Developing a Data Breach Communications Plan

Data breach, data breach, data breach...

It seems a major data breach hits the front page of Google News every week. These kinds of news updates can be frightening for consumers and businesses alike. But even more terrifying might be the data breaches you don't hear about.

According to CSO, more than 50 percent of SMBs suffered security breaches during the period between the summer of 2015 and July of 2016. Data breaches impact small businesses just as they do big-name companies.

In response to the growing problem, many small business owners have adopted cyber coverage insurance. This is a smart move. Cyber insurance covers financial damages brought on by data breach. Certain plans also cover consumer credit monitoring, legal fees, and network repairs.

Still, even with all the problems data breaches can instigate, many companies neglect to develop a communications plan. Well, at least until they are forced to do so. Below, CyberPolicy will show you how to craft your data breach communications plan and discuss why this is so important.

Breaking the Bad News in the Right Way

"When a data breach happens, there is nothing worse than trying to figure out how to manage the crisis on the fly as it is still happening," writes Harvard Business Review. And they couldn't be more accurate in their assessment.

Data breaches are among the top three incidents affecting brand reputation, says Ponemon Institute. If these incidents are not handled carefully, you could torpedo your own good name. That's why it is so important to think ahead and plan what you are going to say. Hopefully, you'll never have to put your plan into action. But we all know hoping won't avert disaster.

Here's how to craft your own communications plan.

Decide who will take the reins. Pick someone to oversee the communications process from start to finish. This should be an employee with clout who can instill confidence in your organization. They should also be empowered to inspect every touch point along the way.

Task your security team. Whether you employ an internal IT team or an agency, you'll need someone to determine how the breach occurred. Make sure they inspect the network for secondary attacks, signs of incursion, and opportunities for improvement.

Determine what needs to be disclosed. If the breach contained consumer information, you'll need to disclose that to law enforcement, your cyber insurance provider, and the public. Be sure to share your findings early and carefully. You don't want to withhold important information, but you also want to inspire confidence.

Work with your PR team. Not all publicity is good publicity. If you suffer a data breach, be sure to connect your spokespeople with advocates in the media. You can't put a good spin on a cyberattack, but you can let the public know you are doing everything you can to remedy the situation.

Establish rolling updates to the public. This isn't a one-and-done communication situation. Deliver ongoing briefings as your investigation progresses.

Share what you've learned. Once everything is wrapped up, discuss how the breach occurred. This will provide valuable information to security experts and other businesses to help them avoid a similar incident.

Revisit your plan regularly. Don't just write up your communications plan and forget about it. Update it once a year or once a quarter, depending on your needs.

If you are worried about the consequences of data breach, CyberPolicy is here to help. We can connect you with a lauded cyber coverage insurance provider free of charge. Visit CyberPolicy for your free quote today!

© 2016-2020 CyberPolicy, Inc. All rights reserved. CyberPolicy®, "Plan. Prevent. Insure."™, and "CyberCheckup"™ are trademarks of CyberPolicy, Inc.
DBA: CyberPolicy Insurance Solutions CA License No. 0L13180
DBA: CoverHound Insurance Solutions CA License No. 0H52375