News Stay informed about the latest enterprise technology news and product updates.

Data breach dangers loom, companies remain unprepared

A recent study finds marketers are aware that data breaches can harm their brand, but few have a plan of action in place. Companies need to be direct in dealing with the problem.

Personal data protection has become a major concern in recent years as high-profile data breaches, coupled with...

a rise in identity theft, have left consumers nervous about who is handling their information.

The names alone should keep anyone worried about their corporate brand up at night -- ChoicePoint, LexisNexis, Marriott, Bank of America, the U.S. Department of Veterans Affairs -- all have found themselves in the headlines when customer data they were responsible for went missing. It is becoming apparent that data breaches are not just a problem for IT and customer service but should be a major concern for marketers as well.

Yet while marketers see information security as an important marketing and business concern, few are taking steps to prepare for it, according to a recent survey from the CMO Council, a private, nonprofit research firm.

"Obviously, marketers and business people are concerned about security," said Scott Van Camp, editorial director with the Palo Alto, Calif.-based organization. "We feel perhaps they could do a lot more to prepare. There's a disconnect there."

For more on data breaches
Learn why over 88 million Americans have been affected by data theft

Get expert advice about data governance tools

For example, 76% of marketing executives surveyed believe security breaches negatively impact company branding. Yet 60% said that security has not become a significant theme in their company's messaging and marketing communications and only 29% said their company has a crisis containment plan for security breaches and failures. Another 27% don't even know if such a plan exists.

The CMO Council research, sponsored by Symantec and Factiva, surveyed more than 2,000 consumers and conducted in-depth interviews with 25 leading marketing executives.

According to the Federal Trade Commission, more than 52 million account records were placed in jeopardy last year because of security breaches, leading to 9 million Americans becoming the victims of identity theft, with losses adding up to $54 billion. There have been an additional 30 million cases of compromised data in 2006.

However, many marketers remain unconvinced that a data breach significantly affects the bottom line.

"In about a third of our interviews, at some point marketers said, 'I have no evidence that these breaches erode brand trust,'" Van Camp said. "A couple said point blank, 'I don't think I'll lose that many customers.'"

Research is emerging, however, to show that a data breach can be quite costly indeed. A privacy study by the Tucson, Ariz.-based Ponemon Institute found that costs for a single data breach can range from $5 million to $50 million and average $140 per lost customer record.

Security breaches can also directly affect stock performance, according to researchers at Emory University's Zymand School of Brand Science. They found that a company loses, on average, 0.63% to 2.1% value in stock price when a data breach is reported.

The CMO Council survey also found that consumers are worried and agitated. Of the 2,000 consumers surveyed, 65% said they have experienced some kind of computer security problem, and more than half would either strongly consider taking or definitely take their business elsewhere if their personal information were compromised.

The study recommends three actions for companies to take to protect and promote brand trust.

"First and foremost, they need to begin establishing good strong policies for customer data right from the outset," Van Camp said. "They need to start with what they do with security inside the company -- opt-in programs and strong policies internally."

Companies should also have a containment plan in place that deals not only with actions but with marketing response in the event of a breach.

"Being up front is probably the No. 1 thing a company could do," Van Camp said. "A quick measured response and then a plan of restitution."

Finally, companies should be prepared to offer some sort of restitution or monitoring, be it a dedicated Web site or an offer of free credit monitoring.

This article originally appeared on

Dig Deeper on Data governance strategy

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.