Data breaches continue to torment businesses, government agencies and other organizations. The number of significant breaches exceeded 1,300 last year, compared to fewer than 200 in 2005, according to the Identity Theft Resource Center (ITRC), a U.S. nonprofit.
Criminals are stealing more data from companies, and data breaches are publicized more frequently, the ITRC states. It’s difficult to determine if there are more security breaches now than ever before, since more companies reveal breaches due to laws or public pressure, it says.
A few high-profile examples include Equifax, Target and Yahoo. The data breaches allow theft of customers’ sensitive personal information. After a breach, the company stock price may plunge, at least temporarily. An ensuing PR crisis may seriously damage the brand’s reputation and customer relationships.
“When a breach is revealed, the attacked company is portrayed not as a victim, but as negligent and, in a subtle way, complicit in the event that ultimately exposed partners and customers,” writes Steve McGaw, CMO of AT&T Business Solutions, for the PRSA.
It’s All in the Preparation
Preparation is the best defense. A security breach is possible no matter how skilled your IT team. Create a communications plan for security threats that establishes clear protocols for how to respond and how to inform the public and stakeholders. “The worst thing you can do for your brand once news of a breach hits is to have to scramble to find out who to work with to understand the issue, who is communicating to what audience, and who needs to be looped in,” McGaw says.
Use simple language. Cybersecurity is a complex field full of abstruse jargon. Such esoteric vocabulary can mystify the public and journalists, ultimately creating distrust. Simple and clear language is best.
Take responsibility. Owning up to the breach can restore trust in the organization. A clear statement detailing what steps will be taken to avoid future breaches is vital, writes PR crisis specialist Emily Dent for Computer Weekly. Taking responsibility implies that the organization intends to make sure it doesn’t happen again. Blaming hackers or others implies that the issue is out of the company’s hands. In addition, attempting to blame others will likely prolong media coverage as reporters attempt to uncover the full story, Dent adds.
Keep key stakeholders continuously informed. Involve top management in actions during the crisis and the preparation of the crisis communications plan. Without timely information, conjecture and rumor can spread. However, experts recommend against releasing all the details of a breach. “We typically would not communicate all the details of a breach to all employees,” Chris Leach, chief technologist for HPE Security Services, told MIT Technology Review. “We’ll only share enough to make sure they’re confident that we’re handling it, and that this is information they could, and should, share with their customers.”
Monitor media and social media. Close monitoring of social media enables you to know when people say something that requires an immediate response. It also provides you the opportunity to communicate directly with customers and affected individuals in real time.
Bottom Line: Data breaches remain an on-going threat. It’s essential for corporate communications teams to prepare contingency plans. A swift response, taking responsibility and explaining how the organization will prevent future breaches are key to restoring trust.
William J. Comcowich founded and served as CEO of CyberAlert LLC, the predecessor of Glean.info. He is currently serving as Interim CEO and member of the Board of Directors. Glean.info provides customized media monitoring, media measurement and analytics solutions across all types of traditional and social media.
