Crisis Management: How organisations can prepare better when the next data breach strikes
By Lena Soh-Ng on August 01 , 2019
- Crisis Management: How organisations can prepare better when the next data breach strikes
- Huntington Communications – Part of PROI Worldwide Closing in on US$1 Billion in Revenue
- ASEAN PR Trends: Regional Insights for Local Impact
- When your reputation takes a hit
- Evolve or go Extinct: Four Trends Bringing PR into the Future
- August 2019
- June 2019
- March 2019
- January 2019
- December 2018
- November 2018
- September 2018
- July 2018
- June 2018
- May 2018
- April 2018
- March 2018
- January 2018
- December 2017
- August 2017
- May 2017
- March 2017
- February 2017
- January 2017
- December 2016
- June 2016
- May 2016
- April 2016
- March 2016
- February 2016
- January 2016
- December 2015
- November 2015
Just this week, international beauty retailer Sephora admitted to a breach of its online users’ data, affecting customers in Singapore as well as in other countries including Malaysia, Indonesia, Thailand, Philippines, New Zealand and Australia. News quickly went viral, gathering significant attention and sharing amongst various media outlets and online netizens.
Sephora’s data breach has made headlines on major news outlets, and garnered attention on social media
Such incidents, while not the first of its kind, will also likely not be the last we will see in the near future.
As TechTarget said, “Assumption of breach is the new norm.” Fortified online security walls are growing weaker by the second, as online predators are developing new coding formulas. While crises often happen unannounced, the increasing unpredictability of the digital world calls for planned crisis management strategies to be put in place.
Here are some hard facts:
Brands and organisations who suffer data breaches risk losing their customers’ trust
According to a study by KPMG, 19% of consumers said they would completely stop shopping at a retailer after a breach, and 33% said they would take a break from shopping there for an extended period.
Data breaches can also cause significant financial impact
In 2018 alone, according to IBM Security findings, the average cost of a data attack in Southeast Asia can stand at $2.53 million.
Effective reputation management extends beyond just reacting to a mishap as it happens – it is developed from the start. Whether big or small, modern or traditional, it remains integral that organisations are built on stable crisis management structures.
Here are important considerations in crisis management:
Prepare for regular crisis audits to stress test systems
Crisis auditing is essential in any crisis management strategy. Take for instance, one of the biggest data breach incidents that shook the world – the Facebook crisis that affected 87 million users. When CEO Mark Zuckerberg issued his response only five days after the incident blew up online, Facebook’s shares had already fallen by 17%.
Carefully crafted and comprehensive response plans are essential. This involves planning for the worst possible worst-case scenarios, determining which stakeholders would be affected and how. Systems that have to be in place and can be activated immediately are important. Dry runs are also useful in preparing teams to be crisis-ready.
Real time updates – an integral building block of trust.
Generally, customers like to be in the know – more often than not, it is not a formal apology they seek, but the company’s transparency and genuine desire to rectify the issue. For example, in 2017, Gitlab (a software development company) accidentally removed clients’ data from the primary database server. This led to 18h of downtime, affecting clients such as IBM, Sony, NASA, and Alibaba. The company swiftly gave updates on their social media explaining what had happened and how they planned to fix it. They also set up a social audience engagement strategy – constantly updating their audience via Google Doc, a hashtag #HugOps and even live-streamed the problem-solving process.
Owning the mistake and ensuring clear communication is key to building trust.
Response time is key
Target’s 2014 incident is an example of an effective crisis management strategy. They transformed their Facebook and Twitter pages into direct lines of communication with customers, updating customers on its investigation progress, call centre response time, and offering monitoring services. The CEO’s message was also published on the company website with the necessary social sharing functions. Their thorough crisis engagement with customers proved their commitment to defending customers’ privacy and wellbeing.
While data breaches are sensitive and can generate widespread unhappiness, companies who take to the discussion pages can intercept sources of inaccurate information and extend their genuine remorse for the incident. Organisations should also reply the negative comments.
Build relationships with external stakeholders
As the African proverb goes – “If you want to go fast, go alone. If you want to go far, go together”
This is often overlooked. In the case of a data breach, there are companies in this space that can provide perspectives such as types of threats at the time, processes that companies have undertaken and put things in perspective for the media. Companies do not have to tackle the issue all by themselves. Apart from data forensic companies, external stakeholders can also include industry associations and consumer watchdog groups.
Take for example, SingHealth’s massive data breach in 2018 that affected over 11 sectors including government, banking, healthcare and more. Apart from the Government’s statement, the Cyber Security Agency (CSA) also disclosed thoughts in a review of the public sector’s cyber-security policies together with the Smart Nation and Digital Government Group (SNDGG). The provision of multiple external opinions served to add greater assurance to the audience.
The Crisis Recovery phase is often overlooked
In many organisations, the post crisis recovery phase is the least planned for. When Huntington Communications managed a food scandal for a global furniture retailer, the post crisis phase of offering meatballs at $0.10 each caused long queues, strong editorial approval and resulted in a Singapore Book of Records title for the most number of meatballs sold in a day. It was a runaway success, which would not have been possible without proper planning.
While crises often cannot be predicted, companies can be prepared. After all, the reputation of a company is made up of the sum total of all its stakeholders’ perceptions.
@PROIWorldwideOctober 04 , 2019
RT @ClareParsons_: Great sharing , packed breakout sessions at our @PROIWorldwide EMEA agency meeting. Here for ‘Building trust workshop ,#…
@PROIWorldwideOctober 04 , 2019
RT @ReakesSarah: @KISStalk on tour @PROIWorldwide EMEA meeting in #prague - 3 days with our agency partners sharing communications insight…
@PROIWorldwideOctober 01 , 2019
#PROI USA agency @360prplus announces Victoria Renwick, Mike Rush Named 360PR+ Partners! https://t.co/VWPNXWUw5j
@PROIWorldwideOctober 01 , 2019
#PROIEMEA partners start the journey to Prague! #PROIRegionalSummit led by @Ronyazab @4PRGroup @KaijaCoco @Cocomms… https://t.co/BEMYE85Fjy
@PROIWorldwideSeptember 27 , 2019
RT @GlobalPRMan: SO PROUD: of @PROIWorldwide in Africa as Agency leaders met at our first Pan-African Summit in Capetown, South Africa, hos…