A credit checking services company has released Data Breach Readiness 2.0: The Customer First Data Breach Response. It’s a white paper from Experian on British organisations’ preparedness for what the firm terms the growing threat of data breach. Drawing on more than 400 senior business executives, the research found that:
34 per cent do not have a data breach response plan in place at all
Of those that do, a quarter of these plans do not include specialist crisis communications (23pc) or legal support (27pc)
More than a third (37pc) had not included or considered digital forensics
Only one third have specific budgets set aside to deal with data breaches, in spite of 81pc saying they are concerned about the financial impact of recovering from a breach; and
39pc have no reporting procedures in place for lost data or devices (eg, company laptops or phones)
Less than half (43pc) have data breach or cyber insurance policies in place
While preparedness levels were seen to be notably higher among organisations that have been affected by a breach in the past, 57% go on to be affected again within just two years. With what the firm calls unprecedented levels of personally identifiable information being illegally traded online, the ever increasing sophistication of cyber-crime means the potential impact on consumers, if their information is compromised, has never been greater, it’s claimed.
Four in ten British adults have been affected by a data breach and two thirds (64pc) are concerned about falling victim. Most notably it is evidenced that consumers are less understanding, and less willing to see organisations affected by data breaches as ‘victims’. Rather, they increasingly believe that data breaches come as a result of the organisations’ own failures – failures in procedures, security and data controls.
The research findings, the company adds, bear this out:
84pc think companies should be penalised for compromising their customers’ personal information
83pc think companies should be subject to increased regulation to better protect customers
80pc say their level of trust would decrease if a company lost their personal data
67pc would advise friends and family against the organisation
63pc say they are likely to leave an organisation if a data breach occurred
Less than half of organisations (47pc) would notify customers ‘as quickly as possible’ following a data breach. Less than a quarter (21pc) would offer an identity protection service to existing customers, and only one in ten would offer a free credit monitoring service.
Amir Goshtai, Managing Director, Affinity Experian Consumer Services, said: “The prevalence and severity of data breach incidents will continue to accelerate, as will the volume of reported cases. When coupled with the potential for greater regulation, increased consumer awareness and widespread media coverage, it has never been more important for organisations to be well prepared. And at the heart of any plan needs to be an unwavering focus minimising the impact on their customers.”
The organisations most equipped to withstand the impacts of data will take a proactive, integrated approach with detailed response plans that:
Focus first on those affected recognising that this is where all other impacts ultimately will flow from: customers, the wider public, the media and regulators
Identify response teams, roles, responsibilities and lines of communication
Draw support and direct involvement at the highest level of the business
Identify and put in place master agreements with specialist suppliers – outside legal counsel, insurance, digital forensics, consumer support, credit monitoring, and crisis communications
Incorporate specific plans for each discipline: a digital forensics response plan, a crisis communications plan, a consumer outreach plan and so on
Mandate regular testing and scenario planning to ensure plans are relevant and cover all possible outcomes
Download: Data Breach Readiness 2.0: The Customer First Data Breach Response at www.experian.co.uk/data-breach-readiness
Research methodology:
The 400 senior business executives were experts from legal, insurance, digital forensics, crisis communications disciplines and complemented by consumer research. The report reveals that 17% of medium / large businesses in the UK have suffered at least one breach in the last two years. However perhaps of greater concern, the findings strongly indicate a misplaced confidence among UK organisations when it comes to preparedness to properly manage, and recover from, a data breach.
79% of executives interviewed believe their organisation is prepared to respond and 81% believe the organisation understands what needs to be done following a data breach to maintain customers’ and business partners’ trust.
ComRes interviewed 400 medium and large UK businesses online between December 22, 2014 and January 3, 2015. All respondents were screened and had involvement or knowledge of their company’s data breach policy. ComRes interviewed 2,056 GB adults online between January 9 and 11, 2015. Data were weighted to be representative of all GB adults aged 18-plus.
Visit: http://www.experianplc.com.
