- Consumers expect a faster response from their bank after a data breach than other companies, according to a survey of more than 1,000 U.S. adults conducted by KRC Research in concert with credit reporting firm Experian.
- Two-thirds of people surveyed would stop doing business with a company that had a slow or ineffective response to a data breach and would switch to a competitor. And 45% said they would tell their family and friends to stop doing business with the company.
- Nine in 10 survey respondents said they would be more forgiving of a company that had a proactive post-breach communication plan in place before an event that puts data at risk. The majority — 57% — said they'd be only somewhat forgiving. Seniors disproportionately make up the segment that said they’d be much more willing to forgive a breach given proper communication, the survey found.
The survey suggests financial services companies have more to lose — both in reputation and customer base — than do other businesses.
More than 80% of respondents said they expected to be notified within 24 hours if the breached company is a bank, according to the survey. That compares with 75% for a government agency, 73% for a health care organization and 61% for a retailer.
More than 70% of respondents said they'd prefer to hear quickly and directly from the affected company rather than hear about a breach on the news. Nearly the same percentage said they’d accept free identity theft protection and credit monitoring services from a company in the wake of a breach.
Experian's competitor, Equifax, suffered a breach in 2017, in which the personal data of more than 140 million consumers was exposed. Equifax knew of the breach more than a month before customers were informed.
Differences in notification urgency speaks to the sensitivity of data. Breached email addresses are far less sensitive than banking information or social security numbers.
The type of data breached does not determine how stiff privacy penalties are from regulators, but the type of data misuse — negligent or intentional — can impact a company's reputation.