David Gibson, Varonis’ VP of strategy, says that, whilst he welcomes news that 25 per cent of respondents said they were notified by letter of a data breach – up from 12 per cent seven years ago – this shows that consumers are still at the end of the food chain when it comes to being informed about their data.
“This really is an unsatisfactory state of affairs. If a company I had shopped with had suffered a data breach and lost my data, I’d really want to know what had happened – and what the firm was doing to protect my interests. Many of the 72 per cent of consumers who had been informed - but were dissatisfied – are almost certain to be shopping elsewhere in future,” he said.
“As well as telling us that consumers are being more informed about the need for data protection – and will vote with their feet if the company fails to meet its clear obligations in keeping customers informed – I would argue that firms need to do all in their power to prevent a breach from taking place in the first place, or lose their customers as a result,” he added.
The Varonis VP of strategy went on to say that it is interesting to note that the increase in advisory letters is probably due to the statutory requirements imposed on companies by 47 states in the US to notify when personal information has been lost or stolen.
As officials with Experian – the sponsor of this Ponemon report – state, it is important for companies to do everything possible to safeguard consumer data, it's just as important to communicate effectively in the event of a breach, he says.
I would argue, however, that since the consequences of a data breach are potentially so profound - and may involve the loss of a sizeable proportion of your customer base– that preventing a data breach from happening in the first place should take absolute priority, he adds.
Gibson explained that all organizations should regularly review the way they protect their customer data, especially as the amounts of unstructured data (80% in most organizations) continue to grow. Unstructured data is especially difficult to audit and track using conventional IT security systems.
“Only by reviewing their levels of protection can companies hope to understand the problems that unstructured data now poses them in these times of rising levels of governance and data protection requirements,” he said.
“This report – which serves to highlight the potential loss of customers that a data breach will result in – will hopefully act as a wake-up call to any company which has customer data. A data loss and regulatory fine is bad enough, but potentially losing a sizeable number of your existing customers as well shows that failing to protect customer data is a disaster just waiting to happen,” he added.
For more on Varonis Systems: www.varonis.com