With most media attention focused on reputational damages and financial costs to businesses affected by breaches, the act of mitigating consumer impacts is often overlooked or underestimated. Yet, a tactful, proactive response deserves as much (if not more) attention and can prove beneficial to all parties.
Data breaches that make the news often involve large companies or organisations falling prey to ransomware criminals — or whose many customers may now be subject to the ugly ramifications of identity theft. These high-profile breaches tend to feature the most dramatic consequences for all parties concerned. But, other breach stories contain a different narrative that’s more positive and empowering.
By unpacking five issues often dominating the headlines and digging a little deeper into the subject matter, essential insights and practical steps emerge to help businesses and consumers defend against the worst impacts of data breaches and identity theft.
1. The Information Commissioner’s Office (ICO) can fine companies for insufficiently protecting against data breach damages. Current legislation allows the regulator to impose fines of up to £17 million. But fines aren’t the worst fallout of breached customers for a business or organisation. The loss of consumer trust can be equally damaging and cost more to repair. Data breaches create a real risk of identity fraud, and as consumers become increasingly aware of the dangers, their expectations of businesses to protect them become greater. When a breach breaks trust, customers can lose confidence, switch loyalty and become highly vocal and possibly hostile.
2. The largest ICO fines often make the biggest headlines because they reflect the scale of perceived negligence. But financial penalties aren’t the preferred mode of regulation. The ICO is committed to advising organisations on legal compliance. It actually goes to great lengths to publicise the many actions companies can take to help prevent the possibility of a breach, as well as how to best handle a situation where personal identity data has been compromised.
3. Businesses are legally obligated to inform customers without delay when their identity data has been breached. Neglect of this responsibility is often cited as a major contributing factor in the imposition of fines or penalties. It’s interesting to note fines for a data breach are not fixed or inflexible. The ICO may reduce penalties if a business responds swiftly and eagerly supports its customers. In fact, in 2020, the ICO reduced a British Airways fine of £163 million to £20 million citing the support the airline put in place to help reduce financial losses and emotional distress of those affected. (One action taken was offering a free credit monitoring service.)
4. In the three months leading up to 31 March 2022, the ICO had 2,172 data breach reports. Although not all cybersecurity related (just over 20% were), the recent dramatic rise in IoT devices increases the risk of cyberattacks on consumers. As cybercriminals continually evolve their techniques and focus on easy targets, IoT-based cyberattacks have already reshaped the vulnerability landscape.
5. Even with the best security in the world, no business or organisation is invulnerable to the costly fallout resulting from a determined cyberattack aiming to compromise customer data. But equally, no business or consumer is entirely vulnerable. Steps can be taken and defences deployed. Any company can offer TransUnion credit monitoring services to alert customers and help mitigate identity theft and its impacts.
Contact TransUnion to learn more about how you can defend your business and customers against the consequences of a data breach.