When clients ask me to describe the biggest risks surrounding a data breach I sometimes say: “(1) reputation, (2) reputation, and (3) litigation, regulatory, and contractual.” Our guest columnist this week talks about her own opinion of the role of reputation and the impact that customer service plays on that. Please note that the views and opinions expressed are those of the author and do not necessarily reflect the official policy or position of Bryan Cave.

– David Zetoony

What I’ve Learned from 5,000 Data Breaches

By Jamie May, AllClear ID

  1. How has the breach response landscape changed over the last year?

Over the last year, the biggest shift we’ve seen in the industry relates to the activities that occur well before a data breach. We’ve all seen the devastating consequences a botched response can have on brand reputation, customer retention and the bottom line. Today, more and more businesses are engaging with partners like Bryan Cave early on, and taking proactive steps to be ready to address their customers quickly and with care when a data breach does occur.

  1. After a breach, losing customer trust is a big concern for brands. What can companies do before and after a breach to ensure customer trust remains intact?

Companies should place excellent customer service as their guiding principle during response planning and execution. Taking the time to plan for an incident with the customer in mind will go a long way in preserving customer trust when a breach occurs. All communications to customers need to be clear and helpful to minimize confusion and anger. It is much easier to have clear communications when you think through the flow and complexities in advance of a real incident. Keep in mind, your customers’ first interaction with your brand after a breach may be with the identity protection services and support center, so getting that experience right is crucial to success. To make this easier, look for a partner who can help provide:

  • Identity protection services that are user-friendly and available to every affected customer
  • Guaranteed access to quality, scalable call center services
  • Call center agents who are trained in soft skills as well as identity theft protection best practices
  1. What is the single most important thing companies can do to ensure a breach response goes smoothly?

In my experience, companies across all industries that focus on their customers before, during and after a data breach fare far better than those that do not, both in terms of overall response and the speed at which they are able to return to normal business operations. To do this well, securing the resources you need before an incident occurs is absolutely critical. Even the best planning is rendered useless if your customers experience hour-long hold times when they call in to the call center for help. To avoid this negative customer experience, companies should partner with response providers who offer them a contractual guarantee that the resources they need will be available when they need them – this is the most critical component of true breach readiness.

  1. What trends are you currently seeing in the breach response space?

We’re working with more and more companies who are taking proactive steps to be ready to respond well before an incident event occurs. We help these companies build out the operational details of their customer-facing response plan. Part of this process involves testing that plan through a breach simulation. We create a mock breach scenario and use the response plan to actually walk through how the company would respond. This exercise exposes any gaps in the response plan and allows the response team to practice in a controlled environment.

Another trend we’re seeing is that businesses want a guarantee that we will be available to help them respond to their customers should they ever need us. To address this need, we created our Reserved Response program, which allows companies to reserve guaranteed response manpower. They invest upfront, and we guarantee we will be available when they need us. This takes a lot of the uncertainty out of breach response.