Data breaches are a costly and time-consuming problem for businesses in today's digital age and no organization, regardless of industry or size, is immune. Cyberattacks can impact the security of proprietary information, halt operations, and compromise private customer data.
This guide explains how to respond to data breaches and protect your reputation and discusses the costs of data breach reputation damage.
Examples of reputation damage after a data breach
Reputation damage after a data breach can come from all directions. Negative media coverage reporting an incident can impact stock prices, make recruiting and retaining employees challenging, and cause customer churn.
Here are some real-life examples of organizations whose brands suffered after a data breach:
British Airways reputation falls to a four-year low
In June 2018, hackers delivered an attack that harvested personal, passport, and credit card information for nearly 500,000 British Airways passengers.
Besides hefty fines from Britain's Information Commissioner, British Airways faced lasting reputation damage after the incident. They went from 31st to 55th in reputation score, according to intelligence company Alva Group, which fell parallel to the falling customer satisfaction ratings and share price.
Equifax's reputation "Buzz" score falls 33 points
In 2017, Equifax announced that it had fallen victim to a breach that compromised nearly 147 million people. Attackers bypassed numerous security controls and exploited a known system vulnerability, which enabled them to harvest terabytes of data from the credit reporting agency.
Following the negative publicity, Equifax saw one of the largest-ever 10-day drops in Buzz score, a metric calculated by YouGov that uses a score range of 100 to -100 to capture the public perception of thousands of brands. They went from 0 to -33 — indicating that significantly more people thought negatively of Equifax than positively.
Long-lasting data breach consequences
Data breach reputation damage spans for an extended period after a company falls victim to an attack. They'll go through waves of public scrutiny and bad press and experience customer distrust that ultimately impacts their bottom line. Stakeholders lose faith in an organization's ability to combat cyberattacks and protect private information.
What should a company do after a data breach?
No matter the incident, whether it is business email compromise (BEC), supply chain compromise (SCC), or an accidental data leak from a misdirected email, responding in a timely and transparent manner is vital to mitigating the damage.
Here are the three main areas to address after a confirmed company data breach.
Immediately following an attack, run digital forensics to uncover the scope of the breach. Generally, you'll use your managed security service provider (MSSP), internal security operations center (SOC) team, or a specialty cybersecurity response firm to do these assessments.
The goal is to uncover the source of the breach, how exactly a threat actor got system access (if the data breach was external), and what data and areas of your network were compromised. You'll then need to work with legal and compliance management to see if any regulatory requirements apply in regard to notifying customers, law enforcement, or other stakeholders.
Data breach response
Compliance requirements may dictate how quickly you need to start your incident response campaigns. You'll need to provide specific information about the incident, which may include the type of data that was compromised, and when and how the data leak occurred. The specific information you need to provide will vary depending on the specific compliance requirements that apply to your organization.
Additionally, you must patch and remediate any system vulnerabilities that allow external threats to access your network or successfully deliver their attack. It's also advisable to run vulnerability assessments, control gap analysis, and pen testing to improve security and prevent future breaches.
Rebuilding your brand reputation
You can start the brand-rebuilding process after taking care of your initial response. As the goal is to regain public trust, remain transparent and honest. Working with your PR firm, here's a few things you should do:
- Acknowledge that the breach occurred and take full responsibility for the immediate and long-term consequences
- Actively communicate with stakeholders and inform them of all steps you're taking to address the breach and prevent future incidents
- Monitor brand sentiment in the media and on social media platforms to respond proactively to public comments and concerns
- Offer a hotline or dedicated communication channel for stakeholders to contact for concerns and advice
- Because reviving a reputation after a data breach is a long-term process, maintain ongoing effort and investment in the brand rebuilding process
Cost of a data breach on a brand reputation
According to IBM, the average cost of a data breach is $4.45m. It includes the costs of incident response, data recovery, legal counsel, regulatory fines, ransomware payments, and expenses for improving your cybersecurity posture. Unfortunately, it doesn't stop there.
There's also lost revenue to consider down the road. A survey shows that 60% of consumers won't do business with a brand that's suffered a data breach, and 21% will immediately seek a new provider following an incident. Over and above the average $4.5m, there's a $1.3m average cost of lost sales and revenue associated with an incident.
Mitigate data breach reputation damage with Egress
Robust reputation management after a data breach can help you mitigate the cost of brand damage and quickly resume business as usual. Part of the incident recovery process is employing new security controls that can prevent future data breaches. Egress Defend uses AI models, which include natural language understanding (NLU) and natural language processing (NLP) to identify malicious emails. Defend’s analysis happens before an email reaches the recipient’s inbox and it labels each email with color-coded risk banners that act as real-time teachable moments for email users.
Data breaches can come as a result of outbound email traffic, whether accidental misdirection or calculated data exfiltration, as well as inbound phishing attacks. An intelligent DLP solution like Egress Prevent helps companies monitor their outbound mailflow, and will prompt a user over behavior that could potentially lead to a data breach, whether that is a incorrect mail recipient or a mis-attached file.
Deploying an integrated cloud email security (ICES) system, which uses NLU, NLP and machine learning, provides an adaptive type of cybersecurity. Spear phishing attacks that leverage social engineering are amongst the most difficult phishing tactics to identify, and can only dependably be done with an ICES solution.