Data breaches affecting consumers are usually big news, but often the focus is on the short-term impact on privacy and immediate financial exposure of all involved. However, a recent study released by FireEye, Inc. found that security breaches also affect how consumers perceive and trust brands, and may have a longer term impact.
According to the study of 6,500 consumers worldwide across many demographics, two-thirds of respondents expect to be informed immediately if a data breach occurs, while not quite half – 46 per cent – report that they have a full awareness and understanding of the potential impact that a data breach can have. In addition, one-quarter of respondents believe their data would be less secure with an organization that has been breached compared to an alternative supplier, while 36 per cent say their perception of breached organizations has diminished, and a third now feel more negatively about organizations in general as a result.
FireEye SVP and CTO Grady Summers said the results confirmed what the company already knew: consumers trust brands less after a data breach. But more importantly, they are less likely to share information in the future, a stat that jumped out, he said, as so many companies rely on data for marketing and consumer targeting. “I think it might have longer term consequences than they realize.”
The study lays out what consumers say they would do in the event a brand they use regularly had a data breach, but it’s not certain they will necessarily follow through. Summers said it’s unlikely that a consumer will drive 15 minutes further rather than shop where it’s most convenient.
Consumers do have high expectations around data breach notification, the study found, as 90 per cent expected to be informed within 24 hours, which Summers noted isn’t all that reasonable, given how complex these breaches are and what goes on behind the scenes.
What struck Summers as interesting what that just over half consumers cite security as being important when making purchasing decision, so investing in security is more than downside mitigation for companies, but also a way to improve how their brand is perceived in the eyes of consumers, some of whom may be will to pay a little more for peace of mind.
He said the survey results are leverage for IT organizations making the arguments for investment in security technology and staff. “Hopefully it will help security organizations to take it beyond an IT discussion and bring it to the board level.”