Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Wednesday, October 01, 2008

How to Minimize the Impact of a Data Breach

Thirty-one percent of customers—-nearly one-third of a company’s client base and revenue source—-are terminating their relationship with organizations following a data breach, according to a recent study by the Ponemon Institute.  When it comes to a data breach, companies are making some major mistakes and as a result, customers are beating the street—-potentially paving a pathway for your fiercest competitor.  The good news is you can prevent it and avoid the costly impact of a breach: first, by putting a proactive plan in place and second, by adopting tactics that maximize retention.  Last year alone saw the exposure of nearly 128 million personal records.

With the Computer Security Institute reporting that 46 percent of computer security professionals have had security incidents in the past year, 26 percent of which have had more than 10, you begin to see the magnitude of the problem.

Sixty-five percent of this cost is the direct result of lost business, including customer termination—-a rate that is increasing by 30 percent a year.

All this amounts to an unpleasant picture, one where current practices in breach response are falling short in keeping your customers, and therefore revenue, within your company.

Legal obligation vs. Customer satisfaction Recent research by the Ponemon Institute, the Consumers’ Report Card on Data Breach Notification, has provided some of the most useful information to date to help organizations determine the most effective techniques to minimize the impact of a breach and to retain customers.  Large delays in notification signal to your customers that you are hiding something and/or they are not important to you, despite some realities that it takes time to assess the impact of a breach.  Although it may not be possible to notify customers within a week, or even several weeks following a breach, your goal should be to notify them as soon as possible, with what reasonable information you can divulge at that time.

Do they have to close their credit card accounts?  Many respondents in the Ponemon study found communications to be unbelievable or misleading, failing to reduce their fears about potential harms they faced because of a breach.  Although you are the barer of bad news, you also have the opportunity to be the barer of solutions.  Lay out for your customers the “next steps” they can or need to take after they are notified.  Include information, phone numbers and Web sites on freezing credit files, getting free credit reports and other tips customers might want to know and follow.

At little or no cost to your organization, acting as an educator will not only help your customers recover from the incident, but maintain your organization as a trusted source.

Offering identity protection services has proven to have a positive effect on customer retention, and in many cases, offering such services is more affordable than new customer acquisition strategies.  Individuals who receive free or subsidized services, such as credit monitoring, identity theft insurance or identity recovery services, feel less concerned and worried about the breach after it happens.

Posted on 10/01