Loading...

The Three Rs of a Data Breach: Respond, Reassure & Recover

The ability to act quickly after a data breach is essential, but only achievable if you have a plan in place

Current research from Experian and ComRes shows that one in five businesses of all sizes has experienced a data breach in the past two years (21%).

As the world of business and data security incidents rise, so does the risk of financial and reputational damage related to an incident. There is no doubt about the interdependency on strong readiness plans. Plans need to be tailored to the array of businesses stakeholders’ and the diverse scenarios that can present themselves.

A prepared business understands the essential primary considerations, such as where high value assets are held within the organisational structure and identify the necessary safeguarding measures. Additionally, the potential financial risk coupled with the pre-prepared plan ensures the business can act quickly and strategically before and following the incident to regain security and protect the brand.

Clean data vs aged data when you need it

In the event of a breach the importance of clean and up-to-date customer data cannot be over-stated. Experian’s new statistics show that only 47 per cent of businesses of any size say they have clean customer and/or employee data, the majority, 90 per cent, review it just once a year.

This will cause unintended consequences. The problem with uncleansed customer data is that it can severely hamper an organisation’s ability to act efficiently in the event of a breach. Finding out new customer details during a crisis is time-consuming, damaging to reputations – and potentially impossible. The right time to be seeking up-to-date customer details is before an emergency strikes, not right after.

What customers expect from businesses

Beyond speed of response to a data breach, it’s also important for organisations to bear in mind what customers expect in terms of a response time in terms of a notification. Our research shows that more than half (52%) of people expect to be contacted and notified less than twelve hours after a breach. Only 20 per cent of businesses, however, would expect to contact its customers within that timeframe. Clearly there’s a large mismatch, and one that may be difficult for companies to bridge. This is where data cleanliness, data hygiene, and robust and well-defined data processes come into play, as they can support the very best response and earn the goodwill of customers affected by the event.

With a thoroughly well-defined and practised data breach response plan in place, none of this would be a major worry. There would be a team or third-party partner in place to deal with notifying customers in an incident, and all within the legal timeframe. The plan may also provide for a customer call centre that has the capacity to upscale to deal with the response, with legally pre-approved frequently asked questions to hand. Getting ahead of a problem being the best way to solve it, after all.

Having a pre-arranged response plan in place is therefore critical when racing against the clock following a breach. It allows a business to act quickly and prevent further data loss. It means you can respond, reassure and recover. And during a crisis, that’s a strong position to be in.

Author: Jim Steven, Head of Data Breach Response, Experian

Read our whitepaper: Readiness vs reality

www.experian.co.uk/databreach

This article is about: data breach, data quality, GDPR