A Communicator’s Guide to Responding to a Data Breach


Sandra Fathi - 224x180By Sandra Fathi, President & Founder, Affect

Every day the news is riddled with headlines regarding the latest data breach and it seems that no organization is immune – from government entities to retail stores and from travel sites to security companies. It’s no longer a matter of ‘if’ but ‘when’ your organization will experience a data breach. In addition to the material damage and potential revenue impact, companies often fear the long-term effects of a poor reputation in dealing with this type of crisis.

If you are sitting in the public relations department, it’s going to be your job to defend your company’s reputation and build back customer trust.  Here are four recommendations to help guide you in protecting your brand reputation in the event of a security breach:

1) Develop a Fully Locked and Loaded Response Plan
In the digital age, it is essential to have a cyber attack plan in place as part of an organization’s crisis management strategy. Companies can get ahead of a crisis by leveraging social media to diffuse damaging situations. In order to prepare, be sure to anticipate and understand the kinds of threats that could influence your business and your industry.

There are four phases of crisis communications: readiness, response, reassurance and recovery. In order to properly respond to a crisis, each stage must be ready to go at a moment’s notice – develop materials such as messages and prepared statements, prepare delivery channels like hotlines and social media platforms and train employees regarding awareness and organizational procedures.

2) The Customer is Top Priority
Arguably the most important step in maintaining a brand’s image amid a breach is to be honest with customers and inform them about what has occurred – the sooner the better, especially if their personal information is at stake. In fact, 47 states have Security Breach Notification Laws that govern communication with customers in the face of a security breach including the timeline for those communications. If time elapses before official notifications are sent, you could be facing fines as well as a backlash from customers and the media.

In the wake of a data breach, urgency, empathy and transparency are absolutely crucial. Not being upfront with customers can result in a loss of confidence in the brand that can hinder not only the company’s reputation, but could impede recovery.

3) Monitor the Situation in Real-Time
Social media can be a powerful tool but ‘with great power comes great responsibility.’ While positive engagements boost a brand’s respect, companies must always monitor for negative interactions in real-time and be even more stringent during a security breach, as customers will turn to social media to respond to situations, regardless of their allegiance to the brand. Develop a Social Media Response Map that outlines anticipated situations and correlated standard responses to avoid any last minute shuffle. Don’t shy away from angry customers who continuously post negative comments. Depending on the situation, it may be worthwhile to engage with these individuals in a private forum and resolve their concerns, taking the negative sentiments offline.

4) Don’t Repeat the Same Mistakes
For brands, it is especially important to not make the same mistakes twice. Customers may or may not forgive a first offense, so a second go-around is even harder to rebound from. Companies must carefully document and analyze each breach to identify how it happened, why it happened and how to prevent such an event in the future. Consider changing security vendors, deploying new software, re-training staff and amending company policies. It is also important to communicate these changes to customers and to the public to reassure them that a similar breach will not reoccur.

Most communicators do not have control over the systems and procedures that govern security in their own organizations. However, preparing a crisis communications plan prior to a breach can help ensure that, companies protect their reputations, customer relationships and revenue in the long term.

 About the Author: Sandra Fathi is President and Founder of Affect, a public relations and social media firm specializing in technology, healthcare and professional services. Sandra is an expert on crisis communications and is a sought-after speaker and writer on the topic. She is currently on the board of PRSA-NY and the PR Council. She can be reached at sfathi@affect.com or on twitter at @sandrafathi.  

Leave a Comment