Geoffrey Stackhouse, Managing Director, Clarity Solutions
As risks go, a data breach is hardly sexy. In fact it's probably the most-overlooked risk facing business, and doesn't appear on most crisis plans I've seen.
But after today’s news that millions of Apple iPhone users are being hacked, probably following data breaches from eBay (145 million users) and US retailer Target, it has to be on your top five risks. With a bullet.
Here’s my problem. Data breach is dull. It’s seen as a tech issue to be fixed by the IT Geeks. But it’s not; it’s a serious reputation issue that could bring you down.
Just ask US Target CEO Gregg Steinhafel who fell on his sword after bungling communications following a hack attack that stole 40 million credit card details and the personal information of 70 million users, including their email, mobile, address and date of birth.
Steinhafel reportedly tried to downplay the incident to avoid worrying his customers in peak shopping season. But when they did find out they were furious and voted with their wallets.
Target's net income plunged 34.3 per cent in the year ended February 2014, and profit forecasts for 2015 have been significantly downgraded along with the share price.
Although Target was the innocent victim here, the way they communicated shows contempt for customers. And that’s what the market is punishing them for – a breach of trust.
What can you do to prevent a data breach? Probably nothing, in fact it’s inevitable according to research by the Ponemon Institute. The only thing you can do is prepare to communicate that breach.
Here are some useful questions to ask toget started.
1. How will I know if we have had a data breach?
2. What protocols are (or should be) in place to communicate with stakeholders?
3. How quickly do we alert and apologise to customers?
Worried your crisis spokespeople are a soft Target? Why not do a crisis workout simulation to keep everyone on their toes and make sure your crisis plan is working?
Contact us for more information.