While 25 per cent of respondents said they were notified by letter of a data breach – up from 12 per cent seven years ago – this shows that consumers are still at the end of the food chain when it comes to being informed about their data.
“This really is an unsatisfactory state of affairs. If a company I had shopped with had suffered a data breach and lost my data, I’d really want to know what had happened – and what the firm was doing to protect my interests. Many of the 72 per cent of consumers who had been informed - but were dissatisfied – are almost certain to be shopping elsewhere in future,” he said.
“As well as telling us that consumers are being more informed about the need for data protection – and will vote with their feet if the company fails to meet its clear obligations in keeping customers informed – I would argue that firms need to do all in their power to prevent a breach from taking place in the first place, or lose their customers as a result,” he added.
It's interesting to note that the increase in advisory letters is probably due to the statutory requirements imposed on companies by 47 states in the US to notify when personal information has been lost or stolen.
As officials with Experian state, it is important for companies to do everything possible to safeguard consumer data, it's just as important to communicate effectively in the event of a breach, he says.
Since the consequences of a data breach are potentially so profound - and may involve the loss of a sizeable proportion of your customer base– that preventing a data breach from happening in the first place should take absolute priority.
Gibson explained that all organizations should regularly review the way they protect their customer data, especially as the amounts of unstructured data (80% in most organizations) continue to grow. Unstructured data is especially difficult to audit and track using conventional IT security systems.
“Only by reviewing their levels of protection can companies hope to understand the problems that unstructured data now poses them in these times of rising levels of governance and data protection requirements,” he said.
“This report – which serves to highlight the potential loss of customers that a data breach will result in – will hopefully act as a wake-up call to any company which has customer data. A data loss and regulatory fine is bad enough, but potentially losing a sizeable number of your existing customers as well shows that failing to protect customer data is a disaster just waiting to happen,” he added.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.