Data breaches are stressful, time-consuming to resolve and potentially costly for individuals and businesses alike – with the risk of long-term reputational and financial damage. Four in ten UK businesses (39%) reported having cyber security breaches or attacks in the last 12 months alone, and this is much higher among medium-sized businesses (65%) and large businesses (64%).
Preparing a thorough response to any potential data breach is the best chance you have to protect your consumers, safeguard your reputation and minimise disruption to your business. The longer it takes to respond to any data theft, the greater the risk of damaging your brand, endangering your customers and harming your future prospects. Preparedness is everything; everyone in your business needs to understand the risks and be ready to support your response.
Experian has compiled a comprehensive guide to help businesses develop robust data breach response plans. You can download the full guide here, but in this blog I’d like to outline the five key actions that will enable your business to respond with confidence to any data breach.
1. Be prepared
Being prepared means ensuring you have the resources to respond quickly and to notify all relevant parties if a breach is discovered. Such a fast response is only possible with extensive forward planning and understanding of your consumer data. Our 2019 Data Breach Consumer Survey Report found that, following a data breach, 90% of consumers would be more forgiving of companies that had a response plan in place. Nearly 70% said they would stop doing business with a company that had a poor response.
Financial services firms have long been the prime target of cybercriminals, but today companies of any size, in any sector, are vulnerable – especially with the rise of e-commerce and online transactions. No business can afford to be complacent.
2. Create your plan
Consider the type of data your business processes, and identify where potential attacks may occur. Your plan needs to set out how you will investigate and remediate any data infringement, how you will notify consumers and provide the information they need quickly, how you will notify relevant authorities and communicate with the wider public. You need to prepare all communications in advance, so you can deploy them quickly when necessary. Think about the resources you will need to contact potentially thousands of customers within hours or days of a breach.
3. Build your response team
It’s vital to assemble your data breach response team well in advance. This team should include:
- Incident lead – determines when a full response should be activated, coordinates the overall response, acts as intermediary between team members.
- Customer Care – assists in developing and delivering phone scripts and notifications, logs call volumes, provides dedicated call centre and email response.
- C-Suite – engages in planning and implementation, maintains communications with directors, stakeholders and investors.
- IT – identifies security risks, trains personnel in data breach response, works with partners to identify compromised data and eliminate hacker tools.
- PR/Communications – determines notification and crisis-management tactics, develops customer communications, tracks media coverage and responds appropriately.
- HR – develops internal communications and handles employee queries.
You need to identify relevant external partners too, which could include legal, forensics, crisis-communications and data breach response specialists, as well as key influencers, regulators and insurers.
4. Practice and refine
Once you have established your response team and partners, you should conduct department-specific training and practise implementing your plan. Everyone needs to understand their responsibilities, both in preparing and responding to a breach. Only by practising repeatedly can you identify potential weaknesses and gaps in your resources. We recommend conducting simulation drills every six months, involving the entire data breach response team and external partners, covering multiple possible scenarios. Finish with a debrief to discuss the lessons learned and implement improvements where necessary.
5. The first 24 hours
Acting decisively within 24-hours of a data breach is key to regaining your security, preserving vital evidence and protecting your customers. As soon as a breach is identified, you must initiate your plan and mobilise your team. It’s essential you collect and record all the information you can about the data breach, including all communications with regulatory bodies and legal professionals.
Put customers first
Remember, customers are at the heart of everything you do in response to a data breach. Your plan needs to ensure you are ready to notify them quickly and sensitively about any incident. You must be ready to tell them what’s happened and what actions you are taking. That will be crucial in minimising distress, providing reassurance and protecting your reputation. Make sure you have up-to-date contact information for all customers, and are ready to upscale your call centre support fast so customers always have an expert to talk to.
How well prepared and resourced is your business to respond to a data breach?Review our checklist to find out
For comprehensive guidance on creating your own plan, download our full Data Breach Response Planning Guide. As the data specialists, Experian works with organisations of all sizes every day to implement pre- and post-breach response plans, including customer notifications and call centre resourcing – ensuring our clients can act decisively, protect their customers, and recover rapidly from any cyber-attack.
 Cyber Security Breaches Survey, The Department for Digital, Culture, Media and Sport (DCMS), March 2021