Is Your Company Prepared to Communicate a Data Breach?

By Greg Beuerman

According to Business Week one in four US companies has already been victimized by a data breach. The FBI and other federal agencies claim there are only two kinds of companies in the world: Those which have been victimized and those that will be.

Is your company prepared to communicate with your key stakeholders when your number gets called?

Several months ago, BMF led a panel discussion for more than 100 leading Louisiana businesses on this very topic. Here are a few of the most important take-aways from our comments.

  • A candid risk assessment should lead you to understanding who your key stakeholders are and which ones should take priority once you’re sure you’ve had a breach. Not every stakeholder audience merits the same degree of early attention so set your priorities in advance, before you are tempted to respond emotionally.
  • Make sure your legal counsel approves every word you say or put in writing, and that your legal counsel understands all relevant federal and state laws and notification requirements. Documenting your actions is critical to protecting your legal rights.
  • Have your crisis / breach management team identified in advance, along with the roles they’ll each play if the bell goes off. Make sure you’re speaking internally and externally with a single, consistent voice.
  • Context is king. Make sure you’re putting what happened into an appropriate context so that you’re controlling your stakeholders’ anxiety and speculation.
  • Know your communication priorities in advance.Communicating a cyber or data breach is less about dealing with the media and far more about alerting and shoring up your main stakeholders: employees, vendors, customers, financial institutions and the regulators.
  • If your data breach does make the news, be sure to closely monitor both mainstream media and social media commentary for any inaccuracies or for rumor mongering by your competitors or others who seek to damage your reputation or business stability.
  • Even though your company has been victimized, don’t act like you’re the victim. The real victims might be your employees, vendors, customers or others whose personal and financial information may have been hacked.
  • Be the fastest and most credible source about what happened, why and what you’re doing about it. Create and drive your own narrative instead of responding to somebody else’s. 

In short, don’t be deluded into thinking that you and your company are immune from cyber attacks or breaches. In the current Covid-19 environment, with more professionals working remotely than ever before, companies need to be hyper-vigilant and prepared when it comes to cybersecurity.

For more information about how to best plan for and respond to a data breach, contact Virginia Miller or Greg Beuerman at 504-524-3342.