The reputational injury following a data breach can be severe. Indeed, reputational injury – including lost customers – often surpasses legal liability.
Effective management of the reputational impact of a data security incident requires a proactive and reactive strategy. The proactive strategy assumes that the organization will control when, and what, information will be conveyed to the public, media, and impacted consumers. For many organizations the proactive strategy that they choose is to wait until their investigation of an incident is complete so that they can provide the public with the most accurate and meaningful information.
The reactive strategy anticipates that the public may be alerted to a possible security incident at a time when the organization may not have full or complete information. The reactive strategy must carefully balance responding to requests from the public for details that may not be known to the organization. While the pressure to provide information can be significant, providing inaccurate, incomplete, or preliminary information can confuse consumers, increase the likelihood of legal liability, and, in the long run, lead to worse reputational injury. Due to the complexities involved, many companies retain third party communications, public relations, or reputational consultants to help manage reputational impact. The following provides a snapshot of information regarding reputation management.
Percentage of people that reported that they “trusted” family owned businesses.1
Percentage of people that reported that they “trusted” big business.2
Percentage of customers that boycott a retailer if a data breach has been reported.3
$3,964 - $240,000
Range of money spent on a crisis management or public relations firm following a data breach.4
What to think about when retaining a consultant to help manage the reputational impact of a security incident:
1. 2015 Edelman Trust Barometer, 7, http://www.edelman.com/insights/intellectual-property/2015-edelman-trust-barometer/trust-and-innovation-edelman-trust-barometer/executive-summary/.
3. Interactions Marketing, Retail’s Reality: Shopping Behavior After Security Breaches, Retail Perceptions (July 2014), http://www.interactionsmarketing.com/retailperceptions/pdf/Retail_Perceptions_Report_2014_06.pdf.
4. Net Diligence, Cyber Claims Study 2015, (2015), https://netdiligence.com/wp-content/uploads/2016/05/NetDiligence_2015_Cyber_Claims_Study_093015.pdf