-05-25T10:49:38Z","timestamp":1685011778000},"page":"1642-1673","source":"Crossref","is-referenced-by-count":10,"title":["How TalkTalk did the walk-walk: strategic reputational repair in\u00a0a\u00a0cyber-attack"],"prefix":"10.1108","volume":"37","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-2575-6723","authenticated-orcid":false,"given":"Derrick","family":"Boakye","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1533-4332","authenticated-orcid":false,"given":"David","family":"Sarpong","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4573-0376","authenticated-orcid":false,"given":"Dirk","family":"Meissner","sequence":"additional","affiliation":[]},{"given":"George","family":"Ofosu","sequence":"additional","affiliation":[]}],"member":"140","published-online":{"date-parts":[[2023,5,26]]},"reference":[{"issue":"1","key":"key2024050504480576300_ref001","doi-asserted-by":"publisher","first-page":"6","DOI":"10.1093\/cybsec\/tyy006","article-title":"A taxonomy of cyber-harms: defining the impacts of cyber-attacks and understanding how they propagate","volume":"4","year":"2018","journal-title":"Journal of Cybersecurity"},{"key":"key2024050504480576300_ref002","unstructured":"Ahmed, M. and Thomas, D. (2015), \u201cTalkTalk cyber-attack: what we know about the hack\u201d, available at: https:\/\/www.ft.com\/content\/9bfb4e72-7965-11e5-a95a-27d368e1ddf7 (accessed 1 May 2018)."},{"key":"key2024050504480576300_ref003","doi-asserted-by":"publisher","first-page":"144","DOI":"10.1016\/j.cose.2018.01.001","article-title":"Ransomware threat success factors, taxonomy, and countermeasures: a survey and research directions","volume":"74","year":"2018","journal-title":"Computers & Security"},{"issue":"8","key":"key2024050504480576300_ref004","doi-asserted-by":"publisher","first-page":"1606","DOI":"10.1111\/risa.12864","article-title":"Security events and vulnerability data for cybersecurity risk estimation","volume":"37","year":"2017","journal-title":"Risk Analysis"},{"key":"key2024050504480576300_ref005","doi-asserted-by":"publisher","DOI":"10.1016\/j.dss.2021.113580","article-title":"A dynamic simulation approach to support the evaluation of cyber risks and security investments in SMEs","volume":"147","year":"2021","journal-title":"Decision Support Systems"},{"issue":"8","key":"key2024050504480576300_ref006","doi-asserted-by":"publisher","first-page":"1904","DOI":"10.1002\/asi.23503","article-title":"Using the wayback machine to mine websites in the social sciences: a methodological resource","volume":"67","year":"2016","journal-title":"Journal of the Association for Information Science and Technology"},{"issue":"3","key":"key2024050504480576300_ref007","doi-asserted-by":"publisher","first-page":"413","DOI":"10.5465\/amr.1999.2202129","article-title":"\u2018How can you do it?\u2019: dirty work and the challenge of constructing a positive identity","volume":"24","year":"1999","journal-title":"Academy of Management Review"},{"issue":"7","key":"key2024050504480576300_ref008","doi-asserted-by":"publisher","first-page":"1721","DOI":"10.1111\/joms.12712","article-title":"First impressions stick: market entry strategies and category priming in the digital domain","volume":"58","year":"2021","journal-title":"Journal of Management Studies"},{"key":"key2024050504480576300_ref009","unstructured":"BBC (2015a), \u201cTalkTalk cyber-attack: website hit by \u2018significant\u2019 breach\u201d, available at: http:\/\/www.bbc.co.uk\/news\/uk-34611857 (accessed 17 April 2022)."},{"key":"key2024050504480576300_ref010","unstructured":"BBC (2015b), \u201cTalkTalk cyber-attack: boss \u2018receives ransom email\u2019\u201d, available at: http:\/\/www.bbc.co.uk\/news\/uk-34615226 (accessed 20 April 2022)."},{"key":"key2024050504480576300_ref011","unstructured":"BBC (2015c), \u201cTalkTalk cyber-attack: your views\u201d, available at: https:\/\/www.bbc.co.uk\/news\/uk-34615260 (accessed 11 May 2022)."},{"key":"key2024050504480576300_ref012","unstructured":"BBC (2015d), \u201cTalkTalk hack to cost up to \u00a335m\u201d, available at: https:\/\/www.bbc.co.uk\/news\/uk-34784980 (accessed 12 May 2022)."},{"key":"key2024050504480576300_ref013","unstructured":"BBC (2016a), \u201cTalkTalk fined \u00a3400,000 for theft of customer details\u201d, available at: http:\/\/www.bbc.co.uk\/news\/business-37565367 (accessed 27 April 2022)."},{"key":"key2024050504480576300_ref014","unstructured":"BBC (2016b), \u201cBoy, 17, admits TalkTalk hacking offences\u201d, available at: https:\/\/www.bbc.co.uk\/news\/uk-37990246 (accessed 1 June 2022)."},{"issue":"1","key":"key2024050504480576300_ref015","doi-asserted-by":"publisher","first-page":"3","DOI":"10.1287\/orsc.1050.0149","article-title":"Gaffers, gofers, and grips: role-based coordination in temporary organizations","volume":"17","year":"2006","journal-title":"Organization Science"},{"issue":"2","key":"key2024050504480576300_ref016","doi-asserted-by":"publisher","first-page":"177","DOI":"10.1016\/S0363-8111(97)90023-0","article-title":"Image repair discourse and crisis communication","volume":"23","year":"1997","journal-title":"Public Relations Review"},{"issue":"4","key":"key2024050504480576300_ref017","doi-asserted-by":"publisher","first-page":"654","DOI":"10.1111\/emre.12511","article-title":"The Airbus bribery scandal: a collective myopia perspective","volume":"19","year":"2022","journal-title":"European Management Review"},{"key":"key2024050504480576300_ref018","doi-asserted-by":"publisher","DOI":"10.1016\/j.techfore.2021.121419","article-title":"Regulatory review of new product innovation: conceptual clarity and future research directions","volume":"175","year":"2022","journal-title":"Technological Forecasting and Social Change"},{"key":"key2024050504480576300_ref019","first-page":"1661","article-title":"Crises and crisis management: integration, interpretation, and research development","volume":"43","year":"2017","journal-title":"Journal of Management"},{"issue":"1","key":"key2024050504480576300_ref020","doi-asserted-by":"publisher","first-page":"13","DOI":"10.1057\/palgrave.crr.1540236","article-title":"Perceived organizational reputation and organizational performance: an empirical investigation of industrial enterprises","volume":"8","year":"2005","journal-title":"Corporate Reputation Review"},{"key":"key2024050504480576300_ref021","unstructured":"Cellan-Jones, R. (2015), \u201cQuestions for TalkTalk\u201d, available at: https:\/\/www.bbc.co.uk\/news\/technology-34636308 (accessed 1 May 2022)."},{"issue":"1","key":"key2024050504480576300_ref022","doi-asserted-by":"crossref","first-page":"171","DOI":"10.1108\/ITP-11-2017-0390","article-title":"The role of cognitive biases in anticipating and responding to cyberattacks","volume":"32","year":"2019","journal-title":"Information Technology & People"},{"issue":"6","key":"key2024050504480576300_ref023","doi-asserted-by":"publisher","first-page":"13","DOI":"10.1109\/MNET.2002.1081761","article-title":"Internet infrastructure security: a taxonomy","volume":"16","year":"2002","journal-title":"IEEE Network"},{"issue":"3","key":"key2024050504480576300_ref024","doi-asserted-by":"publisher","first-page":"177","DOI":"10.1207\/s1532754xjprr1003_02","article-title":"An analytic framework for crisis situations: better responses from a better understanding of the situation","volume":"10","year":"1998","journal-title":"Journal of Public Relations Research"},{"issue":"3","key":"key2024050504480576300_ref025","doi-asserted-by":"publisher","first-page":"163","DOI":"10.1057\/palgrave.crr.1550049","article-title":"Protecting organization reputations during a crisis: the development and application of situational crisis communication theory","volume":"10","year":"2007","journal-title":"Corporate Reputation Review"},{"issue":"2","key":"key2024050504480576300_ref026","doi-asserted-by":"publisher","first-page":"163","DOI":"10.1207\/S1532754XJPRR1202_2","article-title":"An empirical analysis of image restoration: texaco's racism crisis","volume":"12","year":"2000","journal-title":"Journal of Public Relations Research"},{"issue":"5","key":"key2024050504480576300_ref027","doi-asserted-by":"publisher","first-page":"699","DOI":"10.1111\/joms.12073","article-title":"The contraction of meaning: the combined effect of communication, emotions, and materiality on sensemaking in the Stockwell shooting","volume":"51","year":"2014","journal-title":"Journal of Management Studies"},{"issue":"2","key":"key2024050504480576300_ref028","doi-asserted-by":"publisher","first-page":"497","DOI":"10.1111\/j.1539-6924.2008.01030.x","article-title":"What's wrong with risk matrices?","volume":"28","year":"2008","journal-title":"Risk Analysis"},{"key":"key2024050504480576300_ref029","unstructured":"Cynet (2022), \u201cIncident response plan\u201d, available at: https:\/\/www.cynet.com\/incident-response\/#:\u223c:text=An%20incident%20response%20plan%20is,pressure%20of%20an%20actual%20cyberattack (accessed 20 December 2022)."},{"key":"key2024050504480576300_ref030","unstructured":"Deloitte (2020), \u201cGlobal cyber executive briefing\u201d, available at: https:\/\/www2.deloitte.com\/global\/en\/pages\/risk\/cyber-strategic-risk\/articles\/High- Technology-Sector.html (accessed 12 June 2022)."},{"key":"key2024050504480576300_ref031","doi-asserted-by":"publisher","first-page":"263","DOI":"10.5465\/amj.2011.60263082","article-title":"Mass media and massive failures: determining organizational efforts to defend field legitimacy following crises","volume":"54 No. 2","year":"2011","journal-title":"Academy of Management Journal"},{"issue":"8","key":"key2024050504480576300_ref032","doi-asserted-by":"publisher","first-page":"1003","DOI":"10.1287\/mnsc.49.8.1003.16399","article-title":"You are known by the directors you keep: reputable directors as a\u00a0signaling mechanism for young firms","volume":"49","year":"2003","journal-title":"Management Science"},{"issue":"1","key":"key2024050504480576300_ref033","doi-asserted-by":"publisher","first-page":"154","DOI":"10.1287\/orsc.1080.0367","article-title":"A general theory of organizational stigma","volume":"20","year":"2009","journal-title":"Organization Science"},{"key":"key2024050504480576300_ref034","unstructured":"Doward, J., Tims, A. and Boffey, D. (2015), \u201cTalkTalk cyber-attack sparks calls for new regulatory powers\u201d, available at: https:\/\/www.theguardian.com\/business\/2015\/oct\/24\/talktalk-cyber-attack-new-powers-regulators-hacking (accessed 01 April 2023)."