It’s a Matter of When, Not If. Have a Plan.


Data breaches are becoming increasingly sophisticated, frequent and expensive.

According to a 2016 Ponemon Institute report, the average consolidated total cost of a breach is $4 million and costs for each lost or stolen record with sensitive and confidential information continue to rise as companies scramble to address reputational damage, loss of customers, regulatory  fines, and the growing likelihood of litigation.

GreatWork Strategic Communications helps C-Suite executives and their advisors assess and mitigate the reputational consequences of data breaches at all levels of exposure.


  • Breaches can cause significant harm to well-respected brands. Assume that a breach will occur and take steps to mitigate risk.
  • Before the phone rings, have a Data Breach Plan in place. Build a team using internal and external experts including: Information Technology, Legal Counsel, Marketing, Public Relations, Human Resources and Risk and Compliance. Each team member should know their specific roles and responsibilities. Practice drills to ensure the team works quickly and efficiently. Template materials for stakeholders can be adapted to fit the specifics of an incident when it occurs.
  • When a breach occurs, communicate the problem quickly and transparently. Your legal team will drive the strategy while experienced communications professionals will ensure messages are delivered with empathy and relevance—responding to what each stakeholder community really wants to know. Accuracy trumps timely notice, so get the facts out based on what is verified, and explain when you will provide additional information.
  • Monitor communications channels 24/7 and be prepared to communicate proactively and reactively. Given the complexity of various state notification laws—in addition to customer, media and partner demands—it’s important to have professional counsel that can help you navigate the legal and media landscape.
  • Collect and document your response actions for record keeping and strategy review.
  • Enlist your stakeholders to validate your actions. Industry experts, loyal stakeholders and business partners can provide influential third party endorsements.
  • Invest beyond what is expected. Customers expect a sincere apology, an offer of free identity protection and credit monitoring services. Understand that a broad cross section of stakeholders (partners, employees, etc.) are upset and skeptical at best. Consider developing a program to demonstrate your company’s commitment to enduring privacy and security protections. Evaluate the benefits of joining industry efforts to collaboratively establish safeguards for protecting and/or managing data breaches.
  • Rebuilding a trusted reputation can take months. The road to recovery should include implementing recommendations from the forensics investigation and a careful analysis of the effectiveness of your communications plan. And remember, your company will inevitably encounter obstacles. It’s how you respond to those challenges that count. In the words of Albert Einstein: “In the middle of difficulty lies opportunity.”

Download complete article.