The Aftermath of Data Breaches Reviewed

IRVINE, Calif., Jan. 25, 2012 /PRNewswire/ — Nearly everyday consumers willingly provide their personal information to organizations online with no hesitation, neglecting to realize how that information can be exposed due to employee negligence, insider maliciousness, system glitches or attacks by cyber criminals. With Data Privacy Day (Saturday, January 28) right around the corner, Experian Data Breach Resolution and the Ponemon Institute released today compelling survey findings from more than 500 IT professionals who have experienced a data breach at their company.

“The responsibility of keeping customers’ information secure cannot lie solely on the shoulders of IT; rather every executive in the organization should be aware since the reverberation of a breach will be felt by everyone,” said Ozzie Fonseca, senior director at Experian Data Breach Resolution. “Survey results show us that a data breach is often the result of human error or a crime– neither of which can be 100 percent prevented.  As such, companies must put measures in place – training, preparedness plans, guidelines, etc. — to help protect their customers’ information.”

The study yielded compelling insights, found below, into how a company assesses the cause, reacts to the breach and evaluates next steps.

  • Circumstances of a data breach – After the breach has occurred, there is an obvious immediate question – How did this happen?
    • Sixty percent of respondents say the customer data that was lost or stolen was not encrypted.
    • Examples of the types of data that companies lost included, but not limited to, email (70 percent), credit card or bank payment information (45 percent), and social security numbers (33 percent).
    •  If the organization was able to determine the cause of the breach, most often it was the negligent insider (34 percent); 19 percent say it was the outsourcing of data to a third party and 16 percent say a malicious insider was the main cause.
  • Responses to the data breach – After the breach occurred, as with any crisis, response time to all stakeholders is imperative.
    • Startlingly, only half (50 percent) of respondents felt that their organization made the best possible effort to protect customer and consumer information.
    • When it came to reducing the negative consequences of the data breach, retaining outside legal counsel (56 percent) and carefully assessing the harm to victims (50 percent) ranked the highest.
    • Despite the fact that many organizations lose the loyalty of their customers following a data breach, 64 percent of respondents say their company neglected to offer credit monitoring services and 73 percent say they don’t offer identity protection products or services such as credit monitoring and other identity theft protection measures, including fraud resolution, scans and alerts.

      For more information, visit

Leave a Reply