Back to Menu
Connecting You To Opportunity
What can we help you find?
| Login| Sign Up
Back to Menu
  • Login
  • Sign Up

How to Bounce Back from a Data Breach and Regain Public Trust

By Dustin York, Last Modified
Oct 23, 2018
> Technology

For a company whose brand and reliability among customers depends on the security of private data, it's hard to imagine a nightmare worse than a major data breach. Facebook is the latest to deal with such a crisis in an especially public way: The social media company recently confirmed that 30 million user accounts were hit by a data breach in September. Even worse, the company also announced that hackers pulled personal information on almost half of those breached.

It's hardly a problem limited to companies centrally in the public eye like Facebook. According to the Data Breach Index managed by Gemalto, over 14.5 billion data records have been lost or stolen since 2013. Today, nearly 7 million records are compromised daily, Gemalto adds.

For companies that hold consumer data, it's safest to consider this a matter of not if, but when it could happen to you and to start to strategize the proper response. When leadership plans for a cybersecurity threat, communication must also receive planning and attention. This communication work should not be seen as taking away valuable time and resources, but, instead, be regarded as a key piece of proper preparation and should be communicated to leadership so they can allocate the necessary resources to this strategy.

As a public relations pro, consultant, author, and speaker who specializes in branding and communication (in addition to being a professor of communication at Maryville University), I've witnessed many companies bungle the communications side of this type of crisis while focusing exclusively on the cyber fixes. Don't let that happen to you. Take these four steps in the event your company's information (and that of your customers or clients) is breached.

1. Report the facts quickly.

First and foremost, make sure you are transparent about the number of users affected. Some organizations make a risky gamble by releasing a number much lower than the truth, which inevitably results in a double blow – a crisis situation when the numbers are first reported, and yet again when the truth comes out.

Second, while it's true that "communicate quickly" is a piece of advice from crisis communication 101, keep in mind that during a data breach, you'll face a more complicated set of issues. For example, you'll need to work with law enforcement prior to public communication. That said, during this waiting period, be aware of every last company action. Limit extravagant bonuses and other moves that could be called into question when you speak about the breach. 

2. Get comfortable with uncertainty.

Unlike other crises that an organization may face, you may not know exactly how far-reaching the breach really is for an uncomfortably long time. Although you must communicate as quickly as possible, remain humble in your apologies, honest about what needs to happen to get the full picture of the problem, and focus on your commitment to protecting past, current, and future customers and stakeholders. 

3. Bring in a third-party investigator to help.

Don't mince costs on this measure. Let your stakeholders know that you've hired the best cybersecurity investigators to discover the breadth of the breach and fix this and any other weaknesses that pose risks for the future. 

4. Offer concrete help – with no hidden agenda.

Equifax offered one free year of credit monitoring to customers when the company suffered a breach. Accepting the free year meant customers gave up any possibility of suing Equifax for the incident, which was stated in very small print. In the end, the move may not have helped Equifax's case. Focus on helping and doing the right thing, even if it means spending money.

If you maintain open lines of communication, take steps to offer help and protection, and focus on the customer before the bottom line, your various stakeholders will notice.

We all know and accept the fact that these days, our online lives are subject to hackers. While we hope companies are doing everything they can to protect us, many companies will experience some level of breach at one point or another.

What will truly make or break consumer trust and loyalty is how a company handles and rectifies these situations once they occur and what protections they put in place to prevent it from happening again.

Dustin York
Dustin York
See Dustin York's Profile
Dustin York, EdD, teaches as an assistant professor of communication and serves as the director of the undergraduate communications program at Maryville University. His PR experience spans the agency, corporate, and political realms; York has worked for major clients including Nike, PepsiCo., and Scottrade Financial Services and as the public relations consultant on a 2008 political campaign. York’s doctoral dissertation examined the relationship between speakers’ nonverbal communication and audiences’ recall of spoken information. His method increased information recall by 22 percent and was published inEntrepreneur magazine and PR Daily. In 2016, he was included in St. Louis Business Journal’s 30 Under 30 list. At Maryville, York has facilitated the launch of a student organization that tackles public relations projects for one client per semester. Clients have included the St. Louis Library and Safe Connections, an organization in St. Louis working to end domestic and sexual violence. He also serves as the faculty advisor toPawprint, Maryville’s online student newspaper, and Saints Talk, a student sports podcast.
Like the article? Sign up for more great content.Join our communityAlready a member? Sign in.
We'd love to hear your voice!
Login to comment.
LoginSign Up