Businesswoman preparing a data breach response plan
Oct 2022 | Fraud Prevention
By Posted by Jim Steven

Businesses face many competing priorities

That’s never been truer than today, when the working environment is changing faster than ever and businesses are adapting to a digitally led economy. But in such a dynamic environment, the risks to businesses are also increasing – whether that’s the risk of a cyber-attack, health emergency, natural disaster or product defects.

Obstacles to crisis and response planning

Risk management is a high priority in every boardroom, but recent independent research carried out for Experian found that only half of businesses have a crisis response plan in place. That leaves many at risk of disruption, financial loss and reputational damage if they were to be hit by a crisis.

There are many barriers to implementing a crisis response plan, which were identified by our research. The three most prominent obstacles were:

Complexity - 49%


Cost - 48%


Time - 39%


Here, I’d like to address each of these objections and demonstrate how planning for a crisis response now will ultimately result in significantly lower costs, less time spent resolving issues and fewer damaging impacts on customers in the event of a crisis.

Preparation cuts the complexity

We know from experience that businesses never think it’s going to be as difficult as it actually is to go through and then recover from a crisis. It’s only in the turmoil following an incident – such as a data breach – that most businesses begin to understand the layers of complexity involved in even something as simple as notifying customers. At that stage, when urgent communication is essential, it’s too late to discover that you don’t have up-to-date customer contact address details. In this video, I talk more about the complexities of notifying individuals:

Then there are the essential notifications to regulators to ensure you follow the correct legal procedures. In the case of an IT breach, how do you go about tracing and recovering the lost data? If a cyber-attack has disabled your IT systems, how will you function at all? In a ransomware attack, you may be locked out of your systems with the criminal threatening to release compromised data. How do you know who to inform, what to tell them, and how to respond? There’s so much complexity involved in planning and executing the response to a crisis. And different types of crisis require different levels of response.

The complexity involved is multiplied if you haven’t thought about all of these eventualities in advance. In comparison, developing a crisis response plan ahead of time is a much calmer experience.

With the right specialists to advise and guide you, the burden on your organisation can be lifted and the whole process greatly simplified. The crisis response team at Experian live and breathe consumer crisis planning every day – so we know how to develop the correct response for your organisation and the types of crises it might face. Feel free to connect with me on LinkedIn and I would be happy to advise you more.

Time is of the essence

The same applies to the time required to develop a response plan. Time wasted in any crisis response could exacerbate the financial, reputational and emotional damage to your business and its customers. A swift and targeted response is the key to minimising losses and maintaining trust among your customers as you strive to recover from the incident. The time and resources you dedicate to developing a robust plan up front will save untold time and resources in the heat of a crisis.

Planning costs over-estimated

One of the biggest concerns for business leaders is the cost of creating a crisis response plan. But, in reality, those costs can be minimal. At the simplest level, you can build a basic recovery plan using freely available resources, such as the Experian readiness hub. Or Experian can offer more tailored advice, support and services.

For a cost starting from c.£30k, our Guaranteed Reserved Response Service provides your business with the ability to reserve, in advance, all the resources you need to deliver all components of a customer-facing response. That includes a dedicated senior crisis response manager to oversee your response, and full contact centre and notification resources to meet the communication requirements of your customers.

That’s a small price to pay for the peace of mind that your business is poised to respond efficiently to resolve any crisis. By contrast, the costs of failing to respond effectively are potentially devastating. In our survey, we asked leaders for their estimate of the cost (as a percentage of turnover) of a failure to prepare for and respond well to a crisis. On average, respondents in businesses with a turnover of £1m- £9.99m thought it would cost 36% of turnover. That equates, on average, to a cost of £1.97m.

Download the full whitepaper

You can read a detailed summary of the findings in our whitepaper: Crisis Response: Assessing the readiness of UK organisations to manage the impacts of a consumer crisis.

Download whitepaper

The time to plan is now

The resources, time and cost you need to invest now to prepare well for a crisis will seem insignificant if your business is impacted by a crisis. And with 100% of businesses surveyed believing they are at risk of a crisis in the next 18 months, it’s an investment no business can afford to forgo.

Are your crisis response plans fit for purpose? To find out more about crisis response planning, please visit our Data Breach page and contact one of our specialists. To explore our research findings in more detail, please download our whitepaper: Crisis Response: Assessing the readiness of UK organisations to manage the impacts of a consumer crisis.