UK businesses significantly underestimating their readiness to cope with full impact of data breach

Almost 1/5 have suffered at least one data breach in the last two years – 40% of British consumers affected

Almost 1/5 have suffered at least one data breach in the last two years – 40% of British consumers affected

London, March 18 2015 - Experian1, the global information services company, today releases Data Breach Readiness 2.0: The Customer First Data Breach Response, a whitepaper revealing the true picture of British organisations’ preparedness for the growing threat of data breach.

Drawing on insights from more than 400 senior business executives, the research reveals that:

  • 34% do not have a data breach response plan in place at all
  • Of those that do, a quarter of these plans do not include specialist crisis communications (23%) or legal support (27%)
  • More than a third (37%) had not included or considered digital forensics
  • Only one third have specific budgets set aside to deal with data breaches, in spite of 81% saying they are concerned about the financial impact of recovering from a breach
  • 39% have no reporting procedures in place for lost data or devices (e.g. company laptops or phones)
  • Less than half (43%) have data breach or cyber insurance policies in place

While preparedness levels were seen to be notably higher amongst organisations that have been affected by a breach in the past, 57% go on to be affected again within just two years.

With unprecedented levels of personally identifiable information being illegally traded online, the ever increasing sophistication of cybercrime means the potential impact on consumers, if their information is compromised, has never been greater.

Four in 10 British adults have been affected by a data breach and two thirds (64%) are concerned about falling victim in the future. Most notably it is evidenced that consumers are less understanding, and less willing to see organisations affected by data breaches as ‘victims’.  Rather, they increasingly believe that data breaches come as a result of the organisations’ own failures – failures in procedures, security and data controls.

The research findings clearly bear this out:

  • 84% think companies should be penalised for compromising their customers' personal information
  • 83% think companies should be subject to increased regulation to better protect customers
  • 80% say their level of trust would decrease if a company lost their personal data
  • 67% would advise friends and family against the organisation
  • 63% say they are likely to leave an organisation if a data breach occurred

It appears that UK organisations are failing to recognise and mitigate these risks. Less than half of organisations (47%) would notify customers ‘as quickly as possible’ following a data breach. Less than a quarter (21%) would offer an identity protection service to existing customers, and only one in 10 would offer a free credit monitoring service.

Amir Goshtai, Managing Director, Affinity Experian Consumer Services commented: “The prevalence and severity of data breach incidents will continue to accelerate, as will the volume of reported cases. When coupled with the potential for greater regulation, increased consumer awareness and widespread media coverage, it has never been more important for organisations to be well prepared. And at the heart of any plan needs to be an unwavering focus minimising the impact on their customers."

The findings of Data Breach Readiness 2.0: The Customer First Data Breach Response highlight that UK organisations still have a lot to learn about planning and delivering an effective data breach response. Moreover, learning those lessons will be vital to minimising the damage caused by data breaches.

The organisations most equipped to withstand the impacts of data will take a proactive, integrated approach with detailed response plans that:

  • Focus first and foremost on those affected recognising that this is where all other impacts ultimately will flow from:  customers, the wider public, the media and regulators
  • Identify response teams, roles, responsibilities and lines of communication
  • Draw support and direct involvement at the highest level of the business
  • Identify and put in place master agreements with specialist suppliers – outside legal counsel, insurance, digital forensics, consumer support, credit monitoring, and crisis communications
  • Incorporate specific plans for each discipline: a digital forensics response plan, a crisis communications plan, a consumer outreach plan and so on
  • Mandate regular testing and scenario planning to ensure plans are relevant and cover all possible outcomes

Download: Data Breach Readiness 2.0: The Customer First Data Breach Response at



Notes to editors:

The 400 senior business executives were experts from legal, insurance, digital forensics, crisis communications disciplines and complemented by consumer research. The report reveals that 17% of medium / large businesses in the UK have suffered at least one breach in the last two years. However perhaps of greater concern, the findings strongly indicate a misplaced confidence among UK organisations when it comes to preparedness to properly manage, and recover from, a data breach.

79% of executives interviewed believe their organisation is prepared to respond and 81% believe the organisation understands what needs to be done following a data breach to maintain customers’ and business partners’ trust.

Research Methodology:

ComRes interviewed 400 medium and large UK businesses online between the 22nd December 2014 and 3rd January 2015. All respondents were screened and had involvement or knowledge of their company’s data breach policy.

ComRes interviewed 2,056 GB adults online between the 9th and 11th January 2015. Data were weighted to be representative of all GB adults aged 18+.

Available for Interview:

Jim Steven,Head of Data Breach Services at Experian Consumer Services.

For more information please contact:

 Jill O'Connor

PR Manager, Experian Consumer Services / 020304 24870 


Jill O’Connor, PR Manager T: +44 (0) 20304 24870 | M: +44 (0) 7964 903729 | E: Jill.O’



About Experian

We are the leading global information services company, providing data and analytical tools to our clients around the world. We help businesses to manage credit risk, prevent fraud, target marketing offers and automate decision making. We also help people to check their credit report and credit score, and protect against identity theft.  In 2014, we were named by Forbes magazine as one of the ‘World’s Most Innovative Companies’.

We employ approximately 16,000 people in 39 countries and our corporate headquarters are in Dublin, Ireland, with operational headquarters in Nottingham, UK; California, US; and São Paulo, Brazil.

Experian plc is listed on the London Stock Exchange (EXPN) and is a constituent of the FTSE 100 index. Total revenue for the year ended March 31, 2014, was US$4.8 billion.

To find out more about our company, please visit or watch our documentary, ‘Inside Experian’.