},{"issue":"8","key":"key2024050504480576300_ref035","doi-asserted-by":"publisher","first-page":"1205","DOI":"10.1002\/smj.2280","article-title":"Asset divestment as a response to media attacks in stigmatized industries","volume":"36","year":"2015","journal-title":"Strategic Management Journal"},{"issue":"2","key":"key2024050504480576300_ref036","doi-asserted-by":"publisher","first-page":"239","DOI":"10.2307\/2393235","article-title":"Organizational images and member identification","volume":"39","year":"1994","journal-title":"Administrative Science Quarterly"},{"issue":"8","key":"key2024050504480576300_ref037","doi-asserted-by":"publisher","first-page":"942","DOI":"10.1016\/j.futures.2005.12.015","article-title":"Fear of foresight: knowledge and ignorance in organizational foresight","volume":"38","year":"2006","journal-title":"Futures"},{"issue":"5","key":"key2024050504480576300_ref038","doi-asserted-by":"publisher","first-page":"1318","DOI":"10.1108\/ITP-05-2018-0252","article-title":"Cybersecurity economics\u2013balancing operational security spending","volume":"32","year":"2019","journal-title":"Information Technology & People"},{"issue":"4","key":"key2024050504480576300_ref039","doi-asserted-by":"publisher","first-page":"699","DOI":"10.5465\/256313","article-title":"Acquiring organizational legitimacy through illegitimate actions: z marriage of institutional and impression management theories","volume":"35","year":"1992","journal-title":"Academy of Management Journal"},{"key":"key2024050504480576300_ref040","unstructured":"Farrell, S. (2015), \u201cNearly 157,000 had data breached in TalkTalk cyber-attack\u201d, available at: https:\/\/www.theguardian.com\/business\/2015\/nov\/06\/nearly-157000-had-data-breached-in- talktalk-cyber-attack (accessed 27 April 2022)."},{"key":"key2024050504480576300_ref041","unstructured":"Farrell, S. (2016), \u201cTalkTalk counts costs of cyber-attack\u201d, available at: https:\/\/www.theguardian.com\/business\/2016\/feb\/02\/talktalk-cyberattack-costs-customers-leave (accessed 1 May 2018)."},{"issue":"4","key":"key2024050504480576300_ref042","doi-asserted-by":"publisher","first-page":"241","DOI":"10.1057\/bm.2000.10","article-title":"The Reputation Quotient SM: a multi-stakeholder measure of corporate reputation","volume":"7","year":"2000","journal-title":"Journal of Brand Management"},{"key":"key2024050504480576300_ref043","unstructured":"Gayle, D. (2015), \u201cTalkTalk cyber-attack not as bad as first thought, company says\u201d, available at: https:\/\/www.theguardian.com\/business\/2015\/oct\/24\/talktalk-attack-government-urged-to-do- more-on-cybercrime (accessed 1 May 2022)."},{"issue":"13","key":"key2024050504480576300_ref044","doi-asserted-by":"crossref","first-page":"1465","DOI":"10.1002\/smj.722","article-title":"What passes as a rigorous case study?","volume":"29","year":"2008","journal-title":"Strategic Management Journal"},{"issue":"4","key":"key2024050504480576300_ref045","doi-asserted-by":"publisher","first-page":"63","DOI":"10.5465\/amr.2000.2791603","article-title":"Organizational identity, image, and adaptive instability","volume":"25","year":"2000","journal-title":"Academy of Management Review"},{"key":"key2024050504480576300_ref046","doi-asserted-by":"publisher","first-page":"129","DOI":"10.1016\/j.riob.2014.01.001","article-title":"Image is everything: reflections on the dominance of image in modern organizational life","volume":"34","year":"2014","journal-title":"Research in Organizational Behavior"},{"key":"key2024050504480576300_ref047","volume-title":"Stigma: Notes on the Management of Spoiled Identity","year":"1963"},{"issue":"2","key":"key2024050504480576300_ref048","doi-asserted-by":"publisher","first-page":"92","DOI":"10.1108\/09593840910962186","article-title":"Developing expertise for network intrusion detection","volume":"22","year":"2009","journal-title":"Information Technology & People"},{"issue":"1","key":"key2024050504480576300_ref049","doi-asserted-by":"publisher","first-page":"tyaa005","DOI":"10.1093\/cybsec\/tyaa005","article-title":"Integrating cost\u2013benefit analysis into the NIST cybersecurity framework via the Gordon\u2013Loeb Model","volume":"6","year":"2020","journal-title":"Journal of Cybersecurity"},{"issue":"2","key":"key2024050504480576300_ref050","doi-asserted-by":"publisher","first-page":"318","DOI":"10.1287\/isre.2020.0986","article-title":"The impact of executives' IT expertise on reported data security breaches","volume":"32","year":"2021","journal-title":"Information Systems Research"},{"issue":"6","key":"key2024050504480576300_ref051","doi-asserted-by":"publisher","first-page":"2175","DOI":"10.5465\/amj.2015.0365","article-title":"How organizations move from stigma to legitimacy: the case of Cook's travel agency in Victorian Britain","volume":"60","year":"2017","journal-title":"Academy of Management Journal"},{"issue":"1","key":"key2024050504480576300_ref052","doi-asserted-by":"publisher","first-page":"11","DOI":"10.1177\/1056492618790897","article-title":"Introducing a spectrum of moral evaluation: integrating organizational stigmatization and moral legitimacy","volume":"28","year":"2019","journal-title":"Journal of Management Inquiry"},{"key":"key2024050504480576300_ref053","unstructured":"Harding, D. (2016), \u201cBristol distinguished address series\u201d, available at: https:\/\/soundcloud.com\/uwebristol\/baroness-dido-harding (accessed 30 May 2018)."