Data Breaches Damage Confidence, Impacting Business

MBA (6/26/2008 ) Palaparty, Vijay
Data breaches significantly damage consumer confidence and negatively impact business relationships, according to a study from Javelin Strategy & Research, Pleasanton, Calif.
More than 50 percent of breach victims reported diminished trust with the breached organization’s ability to protect their information, while 30 percent of victims said they would never do business with the breached organization again.

“With consumers revealing tarnished confidence and impacted relationships with breached organizations, organizations have more to worry about than patching security holes with IT investments and upgrades,” said James Van Dyke, president of Javelin and author of the report, Consumer Survey on Data Breach Notification. “Data loss incidents severely hamper consumer trust, resulting in serious implications for customer loyalty and reputation.”

Nearly 40 percent of victims said that although they continue to maintain a relationship with the organization, they use its services less. Furthermore, 29 percent said they would not maintain any kind of relationship with the organization in the future.

More than half of consumers who experienced security breach expressed diminished confidence in the breached organization’s ability to protect and manage their personal data. When consumer confidence is shaken, it weakens relationships with the affected organization, the report said.

The report said effective measures that organizations should take include contacting the consumer, creating an audit trail that law enforcement could use, preserving the consumer’s privacy and proving to the consumer that it works. Fifty-six percent of data breach victims desired a solution that prevents fraud instead of detection or resolution-oriented measures.

“Providing a fraud protection solution makes a tremendous difference in customer approval of the breached organization’s management and handling of the incident,” Van Dyke said. “Fifty-five percent of breach victims that were offered a fraud protection solution were more satisfied with the organization’s handling of the incident, compared to those consumers who were not offered anything.”

The report said that fraud prevention's purpose is to avert new account fraud before it occurs—a preventative measure that avoids losses to both organizations and consumers.

"With the exposure of highly sensitive information such as Social Security numbers, breached organizations are expected to go beyond basic notification protocols and demonstrate proof of steps being taken to ameliorate the situation," Van Dyke said.

Javelin recommended that companies research different fraud prevention services and to understand how they play a role in prevention, detection and resolution. It also suggested engaging in a method that would be convenient for the breach victim—in terms of enrollment and use—and to understand the impact of preventing new account fraud.

“Understand that offering a breach solution is a best practice from a customer service standpoint; in other words, do not create a situation in which your customers and/or employees have to request fraud protection assistance,” Van Dyke said. “Take a proactive approach by offering the assistance up front.”