informa
/
Risk
Quick Hits

Most Consumers Don't Understand Breach Notifications

Victims say breach notification letter didn't include enough detail, or they had trouble understanding it
Most consumers affected by data breaches are disappointed or confused about the notifications they get about the hacks, a new study finds.

More than 70 percent of people who had received breach notification letters said they weren't satisfied with the alerts and needed more information, according to a new report by The Ponemon Institute and Experian Data Breach Resolution.

Unclear breach notification appears to be a big issue: Sixty-seven percent of the 700 survey respondents said the notification didn't include enough detail, and 61 percent said they had trouble understanding it. More than 40 percent said their data was likely stolen, while 37 percent said they didn't know what the incident was about.

"While it's important for companies to do everything possible to safeguard consumer data, it's just as important to communicate effectively in the event of a breach," said Michael Bruemmer, vice president at Experian Data Breach Resolution. "Effective and appropriate communication to customers who have been impacted by a breach includes describing the type of data that was lost or taken, an estimate of probability that the data will be abused and the business recourse that the company will offer."

Then there's what to do in the aftermath. More than 60 percent of the victims said the breached organization should be forced to compensate them with cash or their products or services. Meanwhile, 58 percent said they should provide them with identity protection services, and 55 percent said they should offer credit-monitoring services.

"In the aftermath of a data breach, it is imperative to a company's reputation that it take the necessary steps to inform those affected by the incident in a timely and transparent fashion," said Larry Ponemon, chairman and founder of Ponemon Institute. "As shown in the findings of this consumer study, resources spent on personalizing the message, offering assistance to reduce the likelihood of identity theft and providing specific information about the nature of the incident help reassure victims that the organization truly has the customer's well-being in mind."

The full consumer breach notification study is available here for download.

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Recommended Reading:
Editors' Choice
Kirsten Powell, Senior Manager for Security & Risk Management at Adobe
Joshua Goldfarb, Director of Product Management at F5