Crisis PR best practices to action after a data breach

08/03/2024 16:31:20
Share     

"Help! Our business has been hacked and customer data is at risk. How do we tell them?"


Data has become a prized possession and with this comes a year-on-year increase in cybercrime. A cyber-attack and data breach can be devastating for any business, the impact of which extends beyond financial losses, potentially eroding customer trust and damaging reputation.

Crafting an effective crisis PR plan in anticipation of such situations is critical to contain the damage and quickly rebuild confidence amongst stakeholders.

But how do you communicate a breach when your IT system is compromised? And what do you say? Here we’ll explore some crisis PR best practices for companies facing a data breach and how to communicate it to affected customers.

Anticipate the unexpected when planning crisis PR


As any scout would tell you, being prepared - in this case planning for the worst-case scenario – is essential. Though not a task you might relish, considering worst case scenarios can alleviate pressure during a crisis.

Your crisis PR plan will make you consider potential risks to the business, the key contacts within the business, their responsibilities and also include responses to hypothetical yet realistic crisis scenarios.  

You must also ensure that your crisis communication strategy complies with relevant data protection laws to avoid additional legal consequences.
Failing to plan is planning to fail
Data breach

Respond quickly to a data breach 


With any crisis, time is of the essence. Delays in notifying those affected can exacerbate the impact of the breach. Aim for immediate communication once the breach is identified and contained. Also consider how and when you will communicate with your employees.

Your crisis PR plan will include key contacts within the business who can provide accurate and real-time information in this specific scenario. 

Immediately identify who this breach has affected and contact them promptly. Also assess how widespread the news of the breach is – is it contained, or has it landed on social media? Has it been leaked to the media? 

Which channels to use when communicating the data breach


Choosing the right communication channels is critical in the aftermath of a data breach. While the specifics may vary based on the nature of the breach and the affected audience, utilising a combination of email and a hard copy letter is often the most effective approach and one of our crisis PR best practices.

Email:
Email allows you to communicate swiftly and can reach a targeted audience. Consider sending tailored messages to directly affected individuals and a separate one to other customers.

Letter:
Sending a physical letter adds credibility and seriousness to the communication. Some customers may prefer traditional mail, especially those who may not be as digitally engaged. 

Both:
Using both email and letters can provide comprehensive coverage, the content and tone of the message should remain consistent across all channels.

Media statement:
Prepare for media enquiries and have a spokesperson ready to address the press. A well-managed media response can help control the narrative and minimise reputational damage. 

You may wish to release a proactive statement if the news has spread to social media and traditional news. Be aware that while this is big news for you and for those affected, a proactive statement will draw attention to the issue amongst those who weren’t previously aware of the situation, or aware of your business.

Creating a reactive statement, only to be shared with those who request one, can be a more suitable option and help you maintain a lower profile.

Social media:
You can control the message via your own online channels. Consider adding a statement to your website and sharing it on your social platforms, should the news be widespread.

What your crisis PR response should say


Be open and transparent about the incident. Clearly state when the incident happened, what data has been compromised, potential risks, and steps taken to address the issue. You can also explain the measures to prevent recurrence.

One of the biggest mistakes we see in the aftermath of company crisis is the response coming across as out of touch, disingenuous and lacking the human touch. Instead, express genuine concern and empathy, showing that the company understands the gravity of the situation. Your solicitor may wish to review your response but be clear you need to hit the right tone and avoid being too formal. Hitting the right tone is another one of our crisis PR best practices to always keep in mind.

Use plain language to explain the breach and its implications, avoiding technical jargon. Provide clear instructions on the actions customers should take to protect themselves.
Data breach
Facing a data breach is undoubtedly a challenging experience for any business. But with a well-planned crisis PR and communication strategy, you can mitigate the damage and rebuild trust. Timely, transparent, and empathetic communication across appropriate channels is key, ensuring affected individuals are informed and empowered to take necessary precautions. 

By prioritising the interests of your customers and demonstrating your commitment to rectify the situation, you can navigate the storm of a data breach and potentially emerge stronger.

For more information about crisis communications and PR and to get started on your crisis PR plan take a look at our expert PR services right here.  
 
"The Partners Group has taken our brand to the next level and helped my business achieve at least 25% growth every year."
Ian Short
Morley Glass & Glazing
"The PR campaign is helping us attract the people we’re looking for to achieve our growth ambitions. It's also helping us make significant savings on recruitment fees."
Nick Houghton
JM Glendinning
"Partners helped get our message clear, and consider all of our audiences. Thanks to them, the PR was a great success. It was certainly money well spent."
Jonathan Marsden
The Technology Group
"The work Partners does for us has played a vital part in establishing our brand and reputation in the region, and continues to be fundamental in driving the growth of the business."
James Baird
Dynamic Networks Group
We’ve been impressed with the Partners Group’s strategic approach which has helped us to clarify our market positioning and future growth strategy.
Adam Gillard
Cutwel Ltd