Businesses are increasing their outreach with customers and driving their engagement across websites and mobile apps. In order for this engagement to occur, however, these businesses need to access and actively utilize customer data. But as the saying goes, “With great power comes great responsibility.” 

In exchange for providing their data, customers often blindly enter into a “contract” with these organizations. In so doing, they trust (maybe naively) that these organizations will keep their data confidential while safeguarding it from threat actors seeking to exploit it for their own benefit. 

What is alarming is the sheer number of cyberattacks that have occurred over the past two years as more businesses underwent digital transformations. While this innovation was important for customer engagement and continued growth, it has increased businesses’ attack surfaces, placing them, and their customers, at greater risk. In 2021 alone, there was a 50% increase in cyberattacks, for instance, and we will probably witness even more in 2022. 

But what are businesses doing when a breach occurs? 

Organizations seem content to share a carefully-worded statement that acknowledges the breaches, state that impacted individuals will be contacted and an investigation will be launched to ensure it doesn’t happen again. In some instances, organizations will also foot the bill for a period of time on identity theft protections for affected consumers. During T-Mobile’s 2021 data breach, for instance, they outlined what data was affected in the breach and noted resources that would be available to its customers. 

While these actions may be customer-oriented on the surface, the devil is in the details. ThreatX determined in a recent study that only 38% of consumers actually read the statement from the brand and only 25% of consumers would spend the time reaching out to the organization to learn more. This means that for many consumers, they may not be aware of the fact that their data is at risk. More importantly, this tells us that the status quo of issuing a brand statement and consumer hotline aren’t enough. Organizations need to do more in the event of a data breach, even if it is uncomfortable for them to do so. 

As an industry, we need to do better to communicate with our most important stakeholder groups: our consumers that trust us with our data. Organizations should look to over communicate in the event of a breach or find more creative ways to relay this information. This will help to rebuild confidence and show that they aren’t passively standing by. For organizations, this could be a major differentiator for them in the market.