According to the Ponemon Institute report, “2016 Cost of Data Breach,” the average cost of a data breach is $4 million.
For most organizations, this monetary loss can cause tremendous agony and yet, it’s only a fragment of the damage felt when experiencing a data breach. You’ve just been attacked and robbed; customers who trust you were violated. But, it’s important to maintain a level head so you can make the right decisions for your organization and consumers. The way you treat and communicate with your customers and key stakeholders during a data breach–or any crisis–can have a resounding, long-lasting effect.
Here are six tips for controlling cyber-crisis communications:
1. Retain cyber security professionals, immediately.
Data breaches are not a place for “learning on the job.” As soon as an organization learns of a data breach, it needs to contact a lawyer, a team of IT forensics experts and public relations experts. These three groups can ensure that as you handle and respond to the data breach, you are also following the law, minimizing current and future damage to your internal systems and protecting your reputation. It’s imperative that this inner circle of experts has experience in data breaches.
2. Determine a communication plan with business, legal and PR oversight.
Communications–or a lack of it–can make or break your organization’s reputation during a data breach. After the early facts of the situation become available, it’s important to craft a communications plan as soon as possible. Will you proactively share information about the breach with consumers? How will you prepare internal staff? Whom will you tell first? The answer to all of these questions should be based on both business and legal decisions.
3. Designate internal leaders.
Data breaches, like all crisis situations, move quickly and demand the attention of a senior manager who can work closely with PR experts and your legal team to approve communications materials in real time. It’s critical to have one direct senior manager to help steer the ship and work closely with your communication team, especially when details shift or new questions arise–whether that’s Wednesday morning or Sunday evening.
Though management may never need to speak with media during a data breach, media training is invaluable preparation for dealing with your board of directors or other key stakeholders. In addition to media training, you may want to consider having holding statements and Q&A documents at the ready to address media or consumer questions as soon as they arise.
5. Treat your clients as your most important audience.
Many organizations that are the victims of a data breach offer affected consumers fraud protection. This is a great step in helping to minimize damage to your consumers and to show them you truly care. However, often times the best way to repair your relationship with consumers is with a properly worded statement that is shared promptly and directly.
6. Control the story.
The best way to manage a crisis is by controlling the message and ensuring your organization leads the story rather than media delivering the news to your consumers, clients or board of directors. This may be easier said than done, which is why it’s essential to have the right PR team, with a long history of handling data breaches and managing crises, in your corner.
Get Ahead of a Crisis with Sikich PR
We hope your organization never experiences a data breach. But, by having a PR team in place, you’ll have one less thing to worry about if a crisis does arise.
Here’s are some of the ways Sikich PR counselors help clients during a crisis:
- Craft messages to match your organization’s tone and the situation at hand;
- Manage all aspects of media: from media training to handling all media inquiries;
- Control the story and minimize the negative effects;
- Prevent issues from escalating publicly and creating further harm;
- Act as reputation protection for your brand, leaders, employees and revenue base.
Contact Mack Reynolds, our Partner-in-Charge of Sikich Public Relations, for more information.