Skip to main content

Data breach planning - how quickly could you act?

Know. Prepare. Recover.

It is still difficult to comprehend that one in five businesses of all sizes has experienced a data breach in the past two years (21%). Our latest research (carried out by consultancy company ComRes) has shown this.

Damage limitation

At first sight these figures may seem alarming. However, they needn’t be. And that’s because the monetary and reputational toll a data breach takes on your business, entirely depends on how much you’ve planned for all eventualities. It’s all about damage limitation. Acting quickly and strategically before and following a data breach can help you regain your security and protect your brand.

Clean data

As data breach response experts, we always inform businesses of the importance of clean and up-to-date customer data. Our new statistics show that only 47% of businesses of any size say they have clean customer and/or employee data, while only a quarter (25%) review it once a month. 90% review it just once a year. The problem with uncleansed customer data is that it can severely hamper an organisation’s ability to act efficiently in the event of a breach. Finding out new customer details during a crisis is time-consuming, reputationally damaging and potentially impossible to manage.

Speed of response

With clean data at the ready, the speed in which a business can respond to a data breach is far greater. However, it’s also important for organisations to bear in mind what customers expect in terms of a response time. Our research shows that more than half (52%) of people expect to be contacted and notified less than twelve hours after a breach. Only 20% of businesses, however, would expect to contact its customers within that timeframe.


With a thorough data breach response plan in place, none of this would be a worry. There would be a team in place – perhaps a third party – to deal with notifying customers, and all within the legal timeframe. The plan may also provide for a customer call centre that has the capacity to upscale to deal with the response, with pre-prepared, legally approved information to hand.

If businesses really are set on putting customers at the heart of their response, getting into the detail of what a response really entails is now a critical component of any business’ DNA.

Racing against the clock…

Having a pre-arranged response plan in place is therefore critical when racing against the clock following a breach. It allows a business to act quickly and prevent further data loss. It means you can Know. Prepare. Recover. And during a crisis, that’s a strong position to be in.

Find out more about how Experian help organisations put readiness plans in place so they can Know, Prepare and Recover with confidence in the event of a data breach.

Read our whitepaper: Readiness vs The Reality




ComRes interviewed 200 Business IT decision-makers in Great Britain (Online) between 9th – 16th January 2017. Respondents were surveyed across a variety of sectors and business sizes, ensuring good representation from all business types. All were screened to ensure they were involved in or aware of data breach management at their organisation, and all organisations had to be responsible for at least 100 Personally Identifiable Information (PII) records. Given the subject of the survey, respondents in the IT and Financial sectors are over-represented. ComRes also conducted similar research in 2016 with SMEs.


ComRes interviewed 2,001 British adults online between 13th and 15th January 2017. Data was weighted by age, gender, region and social grade to be representative of all British adults aged 18+. ComRes also conducted similar research among British adults in 2016 and 2015.

ComRes is a member of the British Polling Council and abides by its rules. Data tables are available on the ComRes website,