Cybrary’s Joseph Perry shares the importance of corporate responsibility and how to navigate the operational and reputational challenges in response to a breach.
The rise of data breaches is well-documented, with thousands taking place every year and at least two or three annually for most organizations. In other words, it’s a question of when – not if – your organization will be affected.
With the element of surprise long gone, so too are any excuses for not having a strategy in place for managing these breaches. And in light of the fact that privacy and cybersecurity are now high-profile concerns in the public eye, it’s increasingly clear that any successful strategy will be built on a solid foundation of corporate responsibility.
Let’s take a closer look at why enhancing corporate responsibility is such an important – and often neglected – component of surviving a breach with your reputation intact. Then I’ll share four practical tips to help move the needle in that direction for your own company.
A Breach Can Compromise More Than Just Data
Whenever a breach happens, the most valuable asset you’re losing isn’t the data. It’s the trust among customers and partners that can be gone in an instant and take years to earn back.
Executives who stonewall or try to cover up problems only make the crisis worse, allowing shaken trust over an incident to metastasize into broader, long-term reputation damage.
Even well-meaning attempts at forensics and fixing the problem suffer without status reports and other communications to keep stakeholders informed and reassured. This is just one of many ways your recovery efforts can fall flat if you don’t remember your larger corporate responsibility to your customers, partners and the general public.
Corporate responsibility — including accountability, honesty, proactivity and transparency — makes your organization more resilient and accelerates the process of rebuilding organizational trust and credibility. These principles are the strategic underpinning for a whole range of individual decisions you must quickly make during an unfolding crisis, enabling you to navigate the operational and reputational challenges in tandem for the most coordinated, strategic and effective response to a breach.
Taking the Right Steps to Strengthen Corporate Responsibility
Principles are great, but they need to translate into actual processes and policies to be of any use. With that in mind, here are four key priorities to embrace:
- Be proactive — As I mentioned above, breaches are far too common for an organization to plead surprise or ignorance. That’s why proactively monitoring systems and responding to potential incidents is a key responsibility in order to increase not just your visibility into threats, but your corporate accountability to regulators and the public.
- Share updates early and often — Executives need to understand that it’s possible to share interim updates with affected stakeholders, even if events are still unfolding or information is shifting. Some information is better than no information at all — especially in a hyper-social modern digital age where anyone else can fill the information void with rumor or criticism.
- Treat customers as partners, not simply recipients of information — A sense of agency – the feeling that there’s something you can do about a situation and not just endure it – is critically important to a person’s psychological well-being (customers included). During a breach, that means giving your stakeholders meaningful steps to participate in the solution, like patches they can install or help lines and chat windows to report and troubleshoot damage.
- Optimize language and communications channels — Jargon can alienate customers, and people also recoil when they feel they’re being talked down to like children. So calibrate your communications to customers by finding a middle ground between jargon and overly simplistic language. Also, make sure you give them multiple options to share information so they know you respect their platforms of choice (phone, chat, email, social platforms, etc.) rather than forcing them to adapt to yours.
Ultimately, the way we handle a breach speaks directly to our character in one of the most highly scrutinized, high-profile moments of your company’s history. Corporate responsibility is the ethical and procedural roadmap that can help, guiding your decisions and creating opportunity out of what could otherwise be catastrophe.
Joseph Perry is a cybersecurity researcher, software engineer and teacher with experience across the DoD and private sectors. Joseph is currently the Director of Research at 
