Data Breach Response: Are UK Businesses Ready for Anything?

UK commerce and industry appear to have a misplaced confidence when it comes to readiness to tackle data breaches, it has emerged.

Our research shows nearly one in five businesses (17%) have been hit by at least one data breach within the past two years – leaving millions of consumers exposed to the risk of fraud and ID theft.

Around four out of five (79%) executives we interviewed believe their organisation is ready to respond to a data breach, while a similar number (81%) believe their business understands what needs to be done to safeguard their customers’ and business partners’ trust.

You may be interested in:

Payment Strategies Webinar

But the numbers speak for themselves, and their over-confidence flies in the face of the facts.

Our findings reveal
• More than one in three (34%) don’t even have a data breach response plan in place at all.
• Of those that do, only a quarter of the plans have specialist crisis communications (23%) or legal (27%) support lined up.
• More than a third (37%) hadn’t even considered the use of digital forensics.
• Only a third have specific budgets set aside to deal with data breaches – despite overwhelming (81%) concern at the financial impact of a breach.
• Nearly two out of five respondents (39%) have no reporting procedures in place for lost data or devices.
• Less than half (43%) have put data breach or cyber insurance policies in place.
• Although the level of readiness was notably higher among those organisations that have fallen foul of a breach in the past, more than half (57%) still went on to be hit again within two years.

Safeguarding your customers
As a matter of perspective, more than 110 million pieces of personally identifiable information were illegally traded on the dark web in 2014 alone.

And in all likelihood things will get worse before they get better, so the ever-increasing sophistication of cybercrime means the likely impact of a data breach on your customers has never been greater.

If you lose your customers’ data, they will take it personally and they are likely to pin the blame on you –  running the risk of you losing business and trust, leading to poor consumer confidence and a tainted reputation.

Pointing the finger of blame
As it stands, two out of five (40%) British adults have already been affected by a data breach and two thirds  (64%) are concerned about falling victim in the future.

But crucially, it’s clear we’re an unforgiving lot and less understanding or willing to see organisations affected by data breaches as ‘victims’.
Instead, public perception is that data breaches are a result of an organisation’s own failures – failures in procedures, security and data controls. It’s a sentiment our research clearly bears out.

Consumers take your cyber-security personally
• More than four out of five (84%) believe companies should be penalised for compromising their customers’ personal information.
• More than four out of five (83%) think companies should be subject to increased regulation to better protect customers.
• Four out of five (80%) say their level of trust would decrease if a company lost their personal data.
• Around two out of three (67%) would brief friends and family against the organisation.
• Around two out of three (63%) say they are likely to leave an organisation if a data breach occurred.

But many UK organisations fail to recognise the risks or take action
• Less than half of businesses we polled (47%) say they would notify customers ‘as quickly as possible’ following a data breach.
• Only around one in five (21%) would offer an identify protection service to help safeguard existing customers.
• And only one in 10 would offer a free credit monitoring service.

The heart of any plan must hinge on an unwavering focus that minimises the impact of any losses on their customers.

But it’s a reputational and financial win-win for those companies that do actively take steps to safeguard their customers. The investment will be worth every penny. To find out how, click here to read our paper Data Breach Readiness 2.0: The Customer First Data Breach Response.