As companies fight to stop data breaches, individuals are feeling the impact of IT security incidents. And many victims will choose to take their business elsewhere.
Breaches are widespread and dangerous for individuals. In 2012, 16 million Americans’ records were notified by an organization of a data breach that may have compromised their personal information, according to a recent report published by Javelin Strategy & Research and Identity Finder.
And among those individuals, around 25% found themselves to be the victims of identity theft.
Data breaches can be expensive for companies. The total costs often include the IT resources and staff time necessary to assess and fix the incident, as well as legal costs, reputation damage and lost business.
Customers leave after breaches
Increasingly, it’s the loss of current and potential customers that’s becoming one of the biggest long-term costs of cyber security incidents.
Many customers say they would change businesses if their data was compromised in a breach, according to a recent poll from Cintas. And all types of organizations are subject to the threat:
- 55% of survey respondents said they would change banks if their personal information was breached
- 46% would switch insurance companies
- 42% would change drug stores and pharmacies
- 40% would get a new doctor or dentist
- 39% would get a new lawyer
- 38% would stop donating to a charity or other non-profit organization
- 35% would go to a different hospital, and
- 24% would no longer donate to an educational institution they attended.
What it means for IT: When struggling to get more funding for security efforts, it may help to point to those numbers to show that bad security is bad for business.
Know how to respond
Thanks to lost business, as well as all of the other expenses involved, data breaches cost the U.S. economy an estimated $100 billion every year, according to a study from the Center for Strategic & International Studies.
Unfortunately, the rate of cyber attacks doesn’t seem to be slowing down. So what can companies do to protect their data — and their bottom lines?
Of course, stopping breaches is critical, and there is a lot that companies can be doing to prevent some incidents from occurring. That includes investing in the right security tools, as well as training employees on how to avoid attacks that target end users.
However, when it comes to reducing the long-term impacts of data breaches, it’s just as important to properly handle the breaches that will inevitable occur.
Obviously, no company wants their customers’ data to be stolen. But planning ahead for when it happens will a long way toward protecting the business’s reputation, easing customers’ fears and helping them avoid financial harm.
Here are some tips for the best ways to notify customers after a breach occurs:
1. Provide all the facts
People care about the security of their personal information, and when it’s at risk, they want all relevant information. However, in a Ponemon Institute survey from last year 58% of people said the notification they received did not include all the facts and “sugar coated” the message.
2. Be clear
Just 48% of people said the breach notifications they’ve received were easy to understand. In addition, 62% said they were too long and poorly written, and 53% said they contained too much legal language. It’s important to not only present all the facts, but also do so in a way the average person can comprehend.
3. Let people know what your organization is doing
When asked what key facts were missing from breach notifications, 51% of respondents said they weren’t told about the protections that were being provided to protect victims from financial damage. Offering that information will let victims know the company cares about the dangers they face.
4. Explain the risks and offer advice
Another 25% said they weren’t given information about what steps they should be taking to protect themselves. Explaining the risks people should prepare for and telling them what they can do will help reduce fear and confusion.
5. Offer financial help
Most people believe a data breach will make it likely that they will be the victim of identity theft. Therefore, the majority expect some kind of reimbursement, with 63% saying they should get cash or free products or services. While that may not be realistic, 56% said organizations should offer credit monitoring services to breach victims, which is a step many experts recommend.