When a data breach occurs, the monetary costs can be horrific for the affected company. The Target cyberattack cost the retailer more than $17 million, the Washington Post reported. The breach of health insurance company Anthem earlier this year is already running cost estimates in excess of $100 million. Yet even when the monetary costs are incredibly high, they’re not the most damaging effects of a data breach. The loss of consumer confidence can be even more devastating.
Being caught up in a data breach undermines consumers’ confidence in their future financial well-being, as well as their opinion of the breached company, Experian research shows. Following a data breach, 45 percent of affected consumers said they were extremely worried about becoming victims of identity theft, and 48 percent said their identities would remain at risk for years or even forever, according to the report “The Aftermath of a Mega Data Breach: Consumer Sentiment by the Ponemon Institute.
A survey of retail customers by Retail Perceptions found that after a data breach, 12 percent of retail customers said they would stop shopping at the affected retailer. Additionally, 79 percent of those who would continue the relationship would never again use credit or debit cards to make purchases there, and 26 would spend less with the retailer. In a survey of nearly 2,000 American consumers, software buying consultancy Software Advice found that nearly 50 percent said that if their personal information were compromised in a data breach, there is nothing a breached company could do to win back their confidence.
As daunting as this information may seem, there is good news. Perhaps unsurprisingly, companies that respond well to a data breach fare better in terms of consumer sentiment than those who fumble their response.
Among the Retail Perceptions survey respondents, 22 percent said that as long as the retailer resolved the security issue that caused the breach, they would be comfortable returning there to shop. More than half (52 percent) also said they would be willing to enroll in a loyalty program if the security issues had been resolved. A third of those surveyed by Software Advice said that if a company increased its cyber security spending, their confidence in the company would also improve. And 45 percent of those surveyed by Ponemon said they continued to do business with the breached company because they felt it had resolved the data breach to their satisfaction.
So how should companies respond to a data breach? Our Ponemon research indicates that the key points for consumers are those which a company really needs to start working on before a breach ever occurs. Consumers stressed the need for clear communication and a well-managed response. Sixty-three percent wanted free identity theft protection, 67 percent wanted clear communications that didn’t “sugar coat” information, and 56 percent wanted full disclosure of all the facts.
When a breach happens, even the most efficient, agile organization will be hard-pressed to meet those expectations unless they have prepared in advance. The first step toward retaining or regaining consumer confidence in the wake of a data breach needs to occur before a cyberattack does. A well-formulated, comprehensive and effective data breach response plan can be the difference between devastating reputational costs and a successful rebuilding of consumer trust.