With the right response, consumer trust in an organization can be maintained following a data breach.Getty Images
It’s a fact of modern life: Data breaches happen. How businesses respond to a breach is what matters to consumers.
That’s a key finding of the new Canadian Breach Response Report by TELUS, in partnership with global market intelligence firm, IDC. The study reveals Canadian consumers understand that data breaches are a part of life, with more than three-quarters of respondents saying their trust would not be irreparably damaged by an incident. In fact, 77 per cent have accepted the fact that security breaches will happen, and that they can be managed. Organizations have an opportunity to build trust through transparent data practices and meaningful responses.
“For organizations, being open and transparent about a breach can be a way to mitigate damage, win back customers’ trust and, I would argue, even grow it,” says Leigh Tynan, director, TELUS Online Security. “While a breach is unfortunate, 60 per cent of the consumers we surveyed agreed that the maintenance of their trust in an organization is conditional upon the way it manages a security incident. This points to an opportunity for businesses to strengthen their relationships with customers and grow loyalty based on how they respond to a breach.”
An initial cyberattack is often about collecting data. What many people don’t realize is the criminals who initially steal the data are not always the same ones who use it for fraud purposes, meaning there may be some lag time between a breach and subsequent identity theft. By notifying customers of a breach, organizations can help them take action and regain control of their information before it’s used against them.
Notification in a timely, transparent manner is the first step toward consumer remediation, or the corrective actions taken by an organization following a data breach. “For consumers, being notified about a breach is important as it enables them to take the steps needed to safeguard themselves against threats such as identity theft,” says Tynan. “It’s about education, not fear, and the more a business or individual can arm themselves with the right information, the more they’ll know what to do if it happens to them.”
Many organizations are still not prepared to properly respond to a cyberattack. According to the TELUS report, among the Canadian businesses that have suffered a data breach, 16 per cent do not have an incident response plan in place. That figure jumps to 34 per cent among businesses that have not yet experienced a breach.
Similar to a fire drill, response plans should be prepared in advance, regularly updated, and practiced to ensure everyone knows their roles and the order in which tasks should be executed. Implementing response plans can also help foster a security-conscious culture in the workplace – one drill at a time.
“You can have a plan, but if that plan sits in a binder, you are not ready,” explains Tynan. “When a breach occurs, emotions like stress, anxiety and fear come into play.”
Beyond having an internal response plan in place, organizations must be prepared to help employees and customers through the after-effects of an attack, including remediation. The survey found more organizations have an internal communications plan than an external one (71 per cent versus 52 per cent), and only 44 per cent have a media management plan.
Fewer than one in three organizations (31 per cent) include employee remediation in their incident response plan, while only 37 per cent include customer remediation – a troubling statistic as most consumers expect organizations to minimize the adverse impacts of a data breach.
When consumers were asked which remediation features are most important to them, the three top responses were reimbursement coverage for identity theft (64 per cent), bank and credit card activity alerts (63 per cent), and restoration support (53 per cent).
“Consumer remediation should go beyond credit monitoring because that is just not enough anymore,” says Tynan.
Offering remediation services may also be great for future business, as 40 per cent of survey respondents said their perception of the company improved, and 24 per cent increased their usage of the company’s products, after being offered remediation services. In addition, 79 per cent of consumers said they expect this kind of support if an organization experiences a breach that leads to their data being stolen.
“We’re encouraging organizations to act swiftly and transparently to support their customers and employees following a data breach,” says Tynan. “Staying silent is no longer an option.”
To learn more about remediation services and to download the Canadian Breach Response Report by TELUS, visit telus.com/Guardian.
Advertising feature produced by Globe Content Studio with TELUS. The Globe’s editorial department was not involved.