},{"issue":"5","key":"key2024050504480576300_ref054","doi-asserted-by":"publisher","first-page":"1453","DOI":"10.5465\/amj.2012.0088","article-title":"Eliciting acceptance for \u2018illicit\u2019 organizations: the positive implications of stigma for MMA organizations","volume":"57","year":"2014","journal-title":"Academy of Management Journal"},{"key":"key2024050504480576300_ref055","unstructured":"Hern, A. (2015), \u201cTalkTalk hit with record \u00a3400k fine over cyber-attack\u201d, available at: https:\/\/www.theguardian.com\/business\/2016\/oct\/05\/talktalk-hit-with-record-400k-fine- over- cyber-attack (accessed 27 May 2022)."},{"issue":"3","key":"key2024050504480576300_ref056","doi-asserted-by":"publisher","first-page":"79","DOI":"10.2308\/isys-51402","article-title":"The relationship between board-level technology committees and reported security breaches","volume":"30","year":"2016","journal-title":"Journal of Information Systems"},{"issue":"1","key":"key2024050504480576300_ref057","doi-asserted-by":"publisher","first-page":"252","DOI":"10.5465\/amr.2008.27752775","article-title":"Against all odds: a consideration of core-stigmatized organizations","volume":"33","year":"2008","journal-title":"Academy of Management Review"},{"issue":"1","key":"key2024050504480576300_ref058","doi-asserted-by":"publisher","first-page":"134","DOI":"10.1287\/orsc.1080.0368","article-title":"Not with a ten-foot pole: core stigma, stigma transfer, and improbable persistence of men's bathhouses","volume":"20","year":"2009","journal-title":"Organization Science"},{"key":"key2024050504480576300_ref059","unstructured":"Information Commissioner\u2019s Office (2016), \u201cTalkTalk cyber attack \u2013 how the ICO's investigation unfolded\u201d, available at: https:\/\/ico.org.uk\/about-the-ico\/news-and-events\/talktalk- cyber-attack-how-the-ico-investigation-unfolded\/ (accessed 9 May 2022)."},{"key":"key2024050504480576300_ref061","unstructured":"Information Commissioner\u2019s Office (2022a), \u201cGuide to enforcement processes\u201d, available at: https:\/\/ico.org.uk\/media\/for-organisations\/guide-to-data-protection\/guide-to-le-processing-1-1.pdf (accessed 6 April 2023)."},{"key":"key2024050504480576300_ref060","unstructured":"Information Commissioner\u2019s Office (2022b), \u201cWho we are\u201d, available at: https:\/\/ico.org.uk\/about- the-ico\/who-we-are\/ (accessed 9 May 2022)."},{"issue":"2","key":"key2024050504480576300_ref062","doi-asserted-by":"publisher","first-page":"180","DOI":"10.1177\/1367549418823058","article-title":"Transatlantic repatriation: stigma management of second- generation Italian and Greek American women \u2018returning home\u2019","volume":"22","year":"2019","journal-title":"European Journal of Cultural Studies"},{"issue":"3","key":"key2024050504480576300_ref063","doi-asserted-by":"publisher","first-page":"429","DOI":"10.1111\/isj.12317","article-title":"Eyes wide open: the role of situational information security awareness for security\u2010related behaviour","volume":"31","year":"2021","journal-title":"Information Systems Journal"},{"key":"key2024050504480576300_ref064","unstructured":"Johnston, C. (2015), \u201cTalkTalk customer data at risk after cyber-attack on company website\u201d, available at: https:\/\/www.theguardian.com\/business\/2015\/oct\/22\/talktalk-customer-data- hackers-website-credit-card-details-attack (accessed 9 May 2022)."},{"issue":"3","key":"key2024050504480576300_ref065","doi-asserted-by":"publisher","first-page":"377","DOI":"10.5465\/amr.2011.0363","article-title":"Organizational crises and the disturbance of relational systems","volume":"38","year":"2013","journal-title":"Academy of Management Review"},{"issue":"3","key":"key2024050504480576300_ref066","doi-asserted-by":"publisher","first-page":"719","DOI":"10.1016\/j.jfineco.2019.05.019","article-title":"Risk management, firm reputation, and the impact of successful cyberattacks on target firms","volume":"139","year":"2021","journal-title":"Journal of Financial Economics"},{"issue":"4","key":"key2024050504480576300_ref067","doi-asserted-by":"publisher","first-page":"27","DOI":"10.1109\/MC.2002.1012428","article-title":"Intrusion detection: a brief history and overview","volume":"35","year":"2002","journal-title":"Computer"},{"issue":"1","key":"key2024050504480576300_ref068","doi-asserted-by":"publisher","first-page":"63","DOI":"10.1016\/S0363-8111(02)00194-7","article-title":"The relationship between web site design and organizational responsiveness to stakeholders","volume":"29","year":"2003","journal-title":"Public Relations Review"},{"key":"key2024050504480576300_ref069","unstructured":"Khomami, N. (2015a), \u201cTalkTalk hack could not have been prevented by government scheme\u201d, available at: https:\/\/www.theguardian.com\/business\/2015\/dec\/15\/talktalk-hack- could-not-have- been-prevented-by-cyber-essentials (accessed 1 May 2018)."},{"key":"key2024050504480576300_ref070","unstructured":"Khomami, N. (2015b), \u201cTalkTalk cyber-attack: company has received 'ransom demand\u201d, available at: https:\/\/www.theguardian.com\/business\/2015\/oct\/23\/talktalk-cyber-attack- company-has-received-ransom-demand (accessed 20 May 2022)."