In the wake of what can only be described as mega breaches at major companies over the past year, it should come as no surprise that data security is top of mind for policymakers, consumers and businesses. As security executives are aware, not a week or two goes by without hearing of another major data breach incident causing reputational damage and business disruption for the affected organizations.
However, what is less known is how consumers feel about data breaches and if heightened awareness has led to changes in their brand engagement or actions. Consumers should always be the North Star for companies responding to a data breach, and by better understanding their actions, feelings and behaviors, security professionals will have critical information and insights that can help their organizations better manage the data breach response process.
To better understand consumer sentiment, Experian Data Breach Resolution commissioned a report, “Aftermath of a Mega Data Breach: Consumer Sentiment,” with the Ponemon Institute, which studies cybersecurity and data protection. The survey revealed data breaches as one of the top three incidents that can affect a business’ reputation, ranked alongside poor customer service and environmental incidents. The reputational risk of a data breach was also listed ahead of publicized lawsuits, government fines and labor or union disputes in terms of impact on an organization, according to the study. Using these report findings, companies - and the security professionals assigned to protect customer data - can learn valuable lessons for how they should approach their response to a data breach incident and help maintain consumer trust.
Amidst Breaches, Consumers Send Mixed Signals
Overall, the Ponemon research found the increase in data breach notifications and related media coverage has caused consumers to become more apathetic. The increase in consumer notification was profound when compared to the results of another study (“Consumer Study on Data Breach Notification”) published just two years ago. The number of consumers who reportedly received a data breach notification doubled in 2013, and of that group, 62 percent said they received multiple data breach notifications involving separate incidents. But, rather than taking action to protect themselves after a data breach, consumers are giving less attention to the severity of being affected and the importance of following recommended remediation directions. This phenomenon, which has been coined “data breach fatigue,” leads some consumers to not reset passwords or accounts that may have been compromised, failing to be extra vigilant in watching for targeted phishing attacks or not taking advantage of credit monitoring products provided by the affected company.
As consumers continue to be inundated with information about data breaches, it will be important for security professionals to work with their organizations to break through the notification clutter with relevant background which provides concise direction and guidance for customers to remedy and protect personal information. Without driving data breach awareness and resulting actions to protect data, if affected customers do end up experiencing fraudulent activity, the experience has proven time and again to negatively impact a consumer’s relationship with the breached company.
Heightened Consumer Concern
Despite data breach fatigue and more frequent inaction, a majority of consumers in the Ponemon research did indicate significant concerns over data breaches and identity theft – even if they have yet to be affected by such an incident. These near- and long-term perceptions and concerns can and will result in a loss of consumer confidence in the organization, harming brand reputation and ultimately affecting the bottom line. The top consumer concerns for data breaches and identity theft, as highlighted by the research, include: