When companies suffer a data breach, it can be devastating to several parts of the business. And consumers are beginning to have more impact. IDC revealed that 80 percent of consumers will abandon a business if their personal data has been compromised.
The first reaction of managers and leaders is usually to turn to IT and security teams to fix the problem and counteract the damage that was done, however, this is often shortsighted. As cyberattacks and data breaches continue to increase, there are other parts of the organization that can offer help in mitigating the consequences after applications or networks have been compromised. Below, we outline how organizations can regain consumer trust after being hit by a cyberattack.
In an ideal
world, organizations would be able to get the message of a data breach out to
their customers before they read it on the news. However, with the 24/7 news
cycle and cyberattacks making headlines every day, this may not happen. If your
customers have already heard the news, they may be feeling vulnerable and
panicked, not to mention, angry. After all, they trusted your company with
their information, and it became exposed.
organization should do its best to ensure that you are the ones to make the
information public first. When sending
an email notification or even a breach notification letter, remember to keep a
calm and level tone, but also be apologetic and helpful. Put yourself in your
customers’ shoes. Have some empathy. What information would you want to know
during and after a cyberattack?
important to be transparent. It’s transparency that builds trust. This means
providing the full narrative of what happened by answering the following:
Who is at
risk of being compromised from the breach? Was it users of a specific
application or website?
information was stolen? Was it usernames, passwords, financial information?
It’s important to specify.
organization has multiple websites, applications or locations, where was the
information stolen? Was it taken from the cloud, or an on-premise data center?
Why did the
breach happen? Specify what exactly caused the authorized access to customer
data. If you are still investigating the root cause, it’s important to tell
that to your customers. These situations are often times complex, and being
transparent, while educating your customers is an important first step in
assuaging their concerns, as well as regaining their trust.
consumers move forward to best protect themselves, and how is the company going
to fix the problem? Take full responsibility for what happened, and reiterate
that your organization will do whatever is necessary to prevent these incidents
in the future.
time of the notification, personalization is not recommended. Using
personalized content to the specific customer can indicate that your company
does not take privacy seriously. In these materials, it is recommended to not
use first name personalization.
Consumers Informed of Progress
notification to your customers is only the beginning of gaining trust in your
brand back. As the data breach investigation moves forward, it is important to
continue to relay any information that is relevant to your customers. Sending a
follow-up email or letter can act as a reassurance to your customers that
you’re thinking of how you can better protect them. It needs to be consistent,
not random. This will make your customers feel like they are simply an
afterthought, rather than a priority. Marketing and communications departments
can also work with dedicated members of a customer service team to give the
latest information on the breach. In addition, there should be a section of
your website that consumers can go to find information, and how to contact
customer service with any issues.
Ongoing Educational Content on Best “Cyber Practices”
data breach, consumers can be lost on how to move forward. Even after all of
the details are explained to them and they are informed on developments of the
investigation, they may be wondering how they can protect themselves from any
cyberattack of any organization in the future. By producing educational content
on how they can avoid becoming a victim of a data breach, they will begin to
turn to your organization as a trusted advisor again.
important for your organization to produce content that will be helpful to
consumers when the breach happens. Also keep in mind that everyone consumes
content differently, so having multiple different ways to get the information
to them is crucial. Pieces of content could include a blog post with
information for agencies that can help in the event a user or customer might be
vulnerable to identity theft and steps they can take to reduce that risk. Other
examples include email campaigns, or videos from executives with cybersecurity
tips including best password practices and how to avoid falling victim to
Keep in mind
– the content must be written in a way where you are not blaming them for the
breach, but rather helping them ensure their information is not compromised
further in the future.
Breaches from Happening
At the end
of the day, the best way to regain consumer trust following a cyberattack is to
ensure the public that you will do everything in your power to prevent it from
happening again. Shift your company’s mindset to security-first and
privacy-by-design. Organizations who suffer a breach should be asking
themselves: what can we do better? Are all departments communicating? Does the
right hand know what the left hand is doing? Is everyone in the organization
aware of the security and privacy ramifications if an incident were to happen?
assessment of current technology and gaps in security talent should be
conducted and addressed throughout the months following an attack. In addition,
all employees should be reminded to keep security at the top of their mind at
all times. When consumers see an organization that is honest and taking steps
to right the wrong that happened, they will begin to have trust in the brand
Matthew Hutchinson, vice president, WhiteHat Security