Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Caute_cautim
Community Champion
‎03-22-2023 08:33 PM
‎03-22-2023 08:33 PM

IAPP report states 80% of impacts customers would not do business with organisation

Hi All

 

Very interesting report, "More than 80% of impacted consumers said they are likely to stop doing business with a company after it is the victim of a cyberattack"

The IAPP first-ever Privacy and Consumer Trust report surveyed 4,750 consumers from 19 countries (including Australia but not NZ) and is well worth reading.

 

https://lnkd.in/dnz7x-nW

 

Regards

 

Caute_Cautim

Reply
0 Kudos
3 Replies
denbesten
Community Champion
‎03-23-2023 09:16 AM
‎03-23-2023 09:16 AM

I suspect that has to do with how the incident response is handled. 

 

The typical cyberattack response seems to be "oops, change your password and here are a few years of credit monitoring, on us".   From the customer perspective a detective control was added but nothing to actually mitigate nor repair the damage. In short, they frame the event as them being the victim of the attack instead of their customers being the victim of the data disclosure.

 

Contrast this with how Tylenol handled their 1982 crisis.  After a few of their capsules were discovered to contain a poison, their response was to very publicly protect their customers, advertising "don't consume our product" and voluntarily recalling their entire product line.  Recovery was similarly publicly obvious - redesigning their product (capsules became caplets) and introducing the concept of tamper evident packaging to the world.  Both being a defense that "makes sense" to protect against an adversary-in-the-middle again tampering with the product.

Reply
Steve-Wilme
Advocate II
‎03-24-2023 10:52 AM
‎03-24-2023 10:52 AM

Unlike Talk Talk in the UK, who handled their breach like this:

https://ico.org.uk/about-the-ico/media-centre/talktalk-cyber-attack-how-the-ico-investigation-unfold...

 

-----------------------------------------------------------
Steve Wilme CISSP-ISSAP, ISSMP MCIIS
Reply
0 Kudos
JoePete
Advocate I
‎03-25-2023 08:21 AM
‎03-25-2023 08:21 AM

@denbesten wrote:

In short, they frame the event as them being the victim of the attack instead of their customers being the victim of the data disclosure. Contrast this with how Tylenol handled their 1982 crisis.  

Great observation and reference. A good milestone case regarding customer data was back in 2004 when a former AOL employee stole and sold the database to a spammer. The crime the individual was charged with basically amounted to theft of corporate data. The problem wasn't that 30 million people had now been subjected to the annoyances of spam; It was that AOL didn't get paid for it. AOL already traded and sold its customer database at will. It was essentially a marketing company that also sold online access.

 

While we have progressed in the US from that time (mostly due to state laws), fundamentally, we still do not own our own data. 

Reply
0 Kudos