The Public Relations Side of a Data Breach
Posted: November 5, 2014, 7:50 p.m.
by Katie Lansford.
Target. Home Depot. Jimmy Johns.
What do these three companies have in common? They have all been victim to data breaches that, in turn, resulted in stolen customer financial information and assets — and, in Target’s case, a tough blow to stock performance and customer trust.
Public relations professionals strive to foster mutually beneficial relationships between companies and their publics, creating a climate of trust that can be quickly undermined by a data breach.
Shawn Tuma, creator of CyberGard, a proprietary business cyber risk protection program, argues the need for communication in the midst of a data breach.
“The crisis communication element is crucial in that it ensures the future viability of the business by minimizing the overall damage that can be caused by poor or inconsistent messaging,” Tuma said.
According to Verizon’s 2014 Data Breach Investigations Report, in 2013 there were a total of 1,367 “security incidents with confirmed data loss.” One hundred and forty four of those data breaches came from organizations with 1,000 or more employees.
As technology advances, data breaches will continue to occur, along with the need to repair customer relationships. A new era in crisis communications could result, as specialized knowledge and skills will be needed to address customer concerns.
Data breach response
James Simon, a member of the criminal justice department at The University of Alabama, said that the best approach in dealing with data breaches is to “combine data protection programs with human intellect.”
It is essential that this human intellect component include public relations professionals. Consumers have a need and right to know what is going on when personal information is compromised. Also, those dealing with the crisis should have an accurate understanding of what is going on.
“It is important that the public relations/communication professionals already be part of the breach response team and have an understanding of the nature of the business and its overall philosophy,” Tuma said.
According to Simon, in the event that a company does experience a data breach, it is best for the company itself to announce the problem. This proactive approach shows that the company is taking the event seriously and accepting responsibility.
“If you are a publicly traded company, anything that affects shareholder value negatively can be a subject of a lawsuit,” Simon said.
Publix recently did something that may become the new norm in crisis communication. For the first time in the company’s history, it sought public relations help in the event a data breach does occur.
While it is good for the communication industry that companies are seeking public relations help in addressing such problems, to keep consumer relations positive, it is important that brands support PR efforts and show that they are taking preventive security measures to ensure customers are protected. A public relations response must be supported by action for it to be effective.
In assessing the Target and Home Depot data breaches, Tuma pointed out that each data breach possesses its own set of challenges.
“Each breach event is unique and will require a different strategy based on the unique characteristics of the business breached, the nature of the breach, the subject information and the data subjects whose information was breached,” Tuma said.
Future issues
Looking ahead, the public relations industry should prepare for crisis communication on all things cyber-related. It is possible that problems businesses face in the cyber world translate beyond external issues, such as data breaches, and turn into internal public relations issues, such as industrial espionage.
The FBI classifies industrial espionage as the theft of trade secrets. Industrial espionage occurs when competitors attempt to steal other companies’ valuable information for their own benefit. A single occurrence of this can destroy a business. For example, a popular restaurant in northern Virginia shut down after its Google Maps listing was hacked.
“Industrial espionage is quickly becoming the number one cyber event,” Simon said.
As technology advances and trends in crisis communication change, the conversation continues to shift toward the world of data protection and cyber safety. Public relations professionals should be prepared.