},{"key":"key2024050504480576300_ref071","first-page":"1","article-title":"Real leaders are forged in crisis","volume":"3","year":"2020","journal-title":"Harvard Business Review"},{"issue":"8","key":"key2024050504480576300_ref072","doi-asserted-by":"publisher","first-page":"2024","DOI":"10.1111\/joms.12743","article-title":"Shame on you! Unpacking the individual and organizational implications of engaging with a stigmatized organization","volume":"59","year":"2021","journal-title":"Journal of Management Studies"},{"issue":"1","key":"key2024050504480576300_ref073","doi-asserted-by":"publisher","first-page":"1","DOI":"10.5465\/amj.2013.4001","article-title":"Process studies of change in organization and management: unveiling temporality, activity, and flow","volume":"56","year":"2013","journal-title":"Academy of Management Journal"},{"issue":"4","key":"key2024050504480576300_ref074","doi-asserted-by":"publisher","first-page":"1462","DOI":"10.5465\/amj.2014.0862","article-title":"The face of the firm: the influence of CEOs on corporate reputation","volume":"60","year":"2017","journal-title":"Academy of Management Journal"},{"key":"key2024050504480576300_ref075","unstructured":"Lyonz, I. (2018), \u201cTalkTalk hackers jailed for cyber cyber attack that cost company \u00a377m\u201d, available at: https:\/\/www.telegraph.co.uk\/news\/2018\/11\/19\/talktalk-hackers-jailed-18- months- 2015-cyber-attack (accessed 15 June 2022)."},{"issue":"1","key":"key2024050504480576300_ref076","doi-asserted-by":"publisher","first-page":"70","DOI":"10.5465\/amr.2011.0188","article-title":"Reasoning in organization science","volume":"38","year":"2013","journal-title":"Academy of Management Review"},{"issue":"1","key":"key2024050504480576300_ref077","doi-asserted-by":"publisher","first-page":"171","DOI":"10.1016\/j.pubrev.2011.12.011","article-title":"CEO credibility, perceived organizational reputation, and employee engagement","volume":"38","year":"2012","journal-title":"Public Relations Review"},{"issue":"5","key":"key2024050504480576300_ref078","doi-asserted-by":"publisher","first-page":"459","DOI":"10.1002\/smj.958","article-title":"The path dependence of organizational reputation: how social judgment influences assessments of capability and character","volume":"33","year":"2012","journal-title":"Strategic Management Journal"},{"key":"key2024050504480576300_ref079","volume-title":"The Essential Guide to Managing Corporate Crises: A Step-by-step Handbook for Surviving Major Catastrophes","year":"1996"},{"key":"key2024050504480576300_ref080","doi-asserted-by":"publisher","first-page":"118","DOI":"10.1016\/j.cor.2016.05.005","article-title":"Interdicting attack graphs to protect organizations from cyber attacks: a bi-level defender\u2013attacker model","volume":"75","year":"2016","journal-title":"Computers & Operations Research"},{"issue":"1","key":"key2024050504480576300_ref081","doi-asserted-by":"publisher","first-page":"186","DOI":"10.5465\/amr.2008.27752576","article-title":"A new look at stigmatization in and of organizations","volume":"33","year":"2008","journal-title":"Academy of Management Review"},{"key":"key2024050504480576300_ref082","unstructured":"Parliament (2015), \u201cCulture, media and Sport committee meeting: TalkTalk\u201d, available at: https:\/\/www.parliamentlive.tv\/Event\/Index\/73368590-d756-4a37-badb-8174ac8ef239#p (accessed 9 May 2022)."},{"key":"key2024050504480576300_ref083","unstructured":"Parliament (2016a), \u201cTalkTalk cyber-attack and response\u201d, available at: https:\/\/publications.parliament.uk\/pa\/cm201617\/cmselect\/cmcumeds\/148\/14805.htm#footno te-054-backlink (accessed 5 May 2022)."},{"key":"key2024050504480576300_ref084","unstructured":"Parliament (2016b), \u201cWritten evidence submitted by TalkTalk plc (DEB 09)\u201d, available at: https:\/\/websearch.parliament.uk\/?q=Data%2Bbreach%2Breporting%2Bguidelines%2C+talktalk (accessed 1 April 2023)."},{"issue":"2","key":"key2024050504480576300_ref085","doi-asserted-by":"publisher","first-page":"226","DOI":"10.1111\/risa.12844","article-title":"Cyber risk management for critical infrastructure: a risk analysis model and three case studies","volume":"38","year":"2018","journal-title":"Risk Analysis"},{"issue":"1","key":"key2024050504480576300_ref086","doi-asserted-by":"publisher","first-page":"59","DOI":"10.5465\/amr.1998.192960","article-title":"Reframing crisis management","volume":"23","year":"1998","journal-title":"Academy of Management Review"},{"key":"key2024050504480576300_ref087","doi-asserted-by":"publisher","first-page":"87","DOI":"10.1146\/annurev-soc-071312-145702","article-title":"The stigma complex","volume":"41","year":"2015","journal-title":"Annual Review of Sociology"},{"key":"key2024050504480576300_ref088","first-page":"116","article-title":"Virtual crimes, real damages: a primer on cybercrimes in the United States and efforts to combat cybercriminals","volume":"16","year":"2011","journal-title":"Virginia Journal of Law and Technology"},{"issue":"2","key":"key2024050504480576300_ref089","doi-asserted-by":"publisher","first-page":"444","DOI":"10.5465\/annals.2017.0086","article-title":"Which