A new national study from comms agency Porter Novelli and law firm Hall & Wilcox has revealed a widening disconnect between the way Australian consumers expect organisations to respond to a data breach, and what business leaders believe is enough.
The Beyond the Breach report, conducted by Quantum Market Research, found that while meeting regulatory obligations remains critical, Australians are increasingly judging organisations not on whether a breach occurs, but on how they respond. For organisations, the greatest long-term risks are legal and reputational, and trust is eroding fast.
For consumers, transparency is expected, and is not considered “optional”. One hundred per cent of business leaders agreed that their customers expect their organisation to provide transparent information in a data breach, yet only half agreed their organisations should go beyond basic legal requirements.
However, simply fulfilling legal obligations represents a significant risk for business leaders. Organisations that do the bare minimum following a data breach are trusted by just two per cent of consumers.
According to Lauren Clancy, client partner, technology and cyber at Porter Novelli, the reason for this is that while there may be some “breach fatigue” out there, almost half of Australians who are impacted by a breach report still report emotional distress, with one in ten needing time off work to deal with the situation.
“Being impacted by a data breach is simply a matter of when, and organisations need to do everything they can to put customers first. And when organisations act quickly, clearly and with empathy, they will see trust rebound, with one in four consumers willing to re-engage with the organisation,” she said.
“Australians judge organisations not on whether a breach occurred, but on how they respond. Speed, clarity and empathy are the new reputational currencies. Brands that respond with care earn back trust, while those that treat cyber response as a compliance exercise risk long-term damage.”
The research highlights three actions leaders can take to protect trust: communicate faster and smarter, go beyond legal obligations with transparency, and lead with empathy for the consumer or stakeholder. These steps consistently deliver stronger reputational outcomes for organisations.
“This does not mean over-communicating. A press conference about a data breach is rarely appropriate. This is not a media issue—what matters is getting accurate communications to affected stakeholders as quickly as practicable, and that means customers, employees, members, donors, partners, or whomever is important to your organisation,” added Clancy.
Eden Winokur, partner and head of cyber at Hall & Wilcox, stated that while legal compliance remains vital, it is only part of the picture.
“Privacy has never been more important to individuals, and scrutiny from consumers, regulators and the media continues to intensify. Organisations that treat cyber response as just a legal box-ticking exercise are missing the bigger picture.”
