Data breaches are becoming increasingly common, but a new study finds that consumers aren't as upset about them as you might expect. In fact, the RAND Corporation study found that only 11 percent of those notified about a breach stopped doing business with the hacked company.
"While data breaches have become an alarmingly common part of American life, most people appear satisfied with companies' responses to data breaches and few decide to take their business elsewhere," said lead author Lillian Ablon. "It's unclear whether this response will induce companies to improve their breach notification practices."
About a quarter of those surveyed said they were notified about their data being included in a data breach during the previous year. Of those who had been notified at any point in their lifetime, about 44 percent said they were aware of the breach before the company notified them and about 10 percent said they discovered the breach themselves by noticing suspicious activity on their account.
While it is often thought that consumers are suffering "breach fatigue," the survey found that 62 percent accepted offers of free credit monitoring. Many of those who declined the offer said they already had a credit monitoring service.
Most were satisfied
More than three-quarters said they were highly satisfied with the company's post-breach response. Ethnic minorities, however, were less likely to say they were satisfied with the company's response and were more likely to stop doing business with the hacked company.
"Our research shows the importance of legislation that requires companies to notify individuals when a breach occurs," Ablon said. "Data breach notification laws empower consumers to take quick action to reduce risk and create incentives for companies to improve data security. Unfortunately, data breach laws are not uniform or even present for every state."
All but three states -- Alabama, New Mexico, and South Dakota -- have such laws.