Public Relations After Cyber Attack / Data Breach Incident
Cyber attacks and data breaches are now ranked as the top threat to a business’s reputation, along with environmental incidents. According to the Reputation Institute, a “reputation” is the emotional connection stakeholders have with a company. By bringing to light negligence within the company, a data breach/cyber-attack can break the emotional connection between the company and its stakeholders. Poor publicity and negative perceptions follow, spurred on by ever-active social media campaigns, text messages, and other forms of instant communication made possible by technological advances. The double-edged sword of the internet strikes; harmful information can spread in an instant. Unfortunately, a loss of customers and fall in share price often leads to financial loss for the business.
A Ponemon Insitute study—The Aftermath of a Mega Data Breach: Consumer Sentiment found that 29% of existing customers would discontinue relationship with the company after a data breach.
Building Trust with Customers after a Data Breach/Cyber Attack
How a company responds to the event, along with how quickly and skillfully it communicates with those affected by the incident, can greatly affect its success in retaining customers. Most companies spend large quantities of time debating on whether to go public about the cyber-attack/data breach. By doing so, they waste valuable time during which customer identities may on sale on the black market. Catch of the Day, Australia’s online department store, took 38 months to report a data breach that happened in 2011—a staggeringly long span of time during which much harm was likely done.
Communication after Cyber Attack/ Data Breach
Mandatory notification law does not exist in Australia. However, OAIC guidelines do stipulate notification to affected clients after a data breach. For data breach notification letters, companies must provide true facts. Consumers seek an honest answer from the company about the data breach and also expect directions on how best to protect their personal information. Consumers are likely to be most fearful about their stolen identifies and possible financial losses, and are at the highest danger of losing trust in the company at this stage. Receiving a personal letter from the business can go a long way in creating or maintaining trust—investing time in the customers will grant them a sense that they are being cared for and protected.
Other stakeholders, such as investors, are more likely to be concerned with how news of the breach could affect the stock price and the valuation of the company; in this time, it is important for them to learn about acts of restoration and recovery being performed by the business.
Communication media for reaching out stakeholders need to be evaluated. Twitter & Facebook provide an interactive option to post messages and for customers to vent their fears, giving companies the opportunity to respond and reassure the troubled public.
Businesses must post the right message on their website as soon as possible, as it serves as the most trusted source of information. Customers are most likely to go to a company website to check out the true version about the cyber attack/ data breach. By quickly informing the public, businesses can minimize the rumors and speculations sure to spread.
According to the Ponemon Study, a vast majority of respondents found details about data breaches in the media useful for understanding the extent of data compromised and taking actions to protect their personal information from identity theft.
Cost of Crisis Management
Restoring reputation involves an expensive, lengthy process and may never be fully complete. A cyber-attack/data breach places the burden of extra cost on the business. Companies may need to hire Public Relations firms to work out crisis management strategies. A PR firm with experience in managing crisis communications and damage control can help in rebuilding credibility for the company and its brand—a crucial element for business hoping to recover.
Cyber liability/data breach insurance offers a comprehensive risk management solution for assisting in cyber-attack and/or data breach crisis management. Coverages such as the following (depending on the specific policies and endorsements) are included:
Crisis management and customer notification expenses: Emailing/ posting letters, telephone calling with a personalized message for each individual affected by cyber attack/ data breach explaining the data breach. Target, after its cyber attack incident in December 2013, sent an e-mail from CEO Gregg Steinhafel explaining the breach, apologizing, and offering free credit monitoring services to all customers whose data was stolen.
According to a study by Ponemon Institute in 2012, the average notification expense for a company in Australia was USD 219,986. Companies with insurance could have this cost alleviated.
Credit/identity theft monitoring cost: Cyber liability/data breach insurance helps in monitoring of credit card usage, credit card numbers, reissue of credit cards help in post breach personal identity protection. It also serves as a good PR tactic as companies admit to the breach and promise to work with their customers to mitigate all possible harm.
Public relations consultant fees: Hiring of PR consultants to offset reputation loss and re-establish trust of customers may include paying PR consultants. Cyber liability/data breach insurance coverage includes PR consultants fees under PR expenses.
In managing the crisis after a cyber-attack/data breach, a business must communicate not only with its customers, but also with the shareholders employees, regulators, and the community. Corporate boards are increasingly viewing cyber attacks as a risk. The Social & Reputational Capital of a business is dependent upon trust, communication & relationships. PR firms may find cyber attacks/data breach incidents as an opportunity to provide a benefit to the world of business and the society.
As can be seen, cyber-attacks and data breaches are far from simple issues. However, with effective and timely communication and the help of Public Relations professionals, companies can restore and rebuild their reputations. As always, preparation is exceedingly helpful. Knowing the proper steps and measures discussed here before a crisis strikes could be the difference between a serious blow to your company or a minor bruise. Choose the latter.
“The information provided is general advice only and does not take account of your personal circumstances or needs. Please refer to our financial services guide which contains details of our services and how we are remunerated.”