Communicate to customers – Companies should put customers at the center of decision making following a data breach. This focus means quick and clear communication about the breach and providing some sort of remedy, including call centers where consumers can voice their concerns and credit monitoring if financial, health or other highly sensitive information is lost. A Carnegie Mellon study, “Empirical Analysis of Data Breach Litigation,” found that providing credit monitoring to victims after a data breach makes a company’s risk of being sued six times lower than if they do nothing – even in cases when a victim has suffered financial harm as a result of the breach. If you satisfy your customers, they will likely not take their business elsewhere.
Consider cyber insurance – With the increasing cost and volume of data breaches, cyber security is quickly moving from being considered by business leaders as a purely technical issue to a larger business risk. Cyber insurance coverage can include forensic investigation, outside consultants and business interruption coverage that allows a company to receive payment reimbursement for expenses incurred due to loss of business if a data breach incident prevents the company from operating. It also helps a company become better prepared overall. According to a Ponemon Institute study, “Managing Cyber Security as a Business Risk: Cyber Insurance in the Digital Age,” 62 percent of respondents surveyed believe the insurance has made the company better prepared to deal with security threats.
About the Author: Michael Bruemmer, CHC, CIPP/US, is vice president with the Experian Data Breach Resolution group. With more than 25 years in the industry, Bruemmer brings a wealth of knowledge related to business operations and development in the identity theft and fraud resolution space where he has educated businesses of all sizes and sectors through pre-breach and breach response planning and delivery, including notification, call center and identity protection services. Bruemmer currently resides on the Ponemon Responsible Information Management (RIM) Board, the International Security Management Group (ISMG) Editorial Advisory Board and the International Association of Privacy Professionals (IAPP) Certification Advisory Board.