Data breaches are back in the news. Or maybe they’ve never left the news.

The growing frequency of data hacks may have numbed the public to the news.  Public statements about data breaches and other cyber-related issues increased 19.6 percent in the second quarter of 2015, according to new data from CrisisReponsePro.com.

Data breaches have become so common place, they’re almost expected. That does not lessen their danger, and it certainly doesn’t soothe the damage to affected individuals and companies. A data breach can devastate an organization, its employees and customers. A poor PR response exacerbates the pain and may compound the damage.

The Crisis de Jour

“Data breaches are the crisis de jour,” says CrisisResponsePro.com founder and CEO Jim Haggerty. “We’ve been cataloging these statements on a daily basis since 2013, and what is most remarkable is the rise in public responses when a data breach or other IT crisis hits.”

Data breaches are the PR crises that refuse to die, says Ronn Torossian, CEO of 5W Public Relations. When news of another corporate data breach breaks, reporters feel compelled to point out a trend. That means every time they report a new data breach, they refer to previously- reported cyber attacks.

In what may have been the largest cyberattack in U.S. history, a data breach at Office of Personnel Management (OPM) – the department entrusted with records of government employees — compromised sensitive personal information including Social Security numbers of 21.5 million government workers last month. The breach followed an earlier hack of OPM records that impacted 4.2 million people.

Sensitive information of both former and current employees may have been compromised, and the agency could not say exactly which employees were affected. That ongoing uncertainty put the agency in a difficult position, Torossian says.

“Can they legitimately begin releasing messages about what is being done to stop this from happening again when it could still be happening?” he poses.  “Can they honestly tell other government employees their data is safe now?”

Preparing PR Responses to Data Breaches

Crisis communications experts recommend these steps for handling cyber attacks that compromise secure employee or customer information.

Prepare a plan. Deciding how your organization will react to a data breach before it occurs is essential for a proper crisis management. Clear protocols can lay out what the organization will do, how the public and stakeholders will be notified and other key steps. Establishing contacts at relevant law enforcement agencies and a credit monitoring service can speed your response. Resolving how legal concerns will be balanced against reputational damage will avoid costly decision-making delays. Consider hiring a seasoned PR crisis communications consultant. (Many organizations keep crisis consultant on retainer expecting that sooner or later there’ll be a serious PR crisis that requires experienced outside counsel.)

Establish the facts. When a data breach occurs, the first step is to hold a “what do we know session” that includes top-level executives from legal, PR, security, IT and any other relevant department. The purpose is to determine what data was compromised, the number of people impacted and potentially impacted, how they should be alerted, if the security hole has been fixed and what law enforcement agencies have been notified.

Communicate. Promptly and honestly disclose what you know. If you’re still searching for answers, say it. People don’t expect you to know all the answers immediately, but they do expect communication. Ongoing updates as the crisis evolves is crucial for maintaining trust.

Create a war room. A 24/7 hotline to a contact person or department handling inquires and a script responding to questions can ease the communication flow. Prioritize media queries.

Monitor media coverage. Closely monitor media coverage and social media mentions in order to respond to media reports and measure public relations impact of the breach and your organization’s response.

Apologize. Apologize for the inconvenience and disruption. Sincerely. Without excuses. To start rebuilding trust, the apology should include an indication of steps being taken to protect affected individuals, to resolve the issue and to prevent further problems.

Follow up. Maintain continuing communications for as long as the issue remains in the news.  Prepare a script of standard questions and answers for any communications after the initial period. “No comment” does not insulate from criticism and may attract more contempt.

Bottom Line: Data breaches are among the most common crises PR teams face. They are striking all kinds of organizations with growing frequency. No organization is immune. A recent attack on the Office of Personnel Management, possibly the largest ever in the U.S., highlights the ongoing danger. Creating a PR crisis plan, responsive and forthright communications, and continual media monitoring are the hallmarks of a proper PR response to a data breach.

Other Articles

Fixing Data Breach PR
Lewis Public Relations

Into the Breach: PR’s Role in Cybersecurity Crisis
Jackson|Spalding

5 Ways to Respond Like a PR Pro during a Data Breach or Cyberattack
LT Public Relations

Hacking Attack Becomes an Ongoing PR Crisis
Business to Community

Glean.info grants permission to republish this article provided that the republished version contains a link to the original article on the Glean.info Blog.

William Comcowich

William J. Comcowich founded and served as CEO of CyberAlert LLC, the predecessor of Glean.info. He is currently serving as Interim CEO and member of the Board of Directors. Glean.info provides customized media monitoring, media measurement and analytics solutions across all types of traditional and social media.