Discovering you’ve been hit by a data security breach is painful enough - but realising that customers are hearing about it first from the media just piles on the agony. However, effective PR can make a difference.
Sensational headlines about data breaches make uncomfortable reading. But it’s particularly shocking for a brand’s customers. Often, they’re learning in a brutal fashion that their personal data has been compromised by criminals.
Companies can have meticulous incident response plans in place. But if they cannot communicate effectively - and fast enough - they’ll be leaving journalists, editors and bloggers to tell the story their way. Most likely, the media will use attention-grabbing, clickable headlines rather than reassuring messages.
The worse the breach, the bigger the story. More accounts and more data equals greater coverage. And if there are fines, these will be mentioned, as will any failures to help customers or other mistakes along the way.
It’s a nightmare scenario that sends shivers through boardrooms everywhere.
However, well-handled PR can help to avert disaster and actually inspire customer confidence. In fact, a well-planned PR strategy should be an integral aspect of business continuity. That way, you’ll have a well-rehearsed plan of action in place to mitigate the impact of a breach and minimise any reputational damage.
A good PR agency can help, especially if they get to know your business.
Should a data breach happen, they can focus on your external communications, while you report the incident, implement your response and liaise with the Information Commissioner’s Office (ICO).
This will help your customers and your company’s reputation.
A report by Deloitte found that 33% of customers felt more trusting when they were alerted by a company directly to inform them that a breach had taken place.
If direct communication is possible, it should be a priority.
At the same time, the organisation’s reputation will be under scrutiny by the wider public, including clients and customers. So, when a journalist calls you will need to have a PR plan ready.
Holding statements can be prepared in advance for a range of eventualities.
Nominated spokespeople can be media trained and fully briefed on what is expected of them.
Any statements can include clear explanations:
- How customers are being helped
- How they can access help, and
- What steps have been taken to mitigate any potential damage
With professional PR guidance, you can also avoid obvious mistakes.
For example, check any pre-scheduled social media posts that continue to roll out in spite of the breach - so they don’t sound arrogant, unfortunate or insensitive.
But make no assumptions. Although you can anticipate a crisis, your plan needs to be battle-tested to see where any potential weaknesses exist. This can be simulated by experienced professionals as part of a full information security exercise.
Without naming names, clear examples exist of good and bad crisis communications. When a breach is mishandled, the story can snowball - and keep going.
The key to successful PR around a data breach is about not being taken by surprise.
If you anticipate a crisis rather than simply reacting to one, you’ll have time to formulate your most considered and measured messaging