of these things are not like the others? Comparing the rational, emotional, and moral aspects of reputation, status, celebrity, and stigma","volume":"13","year":"2019","journal-title":"Academy of Management Annals"},{"issue":"1","key":"key2024050504480576300_ref090","doi-asserted-by":"publisher","first-page":"121","DOI":"10.1287\/isre.1080.0174","article-title":"Choice and chance: a conceptual model of paths to information security compromise","volume":"20","year":"2009","journal-title":"Information Systems Research"},{"issue":"4","key":"key2024050504480576300_ref091","doi-asserted-by":"publisher","first-page":"834","DOI":"10.1287\/isre.2016.0683","article-title":"Special section introduction\u2014ubiquitous IT and digital vulnerabilities","volume":"27","year":"2016","journal-title":"Information Systems Research"},{"issue":"3","key":"key2024050504480576300_ref092","doi-asserted-by":"publisher","first-page":"433","DOI":"10.5465\/amj.2006.21794663","article-title":"Responding to organizational identity threats: exploring the role of organizational culture","volume":"49","year":"2006","journal-title":"Academy of Management Journal"},{"issue":"1","key":"key2024050504480576300_ref093","doi-asserted-by":"publisher","first-page":"146","DOI":"10.5465\/amr.2009.35713324","article-title":"Contextual factors surrounding reputation damage with potential implications for reputation repair","volume":"34","year":"2009","journal-title":"Academy of Management Review"},{"issue":"6","key":"key2024050504480576300_ref094","doi-asserted-by":"publisher","first-page":"1033","DOI":"10.5465\/amj.2005.19573108","article-title":"Being good or being known: an empirical examination of the dimensions, antecedents, and consequences of organizational reputation","volume":"48","year":"2005","journal-title":"Academy of Management Journal"},{"issue":"1","key":"key2024050504480576300_ref095","doi-asserted-by":"publisher","first-page":"16","DOI":"10.1111\/risa.13331","article-title":"An adversarial risk analysis framework for cybersecurity","volume":"41","year":"2021","journal-title":"Risk Analysis"},{"key":"key2024050504480576300_ref096","unstructured":"Rodionova, Z. (2016), \u201cTalkTalk given record fine over data breach that led to data theft of nearly 157,000 customers\u201d, available at: https:\/\/www.independent.co.uk\/news\/business\/news\/talktalk- fine-data-breach-theft-customers-information-stolen-record-penalty-a7346316.html (accessed 8 May 2022)."},{"key":"key2024050504480576300_ref097","unstructured":"Rosanes, M. (2022), \u201cCybersecurity best practices \u2013 how should companies respond to a cyberattack?\u201d, available at: https:\/\/www.insurancebusinessmag.com\/us\/news\/cyber\/cybersecurity-best- practices--how-should-companies-respond-to-a-cyberattack-415154.aspx (accessed 20 December 2022)."},{"issue":"4","key":"key2024050504480576300_ref098","doi-asserted-by":"publisher","first-page":"389","DOI":"10.1287\/isre.13.4.389.74","article-title":"The security of confidential numerical data in databases","volume":"13","year":"2002","journal-title":"Information Systems Research"},{"key":"key2024050504480576300_ref099","doi-asserted-by":"publisher","first-page":"33","DOI":"10.1016\/j.futures.2013.09.001","article-title":"Organizing strategic foresight: a contextual practice of \u2018way finding\u2019","volume":"53","year":"2013","journal-title":"Futures"},{"issue":"1","key":"key2024050504480576300_ref100","doi-asserted-by":"crossref","first-page":"20","DOI":"10.5465\/amj.2007.24160882","article-title":"Persuasion with case studies","volume":"50","year":"2007","journal-title":"Academy of Management Journal"},{"key":"key2024050504480576300_ref101","unstructured":"Spanier, G. (2015), \u201cTalkTalk suspends advertising and X Factor sponsorship for second week\u201d, available at: https:\/\/www.campaignlive.co.uk\/article\/talktalk-suspends-advertising-x-factor- sponsorship-second-week\/1370822 (accessed 17 April 2022)."},{"key":"key2024050504480576300_ref102","volume-title":"Taxonomies of Distributed Denial of Service Networks, Attacks, Tools and Countermeasures","year":"2003"},{"key":"key2024050504480576300_ref103","doi-asserted-by":"publisher","first-page":"39","DOI":"10.1016\/j.cose.2013.03.014","article-title":"A game theoretic defence\u00a0framework against DoS\/DDoS cyber attacks","volume":"38","year":"2013","journal-title":"Computers & Security"},{"issue":"3","key":"key2024050504480576300_ref104","doi-asserted-by":"publisher","first-page":"297","DOI":"10.1177\/0893318994007003004","article-title":"Communicating through crisis: a strategy for organizational survival","volume":"7","year":"1994","journal-title":"Management Communication Quarterly"},{"issue":"3","key":"key2024050504480576300_ref105","doi-asserted-by":"publisher","first-page":"405","DOI":"10.5465\/256007","article-title":"The stigma of bankruptcy: spoiled organizational image and its\u00a0management","volume":"30","year":"1987","journal-title":"Academy of Management Journal"},{"key":"key2024050504480576300_ref106","unstructured":"TalkTalk Group (2015a), \u201cStatement by TalkTalk PLC on cyber attack \u2013 thursday october 22nd 2015\u201d, available at: https:\/\/www.talktalkgroup.com\/article\/talktalkgroup\/TalkTalk-Group--moved-articles-\/2015\/Statement-by-TalkTalk-PLC-on-Cyber-Attack---Thursday-October-22th-2015 (accessed 1 May 2022)."