In a data-driven world, personal information is of high value to both the brand and the individual. Unfortunately, cybercriminals also have their eyes on this most lucrative of assets too.
From hospital records through to bank details, some of the most important features of our lives are now recorded online. The financial and emotional impact of a data breach can be disastrous, yet research shows that nearly a third of companies have no global response plan in place should the worst happen – and this includes communications.
One of the most overlooked aspects of disaster recovery plans is public relations, yet brand reputation is perhaps one of the biggest casualties following a data breach. Take Uber, for example. It was recently found to have concealed the theft of over 57 million users’ data worldwide, including nearly three million in the UK. Once the cat was out of the bag, it faced 11 new lawsuits in just a week, damaging its already tarnished reputation even further.
So when faced with a data breach, what should brands like Uber do?
First of all, it’s worth remembering that data breaches happen to the best of us. Some of the world’s most trusted brands, including Yahoo!, Google, Deloitte, even Her Majesty’s Revenue and Customs have all been victims. In fact in 2016 – a record year for cybercrime – nearly half of all companies discovered a breach. And of course, that’s just the percentage which found the problem. If your customers are businesses, it’s likely they’ve experienced this crime too. If you deal with consumers, it’s probable that they’ve had their data stolen before.
With this in mind, consider that data breaches are worth planning for. Work out ahead of time who your stakeholders are, what they would need to be told, and when you would plan to tell it to them. Some parties may simply wish to be informed, while others may want to be involved. Telling them that data has disappeared may not be good news, but by keeping them abreast you’ll be seen to be doing all you can, rather than hiding under a rock.
Fast communication is important for limiting damage. Although Uber’s most recent data breach became public knowledge this year, it occurred approximately a year beforehand. It reflects a failure to learn lessons: Uber’s data was also compromised in 2014, but it wasn’t until six months after the discovery that the company notified its customers, who naturally responded with criticism.
Bear in mind that you may need to release information incrementally as it becomes available. Ultimately accuracy is important and can help avoid inciting panic. If you’re not sure what your messaging should be, it is worth seeking assistance from an experienced crisis communications team.
Finally, once you’ve had time to recover from the breach, show your customers that you have learned your lessons. If you haven’t publicly communicated that you’ve made amends, you may not be able to regain trust in the public eye. As well as telling customers that their data is safe, you may also want to use the mainstream media to communicate to the criminals that your defences are robust and that you’re not an easy target.
If the hackers set their sights on your valuable data, don’t panic – you’re not alone. And if you have escaped their activities so far, count yourself lucky, but use this time to get prepared for when they do arrive.
In an economy where data is the new oil, it isn’t just your information you’ll need to protect, it’s your brand too.