Managing Crisis Communications in the Cloud Era

Data breaches are inevitable, but planning for a breach can minimize the damage to consumer trust.

Data breaches are on the rise and can prove incredibly costly to a business. A study by IBM and the Ponemon Institute, which focuses on data privacy, found that a data breach costs a U.S. company an average of $8.2 million (and costs companies worldwide about half that amount). The biggest factor is lost customer trust.

While businesses are moving their IT operations to the cloud at a faster pace than ever, the cloud is still subject to security concerns. Working in crisis communications, I’ve seen numerous high-profile corporations through breaches and attacks by hackers and internal bad actors. Looking to contain reputational damage, they may try to limit what people find out, quickly place blame on the cloud service provider, or both.

A data breach is the one type of crisis that carries the highest possible expectation of transparency from stakeholders, so such mistakes end up costing companies dearly. Concealing information from those potentially affected can be lethal to a company. (Adam Levin, a digital security expert and author of the book Swiped, has said doing so “can result in a near extinction-level event” for an organization.) While transparency has long been the best way to handle breaches, the need for it is more vital than ever in the cloud era.

These days, companies see data as their leading driver of future growth. Data has even been called the world’s most valuable resource. Stakeholders are aware of this. They know that there’s a huge black market for stolen private information, and they expect businesses to let them know what information may be out there.

Powerful examples of what not to do abound. A prominent one is Yahoo, which had the largest data breach in history — and faced criticism not just for the breach, but also for its handling of the situation. As Fast Company put it, “Yahoo took three years to tell the public about it.” Not only did the company’s bungling of that case decrease its sale price, but the breach still pops up in news stories, extending the lasting damage to the company’s image.

Trust In Data Security Is the New Price of Admission

Customers are rightfully wary of what businesses do with their data and how they protect it. That’s why, to win customers over, businesses need to engage in a constant effort to build trust. Without it, you can’t enter a marketplace — and you could easily lose market share.

When a business fails to come clean with the public about a cloud data breach, customers get a clear sense that the business doesn’t trust them with that information. And, in return, they certainly won’t trust the company.

But on the flip side, trust can be restored when businesses admit their mistakes, take ownership of the situation, apologize, and share the specific steps they’re taking to limit and rectify the damage, such as paying for credit monitoring. That’s in addition, of course, to new strategies to ensure that such breaches don’t happen again.

Preparing a Communications Plan

It’s not enough to simply react after a breach occurs. Businesses need comprehensive plans in place to respond to a cloud breach, specifying how they’ll handle informing all stakeholders, including customers, investors, and the public. And the managers tasked with overseeing the plan should be absolutely clear on their respective areas of responsibility.

They should then carry out drills to practice those emergency plans, prepare mock news releases and announcements, and train CEOs and other senior executives to handle questions from investors and the media.

No company can tackle this problem simply by throwing money at it. All the advertising and marketing campaigns in the world won’t rectify the damage of a data breach if a company conceals information. To manage such a crisis, a company must act with humility and transparency to give the business its best shot of winning back trust and resuming normal operations.