If you ask a CEO what event could cause the most harm to their business, it is a great chance that a data breach ranks quite high on the list of concerns. More often, the most harmful impact of a data breach does not relate to the data itself but very much to the reputation that can be irremediably tarnished.
Preparation, communication, and trust are the key pillars that underpin a successful data breach crisis management plan. Being supported by a strong and united multi-disciplinary team of experts, and taking on your responsibilities early on, are prerequisites to navigating these stressful times.
A webinar held by our partner agency Shillings helped us shed some light on the critical steps to follow to mitigate the risks/ dangers resulting from a data breach crisis.
A data-breach crisis management timeline is often articulated around these four main phases (these are not necessarily chronological, they will collide most of the time).
The hours following the moment from which the breach has been discovered are critical – it is during this phase that most of the decision-making will be made. The management sets the tone on how the breach will be handled; the containment plan is being launched.
If a mistake is going to be made, it will be made early and is likely to impact the whole management of the crisis. It is paramount to get your core facts straight to define the most appropriate technical containment and communication plans.
It is paramount to get your core facts straight to define the most appropriate technical containment and communication plans. High confidence in these facts and high levels of trust between the technical and management teams are essential BUT a certain degree of flexibility is needed to adapt to new information coming in waves.
The risk assessment phase enables the agents that have been breached to investigate which data subjects have been affected if they have special characteristics that need to be considered, and the amount and the nature of data that has been breached/lost (sensitive data).
If the data breach results in a violation of individual rights, the risk is much higher and calls for a stronger reaction from the company. Interest from the media will also be higher.
In terms of communication:
Overall, the principle of empathy, responsibility and accountability are widely shared values worldwide and will be assets in communicating about a data-breach crisis, regardless of the jurisdictions. Help your stakeholders understand what you are doing and why you are doing it, how it is going to be fixed. In the case when you are unsure about the end liability, it is better to err on the side of taking more responsibilities, than taking too little.
Once you have forensically captured all the information you could capture, it is strongly advised to sit down with the management and breach management team to review the protocols at a later stage.
It is a “best-effort” obligation to develop best practices within the company and be better at predicting and handling unpredictable situations in the future.
Are you all well prepared to handle a cyber crisis or a data breach? Do you need advice in developing a solid crisis communications plan? Our Account Director Marion sheds light on the four most critical phases of preparing and implementing such a programme to protect your reputation. She will be happy to help. Click here to contact us.
Or follow us