The Costs of a Cyber Crime
The price tag of a security breach is staggering, with an average cost of $1.2 million. Cyber crime will cost the world in excess of $6 trillion annually by 2021 and financial costs are not the only consequences.
Ransomware attacks are the #1 cyber threat to businesses and are growing at a yearly rate of 350%. These often start with a simple phishing email and can lead to the complete shutdown of business operations. One-third of companies surveyed claimed their company lost intellectual property due to a cyber-attack and 36% of them believe the attack reduced their competitive advantage.
In today’s globalized business environment, organizations of all sizes face the prospect of falling victim to a cyber-attack or IT outage that could cause serious damage to its infrastructure and ability to operate.
Despite the improvement of cybersecurity techniques, criminals continue to develop sophisticated ways to disrupt systems and steal data. The need to prepare for cyber-attacks is more important than ever.
According to Cisco’s 2017 Annual Cybersecurity Report more than one third of the organizations that experienced a cyber breach in 2016 reported a loss of customers, business opportunities and revenue. The 2017 SonicWall Annual Threat Report reported an increase from 3.8 million ransomware attacks in 2015 to 638 million in 2016. In March 2016 alone, ransomware attack attempts rose from 282,000 to 30 million.
Communicating With Customers After a Breach
A security breach is a crisis and despite the conditions and cost, some businesses don’t communicate effectively to their customers.
A “data breach notification” is the formal term for the email you send to let customers know that there’s been a security breach. There are a few steps to getting this right, and the most important one is to treat your customers as humans first.
Here are some steps you can take to ensure you communicate effectively with customers:
- Be transparent about what happened
- Empathize with your customers
- Pay for an identity protection plan
- Give an incentive for loyalty
- Outline the ways you’re fixing the vulnerability
Be transparent when it comes to a security breach and your crisis communications. While your team is busy containing the security problem, communicate quickly, directly and honestly with affected customers and other stakeholders time is of the essence.
While every situation differs, your company’s initial communications to customers should include:
- A summary of what happened, and what information was affected by the breach
- What your customers need to do to protect themselves
- What you are doing to improve security in the future with as much detail as possible
Make it easy for customers to contact you. Include how they can get in touch with you either by phone or email and encourage them to contact you for assistance or questions.
Provide a briefing document to everyone in your company who interacts with customers and coach your front-line staff to convey empathy to customers and ensure they reinforce how seriously you’re taking this threat.
After the dust settles, evaluate your customer communications response to the security breach.
- What happened?
- How did it happen?
- What did you do right?
- Where could your company improve?
- How could you do better next time (it can happen again)?
The best way to manage customer communication during a security breach is to be prepared. Crisis preparedness is the defining factor in how well your company and its reputation weather a crisis. While no one can predict what will happen tomorrow, the likelihood of a cyber-attack is high. A good plan provides a solid foundation on what to do and how to do it.
Even the most thoughtful and effective security breach notification isn’t the end of a successful data breach response. One point of communication will never be enough with a customer support issue this huge.
If you want to maintain and attract back customers, you need to follow through on the dialogue you started. Keep your stakeholders and customers up to date on new security measures and take the leadership position by taking preventative steps in your industry to educate the public on a topic we just don’t talk about enough.