July 01, 2014

You’ve been breached. Now, how do you publicly respond?

BbbEarlier today, Forbes published an article which includes my take on how companies should behave after a data breach, especially on the customer communications front, to make sure that they maintain customer loyalty and trust.

Talking to Forbes, I mentioned that we believe that organizations should act on multiple fronts, some pre-incident and some post-incident.

One of the things that past breaches and disclosure have taught us, is that companies are sometimes reluctant to provide details about what happened and how. This can be the result of two main things: internal miscommunication and lack of technical monitoring controls.

Public Communications

I believe that CMO–CEO collaboration is critical in the case of a data breach. On one end of the scale, companies release incident disclosure notifications that seem aggressive or, on the other end of the scale, vague. This is where the CMO is key: communicating in the proper way, through the proper channels, and pausing to think before releasing a statement may change the entire tone of a disclosure notification, and therefore change the business impact.

Technical Controls

Disclosure notifications often lack breach details. And, as a customer, you can never tell if it’s because the company is hiding details, or they just don’t know! That’s where public trust is on the line. I would absolutely trust a company that tells me that they got breached in this certain way, on this specific date, and that they have resolved the issue. I’m not so sure I would trust a company that says “we have been breached, everything is fine now.”

In order to provide these sorts of details, and actually find out how a breach happened, and what data is at risk, companies must monitor their digital assets where they reside. Monitoring who accesses what data, where, and when, will provide the details required to analyze an incident. Activity monitoring technologies around file, database and more complex repositories like Sharepoint would normally be able to detect those breaches before too much damage has occurred.

While a data breach may damage a customer’s trust, being knowledgeable and responsible as a company will help maintain that trust.

Authors & Topics:

Share on LinkedIn


Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Your comment could not be posted. Error type:
Your comment has been saved. Comments are moderated and will not appear until approved by the author. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.


Post a comment

Comments are moderated, and will not appear until the author has approved them.