全球智库信息集成服务系统

Twenty-six percent of respondents, or an estimated 64 million U.S. adults, recalled receiving a breach notification in the 12-month period before the survey.

• Higher-income and better-educated respondents were more likely to remember experiencing a breach; younger adults (ages 18–34) and senior citizens (ages 65+) were less likely.
• More than one-half of those people (51 percent), or an estimated 36 million individuals, received two or more notifications in the year preceding the survey.

Of those who received a notification in their lifetime, 44 percent were already aware of the breach from a source other than the affected company; typically media reports or notifications from a third party.

Sixty-two percent of respondents accepted offers of free credit monitoring.

• According to respondents, three main factors influenced their decision: (1) time and effort required, (2) quality perception and trust (both of the affected company and of the breach notification service), and (3) whether the offer duplicated other services the victim had.

Only 11 percent of respondents stopped dealing with the affected company following a breach.

• Thirty-two percent of respondents reported no costs of the breach and any inconvenience it garnered; among those reporting some cost, the median cost was $500. Median dollar values were higher if health information ($1,000), social security numbers ($1,000), or other financial information ($864) was compromised.
• Just under 6 percent said that the inconvenience cost them $10,000 or more. For these, the breach typically involved credit card or health information.

Seventy-seven percent of respondents were highly satisfied with the company's post-breach response.

• Most respondents (77 percent) were highly satisfied with the company's breach response. The greatest difference was with ethnic minorities, who were less likely to be satisfied with the company's breach response and more likely to both place a higher dollar value on the inconvenience caused by the breach and cease doing business with the company.

Respondents recommended several steps companies could take to better protect their data.

• The steps that would highly satisfy most respondents were (1) take measures to ensure that a similar breach cannot occur in the future (68 percent), (2) offer free credit monitoring or similar services to ensure that lost data is not misused (64 percent), and (3) notify consumers immediately (63 percent). All three of these actions were valued more highly than receiving financial compensation for the inconvenience.