Regaining Trust After a Data Breach
Any business of any size can become a victim of a data breach. We tend to think of data breaches as cybersecurity threats for large organizations, but here are some facts to reveal the scope of the real cybersecurity threat landscape for data breaches:
- A Verizon Data Breach Investigation Report based on an analysis of more than 79,000 security incidents, including over 5200 data breaches, found that 28% of data breaches affected small business victims1.
- The Thales Data Threat Report by 451 Research surveyed 2600 executives from a range of industries and found that 45% of US companies have suffered a data breach in the past2.
- The National Cyber Security Alliance found that 60% of small firms go out of business within six months of a data breach3.
- Research from PCI Pal found that 83% of consumers claim they will stop spending with a business for several months in the immediate aftermath of a security breach, and 21% of consumers claim they will never return to a business post-breach4.
Of course, prevention is key; follow best practices for protecting sensitive data to minimize your risk of a data breach. That said, cyberattackers are constantly evolving to make their cyberattacks more lucrative and stealthy, and even your diligent effort may not be enough to stop them. If your organization becomes their next victim, regaining the trust of your clients, customers, and stakeholders will be of primary concern. Here are some tips to navigate this situation:
Address the cause. Take all systems offline and isolate them until the cause of the data breach has been addressed. The only thing worse than a data breach is having to tell everyone affected by your data breach that there has been yet another data breach. Having an incident response plan in place can make this step easier.
Communication: legal. All 50 states in the US have data breach notification laws that outline the responsibilities that organizations have regarding notification of affected parties following a data breach.
Communication: personal. This is personal. Your organization is responsible for the data it has collected, and this data belongs to real human people with feelings. An appropriate response will require honesty and tact. Do not try to hide or minimize the data breach event and expect that news will also be traveling concurrently (or faster!) on social media. It would be wise to have an individual pre-appointed as the public relations liaison who will be the face of your organization as you navigate this crisis.
Offer help. Offer the affected parties tips and tools to protect themselves from data breach-related hacking, such as advice about how to manage their passwords or dedicated support lines to answer their questions.
Reward loyalty. Other organizations may take this opportunity to lure business away from you. Reward your customers, clients, and stakeholders who have stood by your organization during this difficult time.
Tighten up. Your data can be breached in any number of ways, so don’t simply address the singular vulnerability that was successfully exploited by cyberattackers. Look for comprehensive cybersecurity solutions that can protect your organization from a broad range of threats.
1 Verizon, 2021, “Verizon Data Breach Investigations Report”
2 Thales, 2021, “2021 Thales Data Threat Report”
3 National Cyber Security Alliance, 2012, “America’s Small Businesses Must Take Online Security More Seriously”
4 PCI Pal, 2019, “New Global Research Shows Poor Data Security Practices Have Serious Consequences for Businesses Worldwide”