},{"key":"key2024050504480576300_ref107","unstructured":"TalkTalk Group (2015b), \u201cCyber attack update \u2013 saturday october 24th, 2015\u201d, available at: https:\/\/www.talktalkgroup.com\/article\/talktalkgroup\/TalkTalk-Group--moved-articles-\/2015\/Cyber-Attack-update---Saturday-October-24th-2015 (accessed 27 May 2022)."},{"key":"key2024050504480576300_ref108","unstructured":"TalkTalk Group (2015c), \u201cCyber attack update \u2013 monday october 26th, 2015\u201d, available at: https:\/\/www.talktalkgroup.com\/article\/talktalkgroup\/TalkTalk-Group--moved-articles-\/2015\/Cyber-Attack-update---Monday-October-26th-2015 (accessed 27 May 2022)."},{"key":"key2024050504480576300_ref109","unstructured":"TalkTalk Group (2015d), \u201cTalkTalk PLC responds to metropolitan police update\u201d, available at: https:\/\/www.talktalkgroup.com\/article\/talktalkgroup\/TalkTalk-Group--moved-articles-\/2015\/TalkTalk-PLC-responds-to-Metropolitan-Police-update (accessed 27 May 2022)."},{"key":"key2024050504480576300_ref110","unstructured":"TalkTalk Group (2015e), \u201cCyber attack update \u2013 tuesday october 27th, 2015\u201d, available at: https:\/\/www.talktalkgroup.com\/article\/talktalkgroup\/TalkTalk-Group--moved-articles-\/2015\/Cyber-Attack-update---Tuesday-October-27th-2015 (accessed 30 May 2022)."},{"key":"key2024050504480576300_ref111","unstructured":"TalkTalk Group (2015f), \u201cCyber attack update \u2013 friday october 30th 2015\u201d, available at: https:\/\/www.talktalkgroup.com\/article\/talktalkgroup\/TalkTalk-Group--moved-articles-\/2015\/Cyber-Attack-update---Friday-October-30th-2015 (accessed 30 May 2022)."},{"key":"key2024050504480576300_ref112","unstructured":"TalkTalk Group (2015g), \u201cCyber attack update \u2013 friday november 6th, 2015\u201d, available at: https:\/\/www.talktalkgroup.com\/article\/talktalkgroup\/TalkTalk-Group--moved-articles-\/2015\/Cyber-Attack-update---Friday-November-6th-2015 (accessed 30 May 2022)."},{"key":"key2024050504480576300_ref113","unstructured":"TalkTalk Group (2015h), \u201cTalkTalk reaffirms commitment to customers\u201d, available at: https:\/\/www.talktalkgroup.com\/article\/talktalkgroup\/TalkTalk-Group--moved-articles-\/2015\/TalkTalk-reaffirms-commitment-to-customers (accessed 3 June 2022)."},{"key":"key2024050504480576300_ref114","unstructured":"TalkTalk Group (2015i), \u201cTalkTalk: serious about safety\u201d, available at: https:\/\/www.talktalkgroup.com\/articles\/talktalkgroup\/TalkTalk-Group--moved-articles-\/2016\/TalkTalk--Serious-about-safety (accessed 1 May 2018)."},{"key":"key2024050504480576300_ref115","unstructured":"TalkTalk Group (2016a), \u201cAnnual report 2016\u201d, available at: https:\/\/www.talktalkgroup.com\/annualreports (accessed 6 June 2022)."},{"key":"key2024050504480576300_ref116","unstructured":"TalkTalk Group (2016b), \u201cTalkTalk supports safer internet day 2016\u201d, available at: https:\/\/www.talktalkgroup.com\/article\/talktalkgroup\/TalkTalk-Group--moved-articles-\/2016\/TalkTalk-Supports-Safer-Internet-Day-2016 (accessed 1 May 2018)."},{"key":"key2024050504480576300_ref117","unstructured":"TalkTalk Group (2016c), \u201cSharing lessons of the cyber-attack\u2014telegraph cybersecurity conference\u201d, available at: https:\/\/www.talktalkgroup.com\/article\/talktalkgroup\/2016\/New-content\/Launch- content\/Sharing-the-lessons-of-the-cyber-attack---Telegraph-Cyber-Security-Conference (accessed 5 June 2022)."},{"key":"key2024050504480576300_ref118","unstructured":"TalkTalk Group (2022a), \u201cCompany history\u201d, available at: https:\/\/www.talktalkgroup.com\/about-us\/our-history (accessed 8 May 2022)."},{"key":"key2024050504480576300_ref119","unstructured":"TalkTalk Group (2022b), \u201cAnnual report 2021\u201d, available at: https:\/\/www.talktalkgroup.com\/annualreports (accessed 5 May 2022)."},{"key":"key2024050504480576300_ref120","doi-asserted-by":"publisher","first-page":"212","DOI":"10.1016\/j.cose.2017.09.001","article-title":"A survey on technical threat intelligence in the age of sophisticated cyber attacks","volume":"72","year":"2018","journal-title":"Computers & Security"},{"key":"key2024050504480576300_ref121","unstructured":"Tovey, A. (2015), \u201cTalkTalk claims cyber-attack hit just 4pc of customers\u201d, available at: https:\/\/www.telegraph.co.uk\/finance\/newsbysector\/mediatechnologyandtelecoms\/telecoms\/11979032\/TalkTalk-claims-cyber-attack-hit-just-4pc-of-customers.html (accessed 1 May 2018)."},{"issue":"3","key":"key2024050504480576300_ref122","doi-asserted-by":"publisher","first-page":"740","DOI":"10.5465\/amj.2013.0483","article-title":"Managing the consequences of organizational stigmatization: identity work in a social enterprise","volume":"59","year":"2016","journal-title":"Academy of Management Journal"},{"key":"key2024050504480576300_ref123","unstructured":"Waller, P. (2015), \u201cTalkTalk suspends X Factor sponsorship as shares dive after cyber hack\u201d, available at: https:\/\/www.mirror.co.uk\/news\/business\/talktalk-suspends-x-factor-sponsorship-6711474 (accessed 8 May 2022)."