Thursday, January 12, 2006
Communication key during security breach management
By Jaikumar Vijayan at ComputerWorld
Effective communication can help companies limit the damage to their reputations and the loss of business that can result from security breaches in which customers' personal data is exposed.
That was one of the findings from an e-mail survey of more than 1,100 individuals who identified themselves as being victims of security breaches. The survey was conducted during the summer by the Tucson, Ariz.-based Ponemon Institute, and the results were released last week.
Nearly 20% of the respondents said they had terminated their relationships with the companies that lost their data, while another 40% said they might do so, according to Larry Ponemon, the institute's founder. But the fact that almost 12% of the respondents said that their confidence in the companies had actually increased after they were notified of security breaches points to the value of good communication, he added.
Trust Better
Survey respondents who said a security breach had decreased their trust and confidence in the affected organization.
Base: 1,109 U.S. residents
Companies that are straightforward in disclosing what they know about breaches are likely to see far fewer customer defections than businesses that are evasive about the details, Ponemon said.
The form that the notification takes also appears to influence customers. For instance, standard form letters and e-mail messages are viewed far more skeptically than personalized letters and phone calls, Ponemon said.
David Bender, co-chairman of the privacy practice at New York-based law firm White & Case LLC, the sponsor of the survey, said that although it's reasonable to expect some customers to give up on a company after it suffers a well-publicized breach, the percentages in the survey were a surprise to him.
"No one expects the consequences will be good," Bender said. But, he added, it is unclear "just how serious the ramifications can be."
The extent of the fallout also depends on the type of organization that loses the data, said Christopher Pierson, a lawyer at Lewis & Roca LLC in Phoenix. Bank customers, for example, can take their business elsewhere. But the same isn't always true for, say, college students or patients of health care providers, he said.
Effective communication can help companies limit the damage to their reputations and the loss of business that can result from security breaches in which customers' personal data is exposed.
That was one of the findings from an e-mail survey of more than 1,100 individuals who identified themselves as being victims of security breaches. The survey was conducted during the summer by the Tucson, Ariz.-based Ponemon Institute, and the results were released last week.
Nearly 20% of the respondents said they had terminated their relationships with the companies that lost their data, while another 40% said they might do so, according to Larry Ponemon, the institute's founder. But the fact that almost 12% of the respondents said that their confidence in the companies had actually increased after they were notified of security breaches points to the value of good communication, he added.
Trust Better
Survey respondents who said a security breach had decreased their trust and confidence in the affected organization.
Base: 1,109 U.S. residents
Companies that are straightforward in disclosing what they know about breaches are likely to see far fewer customer defections than businesses that are evasive about the details, Ponemon said.
The form that the notification takes also appears to influence customers. For instance, standard form letters and e-mail messages are viewed far more skeptically than personalized letters and phone calls, Ponemon said.
David Bender, co-chairman of the privacy practice at New York-based law firm White & Case LLC, the sponsor of the survey, said that although it's reasonable to expect some customers to give up on a company after it suffers a well-publicized breach, the percentages in the survey were a surprise to him.
"No one expects the consequences will be good," Bender said. But, he added, it is unclear "just how serious the ramifications can be."
The extent of the fallout also depends on the type of organization that loses the data, said Christopher Pierson, a lawyer at Lewis & Roca LLC in Phoenix. Bank customers, for example, can take their business elsewhere. But the same isn't always true for, say, college students or patients of health care providers, he said.
# posted by raveneye @ 11:09 PM 
