What Businesses Can Do About Data Breach Fatigue to Protect Consumers

Technology and the internet have become vital parts of our daily lives. This new industrial revolution has led to mass adoption on a global scale, but unfortunately, it has also led to an increase in cyber crime.

Cyber criminals are using the internet to steal people’s identities and other intellectual property. The number of data breaches continue to reach record levels, and there are no signs of it slowing down. In fact, it’s happening so often that both companies and consumers are starting to grow numb to the threat of losing their data.

According to a joint research from Iowa State University and the University of Texas San Antonio, this is a phenomenon that’s referred to as data breach fatigue.Because it’s become such a common occurrence, consumers are starting to feel indifferent about cyber crime. Even if it means their own data is at stake.

People are realizing, unfortunately, that data theft is inevitable. That if their information is already in the hands of hackers, there’s no point in putting in extra effort to protect themselves. For businesses, this may seem like a good thing because it could potentially minimize the pain for consumers when they get informed that their data was lost. If they view breaches as a “normal thing”, then they shouldn’t be upset… right?

Well, not exactly.

The thing is, because data breaches have become so routine, businesses have gotten complacent with their notification processes. When a breach happens (and they happen often), some companies have taken a lackluster approach when informing customers. While some people can easily shrug their shoulders about an incident report and move on, there are many others who will respond with anger depending on how the incident was handled.

If done poorly, an incident response can cause a negative chain reaction. Because of data breach fatigue, people won’t be pointing their fingers at the criminals anymore. Instead, they’ll be pointing their fingers at the company that got breached. Thankfully, there’s a way to make sure that when an incident does occur, the focus stays on the breach itself. As a business, the last thing you want is backlash for the way your incident response was handled. That can lead to some nasty PR that can spread like wildfire.

No matter what industry you’re in, the size of your company, or how long you’ve been in business, an incident response to customers should consist of three things. Keep these in mind in order to avoid a chain reaction of negative attention when faced with a breach — and often times that is what occurs.

Step 1: Immediately Notify Your Customers

If you get breached, never hide it from your customers. You have to acknowledge that something bad has happened because if the situation ever gets worse, they’ll eventually find out themselves.

Perception is reality. So unless you want to make your business look bad, customers should never be the first to recognize that their data has been compromised. More importantly, they should never have to assume anything about the “who, what, when, where, and why” of a breach.

Always disclose what has happened, and do so in a timely manner. If you wait too long to notify your customers, you run the risk of getting charged for negligence. The more information you do have to share with customers, the more likely they are to see that your business is taking the appropriate measures to handle the situation.

Step 2: Apologize for the Impact It Might Have Caused

Public opinion on breaches have evolved. It can be incredibly difficult to invoke sympathy from your customers. Instead, you very likely might experience frustration, anger, or annoyance.

Although it wasn’t necessarily your fault for the data breach, you should always apologize to your customers anyway. It shows them that you are fully aware of the situation and how it might have affected your customers. This also helps them to feel acknowledged and that they are being heard. Customers often have choices about where they do their business, and with whom, and you want to maintain the best relationship possible with customers; think long term here.

Step 3: Prevent the Story from Changing Over Time

To put it simply, resolve the situation as soon as possible whenever faced with a breach. That way, you can communicate to your customers that something bad has happened and that it was taken care of right away. Notice the words “taken care of”. Past tense. If possible, you’ll want to resolve an incident by the time you disclose it to your customers. At the very least, you want to be able to communicate that it’s being handled accordingly.

The last thing your customers want to see is a follow-up email that goes something like… “Hey remember that data breach we emailed you about the other day? Well, it’s taking our tech team some time to fix the problem. We’ll update you again as soon as we figure everything out.”

Step 4: Take Serious Measures To Prevent Further Breaches

Determining the cause of the breach can be a monumental undertaking, but a necessary step towards improving.  Ensure all of your systems, both physical and software based, are completely secure and up to date at all times.  An aspect of data breaches most people never consider is obsolete hardware.  An old hard drive floating around could house logins and information from critical systems, so it is imperative that those devices be recycled properly and their data 100% destroyed.  

Things To Keep In Mind

Take care of any data breach as soon as you can, communicate with your customers about it, and do not hesitate to apologize. Even if something wasn’t your fault, a situation will always flow more smoothly if you are able to take ownership. This enables the customer to feel like their needs are being attended to, and can help to diminish feelings of anger and possibly blaming. The more calm you stay in handling the situation (and by actually addressing it, too), the more calm the outcome will be when dealing with valued customers. Don’t forget, the way a data breach is handled can determine how future business for your company plays out. You have the means to be able to dictate how the situation goes for your business, so make good use of that!