Responding to a Data Breach Starts at the Top
Leadership is always evolving in response to new challenges in the modern workforce. One of these challenges, cyberattacks, are a growing issue that cost businesses millions. In fact, IBM’s 2016 report shows that the average cost of a data breach is $4 million, a significant sum for many companies. There’s a lot more at stake than money, however. Data breaches can tarnish a company’s reputation, making it very difficult to win back customer loyalty and support. A leader’s response to a data breach can mean the difference between damage control and total chaos.
It Can Happen to Anyone
The first thing every leader should remember is that a data breach can happen to anyone. As globalization continues, breaches are becoming an even greater problem. Target, LivingSocial, Facebook, and other prominent companies have been the victims of clever cybercrime. It’s easy to think that a data breach is the kind of thing that happens to other companies—until it happens to you. No security system is completely un-hackable, and every company needs to have a breach response plan in addition to solid cybersecurity. Members of the team should know how to spot signs of an attack—and take that information to leadership immediately.
Handling a Breach Correctly
Good leadership during a crisis like a data breach is key to preserving morale and helping the company move past the incident. Everyone will have different opinions about how to proceed with the legal, financial, and PR aspects of a breach, and leadership’s role is to act as the guiding force to prioritize and help the business recover. There are certain steps to this process:
Step 1: Communicate, Communicate, Communicate
Leaders need to respond immediately following the data breach and prioritize communication. Internally, this means involving all departments in damage control and response protocols. Open and honest communication will mobilize the whole team and give leadership tools for responding to the crisis. External communication should also begin as quickly as possible. It is much better for news of a breach to reach customers and the media through the company’s own channels, rather than an outside source.
Step 2: Map out Important Values
There are many different directions to take the decisions that must be made following a breach. What relationships and resources are most critical to the business? Will lost reputation with consumers threaten to ruin the business? Will the costs of a data breach ruin growth potential? Prioritize based on the company values and current worst case scenario.
Step 3: Get the Whole Picture
A data breach is an extremely complex problem, and leaders need to be aware of every angle affecting the issue. Writing down all the possible consequences and considerations helps leadership gain awareness of secondary crises that can arise following a breach.
Step 4: Be Prepared to Pivot
Not everything will go according to plan, and leaders may need to change their strategy throughout the crisis. New information may come to light, ideas on how to make amends may prove impractical, and any number of other surprises can come along. It’s always best to consider some contingency plans, just in case.
Step 5: Prevent
This should go without saying, but companies who have been breached will need to do a serious investigation into the source of the breach. Once the hack has been identified, additional security measures should be put in place to prevent future attacks.
High-Profile Data Breaches
The healthcare industry has been faced with many security breaches in recent years, and many sensitive health records have been accessed illegally. However, one of the most visible breaches in recent years was the attack on Target, compromising more than 40 million customers’ payment information. The CEO took responsibility for the breach, was open, honest, and on message during an interview following the attack. He acknowledged that the company had been slow to respond, and promised to make it right. Shoppers didn’t run—Target gained enough goodwill from the response to retain many of their customers. This example shows that leaders can help mitigate a breach by communicating with clients and rebuilding the trust lost during a breach.
Turning a Bad Situation Around
There’s no way around it: data breaches are bad for business. No leader wants to have to step up and take responsibility during a security crisis. However, responding quickly and appropriately can help the company recover, and help prevent future problems. Employees look to the top in times of crisis, and it’s important for leadership to rise to the occasion.
Ryan Ayers has been a consultant for over five years within multiple industries including information technology, medical devices and logistics. Many clients call him the BizTech Guru. He is a freelance writer on the side and lover of all things related to business, technology, innovation and the LA Clippers.