PR tips for managing a data breach
A new National Cyber Security Centre is launching this Autumn in a bid to protect the UK and stem the tide of cyber attacks taking place daily.
The new security centre funded by central government will bring the UK’s cyber expertise together to transform how the UK tackles cyber security issues.
The move is to be welcomed. The government’s Cyber Security Breaches Survey 2016 (external link) reports that 65% of large firms detected a cyber security breach or attack in the past year. The greatest cost of a breach identified in the survey was £3 million.
According to the data, the average cost of dealing with one of these security breaches is £36,500 for a large business.
This is why Hiscox offers cyber and data risks insurance to a broad range of organisations, including charities, retailers, technology businesses and professional services firms.
This type of insurance is something you should consider taking if you:
- hold customer information such as names, addresses and banking information
- are reliant on computers to conduct your business
- have a website
- are subject to a payment card industry merchant services agreement
Want to know more? Read the what is cyber insurance? guide.
While free advice and support about how to prevent a data breach is readily available from the government and companies such as Symantec (external link), businesses need to do more than just improve their cyber security standards.
They also need to be ready to handle any communications around a breach, which is why the reputation management support included in Hiscox’s cyber and data risks insurance product is an important extra service.
An organisation that handles a data breach badly can seriously compound the issue through poor communications.
James Webster, Hiscox Technology, Media and Telecoms Claims Manager, says data breaches are common place and the media is taking an increased interest.
"Ransom attacks are increasingly common, and can come in all different shapes and forms. They can be virus, spyware or malware related, or an impersonation of your business.
"Data breaches where personal information or financial details have passed into the wrong hands continue to hit the headlines and this isn’t just an issue for businesses the size of TalkTalk and Ashley Madison."
Without good communication and strong leadership, organisations run the risk of looking inept or negligent and destroying any goodwill they may have built up in the past.
"If your business has been affected and then fails to communicate effectively, it will be a hard job to win back customer trust. Without the right support, many businesses will fail," says Webster.
It’s all in the planning
Issues don’t have to get out of hand if the right planning is done in advance.
Just as businesses should consider implementing the guidance on basic cyber security practice available through the government-backed Cyber Essentials (external link) scheme, they should also use a public relations consultant to develop a communication contingency plan.
A good PR consultant will work with all relevant parties such as legal, security, and IT to develop a protocol to follow the minute a breach has been detected.
From defining what information was compromised and who was affected, through to helping management implement the Regret, Reason and Remedy rule (external link), your professional advisers will help maintain trust in the organisation by preparing and updating media statements as the situation evolves and monitoring your reputation.
Cyber attacks and data breaches are a fact of business. The government may be investing in a new National Cyber Security Centre but it’s also down to industry to protect itself.
For business owners or employees interested in cyber security, the Hiscox Cyber Readiness Report provides an up-to-the-minute picture of the cyber readiness of organisations large and small. It also offers a blueprint for best practice in the fight to counter an ever-evolving threat.