Do you know what your customers are thinking? When it comes to data breach response, there could be a chance you are not on the same page

Any company, small or large, depends on its customers for business – and therefore success. They’re the lifeblood. And yet, our research has revealed that in the event of a crisis, specifically a data breach, businesses can become introspective and (unintentionally) put their interests ahead of their customers.

Our findings (from our ComRes survey of businesses of all sizes in the UK) have revealed a paradigm when it comes to data breach response plans: having one in place doesn’t mean customers are safeguarded. What’s more, the way in which organisations are prioritising their customers following a breach is completely at odds with customer expectations.

video-jimHere are just some examples of where customers’ expectations and business are misaligned in the event of a breach:

  • 52% customers surveyed say they expect to be contacted in under 12 hours
  • 20% businesses would contact customers in under 12 hours
  • 44% customers would request financial compensation
  • 17% businesses would offer compensation

On a practical level, our research has shown huge differences in customer perceptions and business behaviours. The pertinent question here is: why? Putting a plan in place is essential, but ensuring it has all the relevant components is critical. Ultimately, if the detail is in the plan the organisation will have the ability to react and stand some chance of reducing the impact on its critical services, whilst prioritising its customers.

However, our research has also unearthed some stark statistics that show that ‘customer first’ needs to be more than just a mantra for businesses. 69% of customers questioned say they would be discouraged from using an organisation’s services if their personal details had been stolen, while 48% would stop using the company altogether. The question is: can businesses afford to lose a huge proportion of their customer base instantaneously?

Through years of experience, we believe that a huge amount of importance needs to be placed on how the customer is treated in the event of a data breach. And the key to handling this is in the preparation detail. If businesses engage more in ‘what if’ scenarios, customers can be better protected and reassured.

Here are some poignant questions businesses should ask themselves:

  • Do you have up-to-date emails, phone numbers and addresses for your customers?
  • Do you know how to craft a notification letter and what to include in it, in the event of a breach?
  • Can you then translate this letter into different languages?
  • And can you manage to reach a large number of people quickly – and convey a clear and concise message?

If the answer is no to any of the above, the key question to consider are you putting your customers – and therefore your business at risk. Our research has revealed being kept in the loop is a top priority for customers. Organisations must consider the potential reputational damage they could suffer if they don’t put their customers first in the event of a data breach.

Find out more about how Experian help organisations put readiness plans in place so they can know, prepare and recover with confidence in the event of a data breach.

Read our whitepaper: Readiness vs The Reality



ComRes interviewed 200 Business IT decision-makers in Great Britain (Online) between 9th – 16th January 2017. Respondents were surveyed across a variety of sectors and business sizes, ensuring good representation from all business types. All were screened to ensure they were involved in or aware of data breach management at their organisation, and all organisations had to be responsible for at least 100 Personally Identifiable Information (PII) records. Given the subject of the survey, respondents in the IT and Financial sectors are over-represented. ComRes also conducted similar research in 2016 with SMEs.


ComRes interviewed 2,001 British adults online between 13th and 15th January 2017. Data was weighted by age, gender, region and social grade to be representative of all British adults aged 18+. ComRes also conducted similar research among British adults in 2016 and 2015. ComRes is a member of the British Polling Council and abides by its rules. Data tables are available on the ComRes website, Unless otherwise stated, all statistical references within this paper relate to ComRes research. To review the tables and full set of research visit: