Admitting that your company has experienced a breach can be difficult. A breach can lead to a negative perception of your business, and most people will likely blame the company instead of the hacker or cybercriminal. In fact, according to recent studies, a data breach can cause 65% of consumers to lose trust in a business and 85% of consumers to stop engaging with an organization.
However, transparency with your customers when a breach happens can be the best course of action if you want to limit damage to brand image and reputation, and in the future it may be a requirement. In light of recent disclosures, new regulations proposed by the SEC in early March are more relevant than ever.
Proposed SEC disclosure rules
A lack of transparency regarding a breach can have severe consequences, especially when considering the proposed SEC rules. These proposed rules would require a company to notify customers (and other at-risk parties) within 96 hours of a material breach, along with the disclosure of senior management’s role in cybersecurity risks.
The proposal is an indicator that there is an increased expectation that company executives should play a role in cyber security risk management. This will likely lead to the thought that if a breach occurs, the quality of response will also rest more on executive’s shoulders.
Even if the SEC doesn’t move forward with the rule, there are still instances that show delaying or attempting to avoid transparency can be costly.
In addition, the FTC already has provided guidance on the legal requirements for businesses after a breach. These include the requirements to notify certain entities in the event of a breach, which varies by state and business type.
Negative implications may come with admitting to a breach, but delaying notifying consumers may make manageable consequences insurmountable.
Prepare for the worst to avoid the worst
The first step in data breach preparedness is having a plan in place for both early breach detection and response. Establishing a relationship with an enterprise oriented cybersecurity platform prior to a breach is essential for preparedness and response alike. Not only will this help prevent breaches from occurring, but it will be something your company can point to as proof that you have taken steps to protect customer information in the event of a breach.
Timing is key
You have an obligation to inform consumers that there has been a breach and explain what you’re doing to protect them. As word gets out about the breach, you will want evidence that you have already taken steps to mitigate harm to anyone who may have been affected by it.
Protect what you can
Breaches can have far reaching consequences that deeply impact customers. Providing individuals with compromised information privacy protection or credit monitoring services can give them the tools needed to limit further problems.
Providing resources for customers to contact if they experience issues related to the breach can help you identify any new developments. Customers need to feel heard and valued post breach, and this can be an effective way to provide them with a voice as events unfold.
What you do in the wake of a data breach can have lasting consequences on your brand and image
While no company is breach immune, coming forward about a breach is easier when you can show your company hasn’t been negligent in preparing for one. With a breach response plan in place, you can point to a road map to reassure customers that you have the situation under control.