Experian releases Data Breach Readiness 2.0: The Customer First Data Breach Response, a whitepaper revealing the true picture of British organisations’ preparedness for the growing threat of data breach.
Drawing on insights from more than 400 senior business executives, the research reveals that:
• 34% do not have a data breach response plan in place at all
• Of those that do, a quarter of these plans do not include specialist crisis communications (23%) or legal support (27%)
• More than a third (37%) had not included or considered digital forensics
• Only one third have specific budgets set aside to deal with data breaches, in spite of 81% saying they are concerned about the financial impact of recovering from a breach
• 39% have no reporting procedures in place for lost data or devices (e.g. company laptops or phones)
• Less than half (43%) have data breach or cyber insurance policies in place.
While preparedness levels were seen to be notably higher amongst organisations that have been affected by a breach in the past, 57% go on to be affected again within just two years.
With unprecedented levels of personally identifiable information being illegally traded on the dark web, the ever increasing sophistication of cybercrime means the potential impact on consumers, if their information is compromised, has never been greater.
4 in 10 British adults have been affected by a data breach and two thirds (64%) are concerned about falling victim in the future. Most notably it is evidenced that consumers are less understanding, and less willing to see organisations affected by data breaches as ‘victims’. Rather, they increasingly believe that data breaches come as a result of the organisations’ own failures – failures in procedures, security and data controls.
The research findings clearly bear this out:
• 84% think companies should be penalised for compromising their customers' personal information
• 83% think companies should be subject to increased regulation to better protect customers
• 80% say their level of trust would decrease if a company lost their personal data
• 67% would advise friends and family against the organisation
• 63% say they are likely to leave an organisation if a data breach occurred.
It appears that UK organisations are failing to recognise and mitigate these risks. Less than half of organisations (47%) would notify customers ‘as quickly as possible’ following a data breach. Less than a quarter (21%) would offer an identity protection service to existing customers, and only one in 10 would offer a free credit monitoring service.
Amir Goshtai, Managing Director, Affinity Experian Consumer Services commented: “The prevalence and severity of data breach incidents will continue to accelerate, as will the volume of reported cases. When coupled with the potential for greater regulation, increased consumer awareness and widespread media coverage, it has never been more important for organisations to be well prepared. And at the heart of any plan needs to be an unwavering focus minimising the impact on their customers.
“Consider that 52% of all detected fraud in the last year is now as a result of identity theft together with the fact that already on a single day in February 2015, there was more personally identifiable information illegally traded on the dark web than in a three-month period during 2014. Businesses in the UK are facing an uphill battle to protect themselves and their customers.”