Customers and clients put an extraordinary amount of trust in business, and the negative effects of a cyber incident can damage that trust. In fact, consumers are becoming much more selective with their purchases and investments, especially regarding cybersecurity. A 2020 Vertias study found that 40% of consumers personally blame CEOs for security breaches. This trend is expected to grow as technology permeates the consumer market.
To remain competitive, companies must be transparent in their cybersecurity policies and communicate incidents to the public. How should you share the difficult news in the case of a cyber incident? Here are some best practices to include in your organization’s response plan:
Be Honest and Open About What Happened
Though it isn’t easy to announce a cyber incident to customers and clients, it is critical to communicate the issue honestly. Establish who has been affected, the data exposed, and the potential impacts of the breach. Announcements should explain the steps your company intends to take to remedy the breach and how the factors that caused the incident have been fixed. Share steps you are taking alongside law enforcement to ensure the public that you are working with the proper authorities. Contact affected customers regularly with updates.
In 2017, a compromised security vulnerability at Equifax exposed almost half of the American population's personal data. It took nearly two months for Equifax to disclose the incident, further damaging public trust. Consumers want to know how to respond to any personal data compromises, so it is essential for companies to communicate incidents quickly. Communication should be proactive and reciprocal to ease the fears and concerns of data compromise. Your whole team will need information about the incident, including key stakeholders, your board of directors, and any vendors who may be affected by the breach.
What to Include in Your Customer Communications
- What customers should do to protect themselves.
- A summary of what happened and what information was affected by the breach.
- Action required on the part of the customer.
- How your company will improve security.
Establish Clear Communication with Customer-Facing Employees
Employees working in a customer support role must be briefed with as much detail as necessary to handle questions and concerns. Be sure all messaging is consistent and clear. Update employees as the situation progresses, and don’t forget to inform them when the threat has ended. In the case of ransomware or malware, a bad actor may be able to monitor internal communication to determine if you have noticed the breach. Have backup methods available offline, such as a phone tree or messaging service outside your system to communicate internally.
Monitor Social Media to See What Your Customers and Stakeholders are Saying
Information travels quickly, especially on social media, and falsehoods and rumors can damage your reputation. Negative feedback increases the risk of reputational harm. To facilitate trust, assign specific people to monitor social media feeds and reply to posts or direct messages. Customers may be angry or fearful, so it’s crucial to address these concerns with speed and sensitivity.
Prepare for Future Incidents with Lessons Learned
Unfortunately, cyber attacks are inevitable in our interconnected world, and no system is 100% secure. Taking strides to implement reform and upgrades to your digital landscape is an important part of repairing trust and restoring your brand’s image. Share your efforts to improve security with your customers to demonstrate that you are investing in data protection. This should also include the steps you’re taking to prevent future attacks. Don’t forget to include press releases in your communication to establish credibility.
Every business is at risk of a cyber attack. Create a crisis communication plan ahead of time so you are ready to respond to cyber threats in a quick and effective manner.