Confidence plummets, both internally and externally, for breached companies
The survey demonstrated that consumers hold the company directly responsible for the protection of sensitive data, and nearly half say such data breaches should be regarded as “criminally negligent” behaviour on the part of the company breached. More than half of consumers polled would specifically choose not to do business with a company or organisation that has leaked personal data, such as home address and credit card details.
“There probably isn't a single straw that broke the camel's back — it's just the sheer volume of stories about data breaches, many at companies that have developed a customer-friendly brand,” Eric Chiu, president at HyTrust, remarked about the findings. “What this poll shows is that companies are finally, and inevitably, being held to account for their security vulnerabilities. Consumers have options, and when there are endless stories about the loss of confidential information, they're going to other vendors. Every security breach clearly has a direct impact on operations, but there's now clear evidence that there's extensive brand damage as well, and the executives involved will have to pay the price.”
Meanwhile, a study published this week by Experian Data Breach Resolution and the Ponemon Institute, gave light to company executives' perspective on the matter. Spurred on by constant headlines shaming breached organisations, its not surprising that companies fully embrace the crucial need for data breach preparedness, and accordingly, three quarters of organisations report a data breach response plan in place and nearly half have increased their investment in security technology this year.
Despite these efforts, and perhaps due to the fact that almost half of all ogranisations surveyed have suffered at least one security incident this year, confidence remains low in the effectiveness of such plans, and senior executives still feel unprepared in the face of a major breach or cyberattacks.
"While more organisations have data breach preparedness on their radar and have developed a response plan, a majority of companies are not putting the support and resources behind having it truly be effective," said Michael Bruemmer, vice president at Experian Data Breach Resolution. "A checklist response plan alone doesn't mean you're prepared. There should be an incident response team in place that practices the plan and ongoing investment from the C-suite to ensure technologies are up-to-date, external breach experts are secured, and selection of an identity protection product for affected customers is determined prior to an incident to ensure a quick and smooth response."