Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
Security Leadership and ManagementCybersecurity News

Dispelling the Dangerous Myth of Data Breach Fatigue

By Michael Bruemmer
Dispelling the Dangerous Myth of Data Breach Fatigue; cyber security news
April 1, 2016

In the past year, we saw a record number of data breaches – 781 in total that left 169,068,506 people exposed, according to a recent report by the Identity Theft Resource Center. This increased exposure to the risk and occurrence of breaches has created the well-known and often accepted concept of consumer “data breach fatigue” – a notion that I now believe to largely be a myth that can be damaging to companies when managing a security incident.

The thinking behind data breach fatigue is that the more consumers are confronted with security incidents – whether indirectly through news stories or directly through data breach notification letters – the less likely they are to proactively protect themselves or take action against the companies at fault for exposing their personal information. This notion suggests that consumers are apathetic toward breaches and therefore implies that companies do not have to worry as much about possible reputational damage or the loss of customers.

However, I believe this is a cynical view that can ultimately harm businesses if it influences their response process and causes them to take the issue less seriously. Contrary to the generally accepted assumptions about breach fatigue, I have found consumers do care about their security and show concern when their information is lost.

A recent Experian survey found that consumers in the United States who were notified of a data breach took steps to protect themselves in response. In fact, 72 percent of breached consumers updated anti-virus technology and nearly half reviewed online account activity or company security policies. Even more concerning for businesses, one in five consumers notified of a breach stopped doing business with the company that compromised their personal information. Further, even if it is true that some consumers are experiencing data breach fatigue, plaintiff attorneys are not and will closely scrutinize the response of any company, looking for signs that they are neglecting customers in their response.

To avoid the potential loss of reputation and mitigate the potential for litigation, companies must not fall victim to the “fatigue fallacy.” They must seriously consider the concerns of victims and take swift action to help them if an incident occurs. The good news is that there are steps companies can take to mitigate customer fall out after a major security incident.
 

Communicate Authentically

How, where and what a company communicates following an incident can have a significant impact on the response for customers. While companies are often required by law to notify affected individuals of a data breach through a written and mailed letter, how that letter is worded and the other avenues used to communicate with consumers can make a big difference. Notification letters should be sincere and tailored to the customer based on the situation and type of information exposed. They should include an apology, details around what information was lost and the steps that customers can take to protect themselves.

Beyond the formal notification letter, companies should consider the other channels they can use to communicate with affected customers. For example, establishing a page on a company website dedicated to providing more details about an incident, as well as links to other protection resources, has proven to be a very effective engagement tool. Unlike a written letter, a site can be regularly updated as companies learn more information about the incident, and it is an easy place for consumers to gain information.

Another important step is setting up a call center dedicated to providing support around consumer questions regarding an incident. Customers often have questions following a major breach and having the ability to speak with someone knowledgeable about the incident can go a long way in calming any concerns.

 

Provide Protection

Companies should also consider offering services that help consumers further safeguard the information that was exposed by the data breach. This could include free identify theft protection and credit monitoring services that will alert consumers if their information was used fraudulently, as well as help them remediate issues that occur. Companies can also offer access to fraud resolution agents that can help consumers deal with possible hassles should they become victims of identity theft after a breach.

The concerns and needs of consumers following a data breach should always remain a priority to companies. Those affected by a breach deserve to be notified and presented with protection options, whether interested in taking them or not. At its worst, the fatigue fallacy sways businesses to believe otherwise and do the minimum required by law versus what is required to maintain trust and credibility with customers. After all, it only takes a few vocal consumers to ignite a major reputational issue.

More information on data breach preparedness and resources can be found at www.experian.com/databreach and the www.experian.com/blogs/data-breach

KEYWORDS: cyber risk mitigation cyber security awareness data breach

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Sec0416 data slide2 900px

Michael Bruemmer, CHC, CIPP/US, is Vice President with the Experian® Data Breach Resolution group. With more than 25 years in the industry, Bruemmer brings a wealth of knowledge related to business operations and development in the identity theft and fraud resolution space where he has educated businesses of all sizes and sectors through pre-breach and breach response planning and delivery, including notification, call center and identity protection services. Bruemmer currently resides on the Ponemon Responsible Information Management (RIM) Board, the Information Security Media Group (ISMG) Editorial Advisory Board and the International Association of Privacy Professionals (IAPP) Certification Advisory Board.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Top Cybersecurity Leaders
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Logical Security
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Logical Security
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Sureview screen
    Sponsored bySureView Systems

    The Evolution of Automation in the Command Center

  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

Popular Stories

Rendered computer with keyboard

16B Login Credentials Exposed in World’s Largest Data Breach

Verizon on phone screen

61M Records Listed for Sale Online, Allegedly Belong to Verizon

Security’s 2025 Women in Security

Security’s 2025 Women in Security

Red spiderweb

From Retail to Insurance, Scattered Spider Changes Targets

blurry multicolored text on black screen

PowerSchool Education Technology Company Announces Data Breach

Events

August 7, 2025

Threats to the Energy Sector: Implications for Corporate and National Security

The energy sector has found itself in the crosshairs of virtually every bad actor on the global stage.

August 27, 2025

Risk Mitigation as a Competitive Edge

In today’s volatile environment, a robust risk management strategy isn’t just a requirement—it’s a foundation for organizational resilience. From cyber threats to climate disruptions, the ability to anticipate, withstand, and adapt to disruption is becoming a hallmark of industry leaders.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • Combating Complacency: Getting the Most Out of Your Data Breach Response Plan

    Combating Complacency: Getting the Most Out of Your Data Breach Response Plan

    See More
  • exec_enews

    Business Risk of Data Breaches: Preparing Your C-Suite

    See More
  • Top 5 Fails from Companies Preparing for and Responding to a Data Breach

    See More

Related Products

See More Products
  • Risk-Analysis.gif

    Risk Analysis and the Security Survey, 4th Edition

  • databasehacker

    The Database Hacker's Handboo

  • 9780367030407.jpg

    National Security, Personal Privacy and the Law

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing