We regret to inform you that we will no longer be publishing Information Management. It has been an honor to provide you with the insights and connections to move your career forward. We wish you continued success on your professional journey and welcome you to explore our other titles at www.arizent.com/brands.

Prompt notification would ease pain of data breaches, survey reveals

Consumers may be willing to forgive a company that’s suffered a data breach, but only if they receive timely notification about the breach, according to a recent survey by Experian.

The credit bureau said that 93% of consumers responding to its survey expected to hear from a bank within three days of a data breach occurring, and the vast majority (83%) expected to hear from a financial institution within 24 hours.

When asked how they would respond to slow or ineffective communication following a data breach, 66% said they would stop doing business with the company and 45% said they would tell their friends and family to do the same.

Ninety percent of the survey respondents said they would be at least somewhat more forgiving of a company if they knew it had a prior plan in place for communicating following a data breach.

Experian hired the consulting firm KRC Research to conduct the survey. It was fielded online in July this year with a little more than 1,000 U.S. adults responding.

Capital One recently suffered a data breach that compromised the data of roughly 100 million people — including as many as 140,000 consumers’ Social Security numbers and 80,000 linked bank accounts. In 2017, the credit bureau Equifax was hit with a data breach that exposed around 147 consumers’ personal information. Target, Home Depot, TJ Maxx and other retailers have also suffered high-profile data breaches in recent years.

Experian’s findings, issued this week, also suggest that financial services companies may take a greater blow to their reputation if they bungle the response to a major data breach.

Survey respondents consistently held financial services companies to a higher standard than they did health care organizations, government agencies or retailers. Three-quarters of respondents said they expected a government agency to notify them within 24 hours of a breach, 73% said as much for health care organizations, and just 61% held retailers to that standard — all lower than the 83% who expected banks to do so.

For reprint and licensing requests for this article, click here.