Scholarly research about data breach and cyber crisis management issues in various documents and security journals is mostly unknown. Nevertheless, some recent literature concerning data infringement incidents lays down the importance of crisis communications to repair organizational reputation in the aftermath of a data breach.
Typically, there are three C’s of trust in this regard. These are:
- Competency: The capability of proficiently performing one’s task.
- Character: Robust adherence to stable values such as commitment, trust, reverence, truthfulness, integrity, bravery and selfless service.
- Caring: Genuine regard for the welfare of others.
Unfortunately, the response by various organizations that experienced a data breach has caused stakeholders to question all these three factors, which further immensely hampered company image and worsened the crisis.
In various cases, when organizations immediately went off in the wrong direction, stakeholders and affected victims rush to suspend their accounts. In some cases, the freeze request responses were held off or were unresponsive.
Take the case of Equifax. The company set up a website for victims to visit and find out if their information was breached. The website requested victims to submit the last six digits of their Social Security numbers to decide if they were affected by the breach. Customers who entered the data obtained conflicting and perplexing answers. In some cases, customers visiting the website were informed that the data breach did not impact them, but these customers received different answers when they checked the site with the same data on their smartphones. Such responses incensed the customers, and they began to display their anxiety and frustration when the assured remedial results were not provided.
When investigative analysts dug into the matter, they revealed that the site was non-operational, defective in many ways, and appeared more to be of a pretence or a stalling tactic.
If Equifax believed that creating a brand-new and interactive website would help in maintaining their image, it had the opposite effect. The rush job severely marred their reputation.
As the information on Equifax’s cybersecurity problems was revealed, new vulnerabilities were reported, thus building an increasingly appalling understanding around the entire incident. Eventually, the CEO blamed an employee, but customers didn’t buy the excuse if it was one.
There are numerous character flaws with regards to the integrity of how Equifax handled the data breach incident. As a corporation and with regards to its leadership team, Equifax was immediately questioned about the length of time they took to notify the public about the infringement. The six weeks that it took for the consumers to know they had been victimized without their knowledge left them vulnerable, without the ability to perform the right countermeasures.
Further investigations revealed how Equifax also stood to benefit magnanimously from the data incident. Besides, in the aftermath of the announcement, the call centre set up by Equifax couldn’t come close to addressing the flood of phone calls from victims, which further enraged the customers. This stoked distrust and triggered added investigation of the data brokerage sector as a whole.
On the whole, stakeholders began to realize that Equifax did not care about the victim. And in this, the three C’s of trust was shattered.
The following impressions were brought to the fore on Equifax’s communications after the data incident. These included:
- Incompetency: The CIO and CSO did not oversee the cybersecurity program efficiently, as was evidenced by the event. And the overall fumbling with the responses in the aftermath of the data breach further exasperated the issue.
- Lack of character: A delayed notification along with swift executive stock dump during the breach investigation resulted in public outcry. This further caused stakeholders to question the company and its leadership’s integrity.
- Lack of caring: The stiff displays of Equifax management, especially one that was revealed to the stakeholders in a public relations video, combined with the hindrances on the website and call centre frustrations, left a powerful impression that the company did not care about its customers.
The data breach incident tremendously impacted the image of the company and destroyed trust among key stakeholders about the organization’s leadership. Once the CIO and CSO resigned, shareholders began to feel a new confidence with the change in management. The stock of the company rose yet again, and although share prices continue to flounder, it appears to be recovering slowly.
Protecting your digital assets is paramount in every situation. Regardless of whether you head a large company or a small one, you need to safeguard your information irrespective of where it lies. As a comprehensive document security solution, digital rights management (DRM) can protect your files even when they leave the security of your organization or network infrastructure. You can customize user permission for word files in PDF documents based on desired access clearance as per your requirements. Through DRM, you can protect the lifecycle of your documents with file-level protection policies. Regardless of a security breach or an incident due to human error, your DRM protected content stays secure without the loss of any information.