Photo by Source
In 2016 alone, nearly 29 million records have been compromised as a result of data breaches according to the Identity Theft Resource Center. While the data breaches responsible for these compromised records are typically discussed at length from a technological standpoint, there has been significantly less attention given to handling them from a communications angle. Before you shrug this off thinking who has time for PR when you’ve been hacked?… consider the following:
Did you know? 33% of customers reported actually gaining trust in an organization after being alerted by the company about a breach, according to Deloitte’s 2016 Privacy Index.
Effective planning and execution of a data breach crisis communication strategy will not only prevent your executive team from going gray(er), handled the right way it can even increase customer trust.
Wondering how you can you pull off the impossible and turn data breach lemons into lemonade? It’s not magic. The first step is admitting you might have a problem and preparing for it. Here are some techniques to ensure your crisis communication strategy is ready in the unfortunate event of a data breach.
Despite the prevalence of breaches, there often remains a “let’s cross our fingers and hope for the best” mentality when it comes to creating a crisis communication strategy. It is only when the breach actually happens that people start to (frantically) pull together a plan.
Pro tip: Develop your crisis communication plan when you have time to think clearly and put forward your best, most thoughtful work.
In other words, when you're anticipating a crisis, not reacting to one.
By putting together a plug-and-play plan ahead of time (that can be later customized to meet the needs of the specific crisis that unfolds) it will allow your team to act significantly faster during a time of crisis.
Speed is key to crisis communication success. Every hour you are not telling the story, someone else might be. Planning ahead will dramatically increase your time between crisis and action.
When putting together your company’s unique crisis communication breach strategy, here are a few questions to ask yourself:
To get a better idea of how all this plays out, let’s take a look at a company who had to put an effective crisis communication strategy into action — Anthem.
In 2015, Anthem — the second-largest U.S. healthcare insurance provider — was the the victim of a data breach. Using a stolen password, hackers broke into Anthem’s database which contained the personal information of 78.8 million current and former members and employees, making this the largest breach to impact the healthcare industry to date.
So, how did Anthem handle this massive crisis communication challenge? With help from the Ketchum PR agency, Anthem knew that time and transparency were the two keys to surviving the crisis and maintaining trust with customers. Anthem’s VP of PR, Kristin Binns was quoted as saying “customers expect organizations to communicate about breaches as soon as possible and transparently.”
In addition to executing a notification plan within one week of breach, Anthem also launched a microsite that could be accessed from the company's homepage. The microsite included an FAQ and letter from CEO, Joseph Swedish, which was also shared via social channels and emailed to customers who opted to receive information from the company.
1/ Anthem was the victim of a cyber attack. No evidence medical or credit card information was compromised. More at http://t.co/ilKRmawhM6
— Anthem, Inc. (@AnthemInc) February 5, 2015
Lastly, customers impacted by the breach were offered free credit monitoring services for two years and a $1 million identity theft insurance policy from AllClear ID.
Note: Let’s not confuse an effective crisis communication strategy for a magic wand. Anthem’s communications team could not simply execute and hope the breach went away. However, their effective strategy ensured customers were able to get the answers they needed, showed Anthem was now in control of the situation, and avoided pouring gasoline on a volatile situation. Had their crisis communication strategy not been in place, the entire situation may have ended much worse.
Major takeaways: Speed matters, transparency is critical, and owning the breach is important.
Over a year later, the FBI is still investigating the attack and to-date there has been no evidence that Anthem member’s data has been sold, shared, or used fraudulently, according to an Anthem spokeswoman. While there have certainly been significant insurance and legal consequences of the breach, there has been no impact on membership or profits according to quarterly earnings calls.
It is so easy to play “Monday morning quarterback” and swear you would never handle a situation the way company X did. In reality, when a crisis hits, sometimes our better judgement goes out the door and we begin to think reactively vs. strategically. This is why the pre-planning stage is so critical. Instead of pointing fingers at those who have struggled to handle breach crisis communication seamlessly, let’s collectively learn something from it.
Target’s infamous 2013 data breach provides us with an a great learning opportunity. When 40 million customer payment cards were compromised, Target made the decision to not make the breach public until they were later exposed by Brian Kreb’s popular security blog Krebs on Security.
To make matters worse, once customers became aware of the breach they frantically attempted to reach customer service only to find that the lines were jammed. Target’s crisis communicate strategy (or lack of strategy) clearly violates our three keys to success: owning the breach and reacting with speed and transparency with customers. We all know how that breach story ended… the CIO and CEO resigned and hundreds of millions of dollars were lost.
Had Target quickly informed customers about the breach and been transparent about what they knew and how they were addressing the problem things very likely would have ended differently.
If you take one thing away from this post, let it be this: Now is the perfect time to start thinking through your breach crisis communication strategy, not when a breach actually impacts your business.
Maya is the Director of PR at Barkly. She has a strong background in media relations, crisis communication and media training. When not at the office, Maya expresses her creativity through digital photography and abstract painting.
Get the latest security news, tips, and trends straight to your inbox.
Get the latest security news, tips, and trends straight to your inbox.
ebookNew eBook:
5 companies, 5 attacks, and the reality of ransomware recovery.
close
Keep in Touch
© 2018 All Rights Reserved. Barkly is a registered trademark of Barkly Protects, Inc. | Privacy Policy and Terms of Service