When a data breach goes public, especially if the affected company kept it a secret from the people who use their services, the resulting outcry can have a negative impact on the victim’s reputation. Keeping threats and breaches quiet only cause customers to lose trust in the company’s ability to keep their PII safe. Think about it: Remember the 2016 data leak that exposed Uber’s database of names, addresses and driver’s licenses for riders and drivers alike? A cybersecurity breach costs more than the initial damage: Users may opt to switch services, your investors could pull out and recuperation or litigation fees can really pile up.
It’s understandable why cases like Uber didn’t want to announce to the public that they’d been hacked. Instead, they discreetly paid off the ransomware and users of the app didn’t find out for a year that their information had been compromised. Waiting for the cat to let itself out of the bag prevents customers from taking their own security measures with their accounts as they see necessary. Ultimately, it does even more damage than facing the consequences upfront.
When it’s time to own up to a data breach or loss, businesses fare best when they’re open and honest with their customers about the event from start to finish. Here’s why.
The Risks of Keeping Quiet
No one likes to feel as though important information has been hidden from them, for any length of time. Customers are the same. When they’re kept abreast of a breach, what the company is doing to remove the intruder and recover data, and post-attack recovery efforts, customers can trust you to protect and inform them in the future. Instead of wondering all the time if they need to change their passwords, they’ll know for sure when it’s necessary. They also feel comforted knowing the steps you’re taking to recover data and patch the vulnerabilities are effective, or can take their own additional precautions, when you’re open about the steps being taken to combat the threat.
Well aside from the risk you run of pushing away customers with silence, there may also be legal repercussions at stake. For example, banks are experiencing cybersecurity reform that requires them to report breaches, data corruption and the like within 36 hours. As more people, industries and governments turn their attentions toward better cybersecurity systems, it is likely that there will also be more legislation written to support cybersecurity for our critical infrastructures (like The Cybersecurity Act of 2021) or to invest in technology that will change the industry altogether.
“That Can’t Possibly Work!”
If you’re still feeling inclined to keep breaches a secret from your client base, consider that other organizations have already made that difficult announcement and you can see what these “guinea pigs” uncovered.
Corporations like Microsoft, Google and Apple – whom you expect to keep your most sensitive online data locked tight – have all disclosed breach incidents in the past few years. This only goes toward normalizing the high probability of cyberattacks given how advanced these threat tactics have become. As it turns out, customers prefer this route.
- Knowing real-time information about the hack and its patches allows customers to make the best decisions about their own accounts
- They can trust that you will disclose attempted hacks in the future, thereby feeling more secure in your hands around the clock
- Disclosures about how you’re going about fixing the breach and preventing it from ever happening again give them more education and knowledge about cyber-threats and -security, helping to prevent future hacks on their devices
- Even notifying users about vulnerabilities detected and patched before the software has been launched helps build brand loyalty
People appreciate straightforwardness, as long as the underlying effort is there. Being truthful about attempted or successful cyberattacks garners more support than vitriol for your brand.
You already have so much to think about when a breach is discovered in the company network. What to do, who to tell and what protocol to follow are all swimming around your mind. Instead of shying away from your loyal base, take the opportunity to lean on your support network through tough times, while simultaneously reassuring them about how you’re working to recover and protect their most sensitive data.
Cyber threats are a danger to your business as well as the customers who trust you. Encrypting and backing up data regularly, to a safe place of storage that’s easily accessible to you, can protect sensitive information from cybercriminal activity. When threats do happen, an open and honest policy will help to preserve your positive customer relationships.