Data Breach Fatigue– Fallacy or Reality?

By Michael Bruemmer, Vice President, Experian Data Breach Resolution

Michael Bruemmer 2016

It’s certainly hard to miss the increased volume of data breaches and security incidents that take place in today’s business environment. In fact, data breaches have reallybecome the norm in our society.Asthey continue to make headlines, the public and businesses alike are not nearly as surprised or alarmed by them as they once were. Unfortunately this reality has left many companies complacent when it comes to preparing for data breaches, as they believe consumers suffer from “data breach fatigue” and no longer care if their personal information is compromised.

While it is true that data breaches have become somewhat of the norm, this does not mean that consumers do not care about their information being exposed, or that they will not take action against companies as a result of a breach. In fact, a recent Experian survey showed that one in five consumers stopped doing business with the company that compromised their information after a breach. That’s a lot of customers – and revenue – that companies should undoubtedly be concerned about.

Additionally, falling for the data breach fatigue fallacy ultimately harms not only a company’s revenue, but also their reputation. In a world where the question of “if”a company will experience a breach has really becomemore a matter of “when,”companies need to be even more proactive in preparing for a breachin order to mitigate thenegative monetary and reputational effects on their business.

The good news is that there are ways companies can avoid falling for the fallacy of data breach fatigue,and instead successfullyprepare for, and handle a breach. Here are a few simple steps companies can take to ensure they are prepared the day their company experiences a security incident.

Communication is Key

When a breach occurs, response time is paramount. Notification letters should be sent to impacted customers as soon as possibleand include clear communication regarding the breach. In addition, the letter should include a sincere apology, and outline next steps for those whose personal information was compromised.

Outside of notification letters, companies need to look for additional ways of keeping the lines of communication open with their customers post-incident. Call centers for example, can be extremely valuable as they allow customers to instantly have their questions answered and provide customers with personal assistance when it comes to signing up for identity theft protection services. The personal touch of a live agent can really go a long way in re-establishing trust with customers as well.

Furthermore, adding a specific webpage to a company website that is focused solelyon the breach, answering all the FAQs and providing contact information can also be extremelybeneficial. These microsites allow companies to provide consumers up-to-the-minute information on the breach and what is being done, which can provideconsumers with the reassurance that a company is being transparent.

Provide remedies and protections to those affected

Currently laws and mandates for data breach responses vary widely from state to state, especiallyin terms ofwhen identity theft protection services are mandated for compromised consumers. That said, the reality in today’s market is that consumers simply expect it. In fact 63 percent of consumers believe organizations should be obligated to provide identity theft protection in the event of a data breach.

Offering customers credit monitoring and identity theft protection services post-breach will provide consumer’ssome piece of mind as they will be alerted to possible signs of identity theft and fraud post-breach. Further the impact identity theft monitoring can have on a businesses’ relationships with its customers is invaluable. Providing these remedies and protections to consumers will help to mitigate their negative feelings towards a company and can be a large step in repairing the relationship damage incurred by a breach.

The bottom line is that companies need to be proactive when it comes to data breaches, and not allow themselves to be taken by the fatigue fallacy. Consumers care if their information is compromised and they will act on it, especially if the breach is not handled correctly. Companies need to make data breach preparedness and response a top priority for their business and work to ensure each and every employee understands howbreaches can occur, and what to do if onedoes indeed take place.

More information on data breach preparedness and resources can be found at the Experian Data Breach Resolution website and the Experian Data Breach Resolution blog.