Blue Goat Cyber Founder. Veteran. Heavy Metal fan. Main speaker. Bestselling author. 24x Ironman Finisher. Survivor of blood clots.
For most companies, a cyber attack is not a matter of if, but when. Despite our best efforts with people, processes and technology, we often fall short. Some incidents are minor, while others can destroy a business’s finances and reputation. Most articles on this topic focus on internal workflow and responsiveness. This is different, with the perspective of the impact of a cyber attack on your customers.
How you handle and communicate such an event is of great importance to your survival and ability to be resilient. Let’s see how you, as a cyber leader, can contribute to this and why you should support honesty and transparency.
The impact on the customer: Compromised data, offline products and compromised devices
A successful cyber attack that compromises data, networks or applications has some effect on your customers. It could be that their personal data is now available on the black market, which requires them to be careful in case of identity theft.
If you provide an app, software, or other digital product, the attack could shut down those systems. You have clients who can’t do their job in this situation, costing them time and money.
Another scenario involves the highly vulnerable group of hospitals and health systems. If systems go offline due to malware or ransomware, it could compromise patient care with the many medical and IoT devices in use. Violation of these is possible, as noted by 2022 FBI Report on the cybersecurity of medical devices.
No matter who your customer is, there are consequences when you fall victim to a cyber attack. So what do you do next?
Response to Attack: Internally and Externally
Your incident response strategy should guide the operational actions you need to take next. Of course, you will consult with legal teams and other experts. It should inform how your strategy shifts to recovery and careful management of impacts.
It starts with internal messaging that is as honest as possible with your staff. Revealing all the details is probably not in anyone’s best interest. Your leadership can tell them how to go about backing up systems or recovering data.
It is important to participate in these discussions and share your best answer with your team. Tell them to be honest in their answers and you can expect everyone to be under high stress, working with little rest. It’s an adrenaline rush when these things happen, but they don’t just last a few days. The decline can last months or years depending on the damage.
You might get some valuable and practical insights into writing customer communications. You are a technician, so no one will ask for your help there. Your marketing and communications teams will lead these efforts. However, you can give these people context and some simple terms for things that aren’t in most people’s vocabulary. You can influence this by encouraging them to be honest and transparent.
What is the reward for honesty and transparency?
The average cost of a data breach is $9.44 million In the USA. There are a lot of numbers, but a large part can be flipped. Your customers no longer find you trustworthy or reliable, so they leave. If you were not responsive and honest in your communication, they had little faith.
No matter who your customer is, they appreciate honesty. It is a universally favorable thing that people are waiting for. Again, no one thinks it’s a good idea to provide every detail, and the situation will continue to evolve. After the initial emails about the situation are released, companies should create an update page on their website. Whenever there is something to report, the page should be updated.
Being consistent in communication shows responsibility and action. This lesson also applies to dealing with the media. Your company’s cyber attack could be news or even trending on social media. So what are you doing? A media expert will have all the answers. If you make statements in these channels, they should mimic what you are telling customers. There is stability and integrity in consistency.
Once things are settled and you’ve done a full briefing and analysis, suggest that the company reach out to affected customers. A simple inquiry will shed light on how they think you handled the situation. Customers may be even more loyal if your organization had a plan, implemented it, communicated and resolved things quickly.
A cyber attack is terrible for all its victims. Remember the human side of this and remind your team and everyone else. In fact, work on it before anything happens. Discuss what matters most to your customer the next time you test your incident response plan.
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Am I eligible?