In public relations, part of the job is risk management and guarding against outside factors that could harm an organization. This encompasses countless factors, including anything from a bad batch of products, a customer complaining, or the worst-case scenario — a data security breach. While the first two are no easier to manage, breaches can be particularly catastrophic.

In fact, a survey by Ping Identity found that a single data breach can cause 78% of your consumers to disengage with your brand, while 49% would not sign up or acquire a product or service of a company that recently reported a data breach. With researchers from the Cyentia Institute predicting that breaches could cost up to $179 billion in the next 3 years, how can PR handle the likelihood of such a disaster? These five tips help shed some light on the subject.

Be prepared

Now that we’re in the digital age, anticipating and planning for breaches is now imperative to conducting business. In fact, Maryville University notes that cybersecurity is one of the fastest growing industries as businesses and governments alike are scrambling to secure their data. However, regardless of how skilled a security team is, a breach is a consistent possibility, and being prepared for such a hit requires vigilance and a swift communication strategy.

Work closely with your cybersecurity team to get a stream of updates, and develop protocols to inform and respond to the public when a breach hits. Shirley Powell, senior vice president of communications and industry relations at Cox Automotive, also recommends having a small crisis team prepared with assigned roles and a single spokesperson to maintain consistency. As your cybersecurity team have their own defensive and offensive measures for attacks, so must you as a PR professional.

Lay out the facts

When a breach hits, the best thing to do is to lay out all the facts before communicating more details to the public. After sending out an initial notice detailing that a breach has occurred and that you are currently investigating, have a “What do we know?” session that includes top-level executives from relevant departments such as IT, legal, cybersecurity, and of course, PR. Answer the five W’s and H questions. Discuss what happened, why it happened, when it occurred, who was and will be affected, and how many people are impacted. Finally, discuss how the breach can be fixed and the steps to take to avoid it. Only after the facts and potential solutions are all laid out can you come up with the best strategy on how to fully inform those impacted.

Communicate and apologize

After you’ve come up with an effective strategy, it’s time to communicate with your audience. Give them a sincere apology as soon as possible — PR Week explains that a quick, honest, and sincere apology is the best apology. This doesn’t mean that you’re taking liability for what happened, but rather that you are showing empathy and concern for those affected. Advise them on the steps they can take to protect themselves, and tell them how you’re working on solutions to address the threat.

Give timely updates and have open lines of communication

As more information comes to light regarding the data breach and the crisis team begins to tackle new measures to avoid it again, make sure to keep your audience in the loop as well. Being transparent about what’s going on, even if you end up discovering more bad news, is vital to establish a foundation of trust again if you hope to conduct more business in the future. Remember that it would be better for information like this to come from you than any other source.

Moreover, set up a communication line for those interested in knowing about the breach. Have a department handling inquiries 24/7 for a short period of time, and provide a script responding to common questions to ease communication flow.

Monitor media

Lastly, it’s important to track how your audience is taking the news over the span of the data breach, as monitoring and managing social media is a long-term process a brand needs to emerge from any crisis resilient. Take to monitoring media outlets and social media to see if misinformation is spreading or if there are other details you need to address, and be sure to respond accordingly.

At the end of the day, companies who have gone through a data breach should be prepared, remain transparent, communicative, and clear on the steps they are taking to solve the problem. While managing any crisis is a war on many fronts, it can be won with an effective PR strategy and an unwavering determination to win back consumer trust.

Written exclusively for

After years contributing to tech magazines, Michelle Broderick is enjoying covering more specific topics like data breaches and cyber security for a host of online publications. While she likes to fly under the radar as much as possible, she also loves learning new things about the industry. 

Heidy Modarelli handles Growth & Marketing for IPR. She has previously written for Entrepreneur, TechCrunch, The Next Web, and VentureBeat.
Follow on Twitter

Leave a Reply