The list of notable organizations who have suffered a cyberattack is all too familiar. The likelihood of joining that list—whether by malware, ransomware or data breach—increases almost daily.
While the hazards are higher, so too is the cost of an attack. According to the Ponemon Institute, the price tag for each lost or stolen record containing sensitive or personal information rose to $201 in 2014, up from $188 in 2013.
And that’s just the beginning. When a cyberattack occurs, how an organization responds will determine whether there is long-term fallout and irreparable damage to the brand.
Ultimately, there is one audience who makes that determination: your customers.
Ponemon research saw customers are more likely to terminate their relationship with an organization that had experienced the security breach. Financial institutions top the list of industries most affected.
The key to maintaining customer loyalty during a time of increased anxiety is thoughtful preparation. Organizations that survive data breaches often have these three principles in mind during the preparation process.
Put Plans in Place
There are numerous steps to mitigate risk factors. Being prepared allows you to reap the benefits of a quick response, including relieving customer concerns. After a breach, customers want to know what happened and how your organization will assist to relieve any harm that may occur.
To be truly effective, an incident response plan must operate across all functions and involve key stakeholders. Hacking is not just an Information Technology issue; in the event of a breach, response efforts extend well beyond the IT department. A well-crafted plan will begin with the customer in mind and will be carried out by virtually every department in an organization.
A stagnant plan will be of little use. Hackers are constantly evolving their methods—and plans should be updated regularly and flexible enough to deal with new types of threats. Additionally, plans must undergo end-to-end testing using data breach simulation exercises. A critical component of a successful response involves simulation testing with internal stakeholders and external partners that have a role in a live breach response.
Realize that Success Depends on Openness
Making public statements without a clear understanding of the facts can create confusion and mistrust while opening up further risk. However, remaining silent is not the answer either.
In 2010, the town of Poughkeepsie, New York, lost $378,000 when its accounts were hacked. The Town Supervisor blasted the bank on two counts. The first was obvious: failing to detect the breach. Nine attempts were made, four were successful. But equally galling to town leadership: No one from the bank explained the hack in person.
More recently, retail giant Target saw customer satisfaction with service drop more than 3 percentage points in the six months after its data breach. Among its high-end customers—who are more likely to use the company’s credit cards—that drop was 9 percentage points. Target was dinged for its slow response and its failure to point out how it would prevent such an attack in the future.
Companies in the midst of a data breach must be honest, open, and accurate in sharing available information. Having to go back and correct information that was previously released often escalates the situation further.
Put Customers First
Customers rely on the organization affected to make things right. Although frustrations associated with the attack are high, individuals frequently do not take steps to protect themselves. A survey found that only 27 percent of consumers had taken steps to protect their information in the wake of the Target attack.
Customers will judge harshly if they feel the organization has failed to protect them. This judgment can have a lasting impact on customer loyalty and the bottom line. That’s an important realization—one which should drive all of an institution’s cybersecurity efforts.
Free credit monitoring often is offered immediately to customers when a firm’s data has been breached. Yet customers continue to show that they resent being forced to register with an outside organization to receive the credit monitoring service. Explore all solutions and select the one that makes accessing protection as simple as possible for your customers.
Companies that put their customers first will make the right decisions every time. A cyberbreach response must be built with the customer in mind first.