How to tell your customers about a cyber attack

Views, News & more

Cyber attacks and data breaches are an increasingly common occurrence, and organisations and individuals from the smallest micro businesses right up to governments and mega-corporations have been targeted by malicious cybercrimes.

Cyber attacks are one of the biggest security threats that companies face, but one that many aren't prepared for.

Effective data breach management is essential to moving forward and minimising damages, and the first step should always be to tell your customers – especially in situations where client data is stolen and in the hands of the criminals.

Press releases, alone, often fail to communicate the situation fully and reassure stakeholders that lengths are being taken to reestablish security, and even worse than releasing not enough information, would be to say nothing at all.

This is the mistake LinkedIn made in 2012 when a hacker infiltrated their system and tried to sell 6.5 million of their user passwords. Instead of coming clean straight away, the company stayed silent and consequently landed in a media firestorm – something they're still recovering from 5 years later. Which leads us to our first point:

Inform customers immediately

Speed is of the essence, here. As soon as you know a breach has occurred, inform all customers whose data has been compromised (even if you don't yet have all the information).

The most important thing is that your customers hear it from you. It may be a bitter pill to swallow, but is absolutely necessary if you want to maintain your customers’ confidence and avoid panic in the aftermath.

If someone else exposes the breach before you're even aware of it (which can happen), be sure to react quickly and decisively, and then continue to keep your customers in the loop.

While every situation is unique, your company's initial communication to customers should cover three main points:

  • A short overview of the incident

  • What customers need to do to protect themselves

  • The changes you'll make in the future to stop such a thing happening again

Be honest

As tempting as it may be to sugarcoat the truth, visibly and unabashedly owning up to the error is the most reassuring response to customers in the chaotic aftermath of an attack.

A certain degree of backlash and criticism will be inevitable, so don't try to hide from it. Don't sacrifice the company's integrity to salvage some pride – be forthcoming and totally transparent.

There is no system in the world that is 100% secure, and even companies that are well-prepared for such attacks are not impervious to mistakes.

What's important to the customer at this point is not whose fault it was, but that their data is being safeguarding; so focus instead on giving reassurance and searching for fast solutions.

Prepare for inquiries

A big part of reassuring your customers is being on hand, ready to answer any questions they may have... and they will!

Provide a phone number in your message so they have the option of speaking to a real person if they need assistance, and set up a frequently updated FAQ page.

Make sure your workforce is fully up to date on the situation to avoid any possible contradictions or inaccurate information being spread. Also highlight to your team the importance of empathy and patience in these situations to stop frustrations from boiling over.

Be sure to stay active on social media, too, as this is where many concerns are raised and false information can spread like wildfire, so join the conversation. Google Alerts are a particularly cost effective way to track what people are saying about you online.

And lastly…

Gain experience and be prepared for next time

What doesn't kill you makes you stronger, and companies that survive a data breach ought to have an advantage over those who have never been targeted.

After the worst is over, evaluate your procedures, your customer responses, your system weakness, and implement a new disaster recovery strategy into your business continuity plan using this information.

Preparation is the key ingredient to weathering cyber attacks and coming out stronger than before. And remember, your first priority should always be your customers.

Get in touch

 020 7847 4510

 info@hso.co.uk

We may process your personal information in order to send you information you request, measure and improve our marketing campaigns, and further our legitimate interests. For further details, see our privacy policy.

Contact us

hSo ISO 9001 Seal
hSo ISO 14001 Seal
hSo ISO 20000 Seal
hSo ISO 27001 Seal
Cyber Essentials logo
Internet Service Providers Association logo
Internet Telephony Service Providers Association logo
LINX logo
RIPE logo
AWS Partner Network logo
Microsoft Partner logo
Crown Commercial Service supplier logo