Evaluating consumer sentiment and business response to data breaches

Study finds reputational risks from data breaches ranked alongside poor customer service, environmental incidents


  • 78 percent worry most about having their Social Security number stolen, followed by passwords and PIN number (71 percent) and credit card or bank payment information (65 percent); 
  • 24 percent say they were extremely or very concerned about becoming a victim of identity theft before having their personal information lost or stolen. Following a data breach, those concerns doubled;
  • The aftermath of a data breach can be long lasting - 48 percent of respondents noted they believe their identity is at risk for years or forever; 
  • And, worse yet, 57 percent of respondents reported they were less likely to have a relationship with a company following a breach.

For security professionals, it is clear combating consumers’ heightened concern following a breach requires an integrated, thoughtful response and actions. For many consumers surveyed, companies which offer free identity theft protection (63 percent), deliver clear communications (67 percent) that don’t “sugar coat” information and discloses all of the facts (56 percent) were top priorities for data breach resolution. Interestingly, respondents also indicated it was important for the media to report timely details about data breaches to help influence a corporate response (67 percent), generate broad awareness for potentially affected individuals (54 percent) while alerting victims to take action to protect their personal information (53 percent).

With these perspectives in mind, organizations and security professionals should be prepared to provide consumers affected by a data breach credit monitoring services while focusing on the communications that drive awareness and action for near- and long-term remediation and protection. For data breach notification letters, companies should provide a clear overview of the latest information and necessary facts available on the incident along with guidance for how consumers can protect themselves. However, with consumer interest in media’s role highlighting data breaches, companies should also evaluate which communication mediums will effectively reach their stakeholders, along with the appropriate timing, including public statements, website updates and direct emails. Using these communication channels, delivered at the right time, can provide effective ways for security professionals to reach consumers to help manage, protect and resolve a data breach incident.

Getting the response right in the heat of a data breach is easier said than done. The mega breaches that have played out publically in recent months, along with the consumer sentiment insights from this Ponemon research, show companies must ensure they react and respond to an incident by planning ahead and having a response plan in place with security and communication professionals working closely together. Data breaches will continue to be a threat for security professionals to address, but surviving the aftermath of an incident can ensure companies maintain their credibility and reduce the impact of a major incident on the bottom line.

About the Author: Michael Bruemmer, CHC, CIPP/US, is vice president of the Experian Data Breach Resolution group. A veteran with more than 25 years in the industry, Bruemmer brings a wealth of knowledge related to business operations and development in the identity theft and fraud resolution space where he has educated businesses of all sizes and sectors through pre-breach and breach response planning and delivery, including notification, call center and identity protection services. Bruemmer currently resides on the on the Medical Identity Fraud Alliance (MIFA) Steering Committee, Ponemon Responsible Information Management (RIM) Board, the International Security Management Group (ISMG) Editorial Advisory Board and the International Association of Privacy Professionals (IAPP) Certification Advisory Board.