Best Practices for Companies Recovering from a Data Breach

Published: July 21, 2014 by Michael Bruemmer

You already know a data breach is bad news for everyone, consumers and the breached business alike. But you might be shocked to learn just how severe the reputational impact can be for businesses.

In the latest Ponemon Institute survey, “The Aftermath of a Mega Data Breach: Consumer Sentiment,” conducted on behalf of Experian Data Breach Resolution, the survey reveals how passionately consumers feel about data breaches, and it’s a call to action for businesses to adopt some best practices to help consumers (and the companies) in recovering from a data breach.

The majority of consumers believe companies should be required to provide protections to help them in recovering from a data breach. Nearly half of breach victims fear their identities will never be safe again, and – perhaps most disheartening – most of them feel that breached companies will be responsive to victims only if detailed media coverage pressures them to be, according to the Ponemon survey.

  • Compensate customers caught in the breach. Sixty-three percent of those surveyed said organizations should be obligated to provide identity theft protection in the wake of a breach, 58 percent wanted credit monitoring services and 67 percent wanted compensation such as cash, products or services. Sadly, only a quarter of respondents who’d received a breach notification letter in the past year said they were offered an identity theft protection product. Clearly, there’s a disconnect between what consumers want and what companies are doing. Offering compensation builds goodwill and can help consumers stay protected after a data breach.
  • Emphasize good communication. Across the board, survey respondents wanted better communication, including 67 percent who said they craved notification letters that explained the risks and possible harms in clear, easy-to-understand verbiage. From the initial contact of the data breach notification letter throughout the process of recovering from a data breach, communicate as proactively and transparently as possible.
  • Focus on customer retention. While most survey respondents said they didn’t terminate their business relationship with the breached company, they didn’t stay because they were happy with how the company handled the breach. Rather, they remained largely because it was too much trouble to go elsewhere. Of those who did leave, more than half said nothing the company could have done would have convinced them to stay. But nearly the entire other half that left said a sincere and personal apology would have been enough to keep them. In addition, 41 percent would have stayed had they been offered identity and credit monitoring. Clearly, customers feel under-valued when they’re recovering from a data breach. Emphasize retention tactics, such as compensation, enhanced communication and appreciation products or services.

Finally, be sure your data breach recovery plan is vibrant and ready. These best practices can help ensure that both consumers and breached companies have optimum success in recovering from a data breach. To learn more about the potential impact of a data breach and how consumers feel about it, download the full survey.