In a recent survey, when 2,000 people were asked if they would do business with a company that had been breached, 86% of them said no. When sensitive data is breached, brand and corporate reputations suffer, as do stocks and consumer confidence. And what about gut-wrenching sleepless night endured by CEOs and CIOs asking themselves, “How did this happen?” and “What do we do next?”
After all, losing company money is no lightweight issue.
Yet companies who have been hit by data breaches are still around. Revenues may have dwindled and customers may have diminished, but it didn’t close the doors. Most of the loss and brand damage is temporary, albeit costly. But the companies don’t die on the vine. Over time, most do bounce back.
Why is that?
Poneman’s Institute puts data breaches up there with poor customer service and environmental disasters for impacting brand reputation. The damage a data breach can do if not managed properly is untold.
In today’s turbulent times, data breaches are becoming more common and many say that’s to be expected. But beyond the breach itself occurring, a critical issue is how it is dealt with once it occurs.
There are ten mistakes that companies often make in managing a data breach. Avoiding these oversights is a giant step to managing a worst-case scenario:
1. No external agency secured – some breaches are too big to handle in-house.
2. No engagement with outside counsel – unless your internal counsel are breach experts.
3. No single decision maker – every team needs a team leader.
4. Lack of clear communication – without it expect chaos.
5. No communications plan – without it, delays, confusion, missteps.
6. Waiting for perfect information before acting – in a state of flux, change is ongoing.
7. Micromanaging the breach – trust the people to do their jobs.
8. No remediation plans post incident – engage with customers; share information.
9. Not providing a remedy to consumers – customers want answers immediately.
10. Failing to practice – practice often; iron out the wrinkles.
Since there is no formulaic means of measuring brand reputation, it’s fair to say that avoiding a data breach in the first place is the obvious primary goal. However, being prepared means having an incident response plan; a crisis management plan, full media training for any spokespeople, and regular tests performed to monitor resilience and response.