TEST to main content First level navigation Menu
Hands typing on a laptop computer.

Crisis alert: How to respond to a data breach

by ​George Dearing
 
The number of data breaches and cyber attacks is increasing. Javelin Strategy & Research1 says fraud losses from existing bank accounts and credit card accounts were up 45 percent last year to $16 billion. Welcome to the new world of work — with new and advanced threats.

The good news is that companies are realizing that how they react to a breach can be just as important as the technology infrastructure they use to defend themselves against attackers.

“Customers will always judge a business by the swift action it takes, rather than what got you into trouble in the first place,” said Jason Maloni, SVP at communications firm Levick, as quoted in the Wall Street Journal.2

So if you’ve been breached, and don’t know how much of your customers’ personal information has been stolen, what do you do? Let’s break it down into steps. 
 
Infographic illustrating data breach incidents.

1. Establish a data breach response team

Even though the technical pieces are typically handled by IT security, your overall response to a data breach requires a team of multiple people from various departments. Depending on the size and complexity, it should at least include the manager of the program experiencing the breach, the CIO, chief privacy officer, general counsel, someone from your crisis communications team, and an executive from finance or procurement. 
 

​If you haven’t already, you should establish procedures for quickly reporting a suspected or confirmed breach.

 
Infographic illustrating the incident response plan.

2. Prep your employees on roles and responsibilities 

It’s important to make sure employees are well versed when it comes to your data breach response plan. As your plan is tested and refined, make it a point to spell out everyone’s roles and responsibilities. And make sure everyone assigned with a role knows how information flows (or needs to flow) between departments during a crisis, and how decisions are made within the organization. Timeliness is critical when responding to a data breach, and not being able to find the right people for an important decision can be costly. 
 

3. Assess the extent of the breach and its impact

The assessment step is when it’s necessary to gauge the extent of the risk and how stakeholders might be harmed. Once that’s determined, businesses can then determine whether customers should be notified. Since your responses could often be highly visible, even public, make sure company officials are thoroughly briefed on how to articulate the breadth of the situation. The more details you can provide the media or customers, the better off you’ll be if the situation escalates. If you’re found to be hiding important information from your customers, the PR hit could be devastating for your organization. Be open and upfront. 
 

4. Have a clear process for reporting data breaches and know which agencies to notify 

If you haven’t already, you should establish procedures for quickly reporting a suspected or confirmed breach. As mentioned in the second bullet, knowing where to go for information during a breach is critical. A well-crafted response plan lays out which resources are best suited to respond to a particular request for information or action. Once things inside the organization are perfected, response times to external organizations and agencies will improve. 

Responding to a security breach 

Strengthen your security and take charge of your information today. 
 

5. Analyze responses and identify lessons learned 

Businesses should always review and measure their responses to a data breach, even the most basic actions that were taken. By identifying the lessons learned, companies can build that expertise into their compliance and governance models that deal with security and privacy. And keep testing and refining your response plan — you don’t want a major incident to be the plan’s first test.

For more information, check out this McKinsey piece3 on incident-response strategies. 
 
Author Icon
George Dearing has more than 15 years of experience helping organizations understand how information, technology, and the internet impact business. As founder of the Dearing Group, he advises clients on strategy, business development and communications. After working for one of the first internet consulting firms (USWeb) in North America, he’s run marketing groups at software companies, directed strategic alliances at professional services firms, and helped early-stage companies deliver software-based business solutions. 
 
 
1 Robin Sidel. "Fraudulent Transactions Surface in Wake of Home Depot Breach." Wall Street Journal. September 23, 2014.https://www.wsj.com/articles/fraudulent-transactions-surface-in-wake-of-home-depot-breach-1411506081
2 Steven Norton. "P.F. Chang’s Confirms Data Breach; Now Comes the Hard Part." Wall Street Journal. June 13, 2014. http://blogs.wsj.com/cio/2014/06/13/p-f-changs-confirms-data-breach-now-comes-the-hard-part/
3 Tucker Bailey, Josh Brandley, and James Kaplan. "How good is your cyberincident-response plan?" McKinsey & Company, December 2013. http://www.mckinsey.com/business-functions/digital-mckinsey/our-insights/how-good-is-your-cyberincident-response-plan