},{"key":"key2024050504480576300_ref124","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2019.101659","article-title":"A Bayesian network approach for cybersecurity risk assessment implementing and extending the FAIR model","volume":"89","year":"2020","journal-title":"Computers & Security"},{"issue":"6","key":"key2024050504480576300_ref125","doi-asserted-by":"publisher","first-page":"1842","DOI":"10.5465\/amj.2018.0715","article-title":"From grace to violence: stigmatizing the medical\u00a0profession in China","volume":"64","year":"2021","journal-title":"Academy of Management Journal"},{"issue":"6","key":"key2024050504480576300_ref126","doi-asserted-by":"publisher","first-page":"681","DOI":"10.1007\/s10207-017-0382-0","article-title":"A framework for estimating information security risk assessment method completeness","volume":"17","year":"2018","journal-title":"International Journal of Information Security"},{"issue":"2","key":"key2024050504480576300_ref127","doi-asserted-by":"publisher","first-page":"101","DOI":"10.1057\/ejis.2009.12","article-title":"Behavioral and policy issues in information systems security: the insider threat","volume":"18","year":"2009","journal-title":"European Journal of Information Systems"},{"issue":"1","key":"key2024050504480576300_ref128","doi-asserted-by":"publisher","first-page":"231","DOI":"10.5465\/amr.2008.27752771","article-title":"The stigmatization and devaluation of elites associated with corporate failures: a process model","volume":"33","year":"2008","journal-title":"Academy of Management Review"},{"issue":"6","key":"key2024050504480576300_ref129","doi-asserted-by":"publisher","DOI":"10.1016\/j.leaqua.2021.101518","article-title":"Crisis leadership: a review and future research agenda","volume":"32","year":"2021","journal-title":"The Leadership Quarterly"},{"issue":"5","key":"key2024050504480576300_ref130","doi-asserted-by":"publisher","first-page":"1079","DOI":"10.5465\/amj.2010.0608","article-title":"Managing the message: the effects of firm actions and industry spillovers on media coverage following wrongdoing","volume":"55","year":"2012","journal-title":"Academy of Management Journal"},{"issue":"10","key":"key2024050504480576300_ref131","doi-asserted-by":"publisher","first-page":"2275","DOI":"10.1111\/risa.13900","article-title":"A Bayesian framework for the analysis and optimal mitigation of cyber threats to cyber\u2010physical systems","volume":"42","year":"2022","journal-title":"Risk Analysis"},{"key":"key2024050504480576300_ref132","volume-title":"The 18 Immutable Laws of Corporate Reputation: Creating, Protecting, and Repairing Your Most Valuable Asset","year":"2004"},{"key":"key2024050504480576300_ref133","volume-title":"Gauging Public Opinion","year":"1947"},{"issue":"1","key":"key2024050504480576300_ref134","doi-asserted-by":"publisher","first-page":"28","DOI":"10.1287\/isre.1050.0041","article-title":"The value of intrusion detection systems in information technology security architecture","volume":"16","year":"2005","journal-title":"Information Systems Research"},{"key":"key2024050504480576300_ref135","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2021.102248","article-title":"Cyber security in the age of COVID-19: a timeline and analysis of cyber-crime and cyber-attacks during the pandemic","volume":"105","year":"2021","journal-title":"Computers & Security"},{"issue":"3","key":"key2024050504480576300_ref136","doi-asserted-by":"publisher","first-page":"268","DOI":"10.1080\/00909882.2010.490841","article-title":"Stigma management communication: a theory and agenda for applied research on how individuals manage moments of stigmatized identity","volume":"38","year":"2010","journal-title":"Journal of Applied Communication Research"},{"issue":"1","key":"key2024050504480576300_ref137","doi-asserted-by":"publisher","first-page":"194","DOI":"10.5465\/amr.2008.27752724","article-title":"Disclosure disconnects: antecedents and consequences of disclosing invisible stigmas across life domains","volume":"33","year":"2008","journal-title":"Academy of Management Review"},{"issue":"1","key":"key2024050504480576300_ref138","doi-asserted-by":"publisher","first-page":"27","DOI":"10.1146\/annurev.psych.56.091103.070137","article-title":"Item response theory and clinical measurement","volume":"5","year":"2009","journal-title":"Annual Review of Clinical Psychology"}],"container-title":["Information Technology &amp; People"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/ITP-08-2022-0589\/full\/xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/ITP-08-2022-0589\/full\/html","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,24]],"date-time":"2025-07-24T21:55:25Z","timestamp":1753394125000},"score":1,"resource":{"primary":{"URL":"http:\/\/www.emerald.com\/itp\/article\/37\/4\/1642-1673\/1234722"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,5,26]]},"references-count":138,"journal-issue":{"issue":"4","published-online":{"date-parts":[[2023,5,26]]},"published-print":{"date-parts":[[2024,5,6]]}},"alternative-id":["10.1108\/ITP-08-2022-0589"],"URL":"https:\/\/doi.org\/10.1108\/itp-08-2022-0589","relation":{},"ISSN":["0959-3845"],"issn-type":[{"value":"0959-3845","type":"print"}],"subject":[],"published":{"date-parts":[[2023,5,26]]}}}