When you start losing confidence in an organization, all the parts that rely on data become questioned by the individual. Organizations going through digital transformation lose.

Ponemon Institute | SecurityRoundTable.org

SecurityAscent: Digital transformation of the business is generally viewed as essential to long-term survivabililty. After all, all business is digital these days. So no IT executive wants to see those efforts negatively impacted, as that will generally impact his/her very own brand. Confidence is lost at many levels,

The biggest problem is the destruction of your reputation and your brand. Those are the things that people tend to underestimate, because they’re not tangibly quantifiable in many ways. Make no mistake, though, reputation and brand erosion are what executives regret the most over time.

John Kindervag | SecurityRoundTable.org

SecurityAscent: Cybersecurity revolves around concepts like the CIA (Confidentiality, Integrity, Availability) Triad. But look in just about any security book, blog, vlog, or podcast, and chances are brand protection is not chief among them.

And that’s okay, as long as the security teams let the natural defense team for the brand (marketing) do all it can, supporting them along the way.

Above all, a plan needs to be practiced with the full team. An incident response plan is a living, breathing document that needs to be continually updated and revised. By conducting a tabletop exercise on a regular basis, teams can work out any hiccups before it’s too late.

Michael Bruemmer | 10 mistakes companies make after a security breach | CSO online

SecurityAscent: Let our Security Breach for Marketing Playbook be your guide. Even though it was built with the marketing team’s needs in mind, information security teams will benefit as well. It’s a jointly-developed and balanced plan to brige the inherent gap between IT and marketing.

SecurityAscent doesn’t offer quick fix solutions. There simply aren’t any when it comes to breach response by marketing. It just means we all now have the opportunity to guide this transformation by the security and marketing organizations in each tabletop exercise, further growing their key capabilities.

Related to the lack of a single decision maker, a lack of clear communication is also a problem. Miscommunication can be the key driver to mishandling a data breach, Bruemmer said, as it delays process and adds confusion.

Michael Bruemmer | 10 mistakes companies make after a security breach | CSO online

SecurityAscent: You’ve likely seen the immediate responses that make you cringe just a bit, such as a quote from the CISO says something along the lines of “well you see what happened was a user, despite our ongoing training efforts, clicked on a link in an email, so we are going to look at enhancing our training in that area”.

We only get one change to make a great first impression. This type of response would not hit the mark.

Companies should have a well-documented and tested communications plan in the event of a breach, which includes draft statements and other materials to activate quickly. Failure to integrate communications into overall planning typically means delayed responses to media and more likely more critical coverage.

Michael Bruemmer | 10 mistakes companies make after a security breach | CSO online

SecurityAscent: Ah yes, the dreaded words from the media “We tried reaching out to [organization] but did not receive an immediate response”. No one really wants to hear that, least of all the media. And let’s just go ahead and include all the bloggers as well.

If the community doesn’t see or hear some reasonable degree of transparency, empathy, and vision, you can bet they will fill in the blanks to suit their own agenda. They will simply build themselves up by tearing others down.

If an organization makes additional investments in processes, people and technology to more effective [sic] secure the data, finding ways to share those efforts can help rebuild reputation and trust. Yet, many fail to take advantage of this longer-term need once the initial shock of the incident is over.

Michael Bruemmer | 10 mistakes companies make after a security breach | CSO online

SecurityAscent: This is where the real work comes in. Who will collect, create, and convey the narrative you want and need most over the long term? Who, specifically, can help the audience align with your brand?

As you are on the road to recovery, document it. Tell the great story. When someone says something like “they literally wrote the book on how NOT to respond to a breach”, perhaps acknowledge that in the right way and go on to share how that may have indeed been the bottom, but you are now climbing back to the top. And then tall that story. That’s what people are most interested in over time. That’s what brand recovery is all about.

Sometimes a breach is too big to deal with in-house, and the type of breach may make that an unwise one. So it’s best to have external help available if needed. Incident Response teams…should at least be evaluated and considered when forming a business continuity/incident response plan.

Michael Bruemmer | 10 mistakes companies make after a security breach | CSO online

SecurityAscent: Large organizations are already likely to have technical response teams on retainer. And that’s good. Because really, who wants to go shopping for such help in the midst of a crisis? Who would even have the time?

But those technical resources are NOT what we are talking about here. Because we primarily work with your marketing teams on long-term plays that have real impact. In short, we are there with you long after the more technical clean up crews.

Beneath the surface

• Value of lost contract revenue = 49.43% of the total
• Lost value of customer relationships = 25.61% of the total
• Devaluation of trade name = 13.7% of the total
• Insurance premium costs = 2.38% of the total
• Cybersecurity improvements = 0.83% of the total
• Technical investigations = 0.06% of the total

Deloitte Advisory | How much does a data breach cost? Here’s where the money goes | CSO online

SecurityAscent: So there’s the disconnect. IT organizations often feel that the investigations and new technical controls are a large part of the cost of recovery, when in fact they are just a drop in the bucket.

And this is exactly why the Cybersecurity Marketing Academy was started, as well as the Security Breach Playbook for Marketing. As security experts and leaders, we need to be seen leveraging every defensive measure possible, including those that are not necessarily technical in nature.

It’s these soft skill that will ultimately have the greatest impact on the health of the business.

Marketers need to think about data security in ways we never have before. CMOs definitely have to think of how to protect their brand…

Maria Pousa | SecurityRoundTable.org

SecurityAscent: Bottom line: The Chief Marketing Officers (CMOs) need all the help they can get from the cybersecurity teams. But they need it far beyond the initial breach notification. And as any CIO or CISO who has suffered through this before, that’s a distraction they would rather not have in the heat of battle.

By 2020, over 80% of enterprises worldwide will invest in incident response retainers.

IDC | IDC Web Conference

SecurityAscent: Translation: Don’t wait too long to lock up your key outside incident response services. As sure as there are limited cybersecurity professionals in the market, there will be increased challenges in finding and retaining the services needed.

Be sure that you know who your biggest advocates are when it comes to your customer base, partners, investors, and media pundits, as the tide of public opinion can turn very quickly during a cybersecurity crisis. Make sure you have relationships established with top broadcast, print, social, and security experts, as well as market influencers. Work closely with your external public relations (PR) and media partners and identify specialists in crisis management and communication who can be an extension of your internal team so that when a data breach happens, they will be at the table with you. This may mean investing in relationships that are outside of your primary communications plan, such as security bloggers who regularly comment on prominent breaches or third tier media with a tendency to sensationalize such topics.

Holly Rollo and Peter Tran | Harvard Business Review Crisis Management (hbr.org)

SecurityAscent: Couldn’t have said it any better ourselves.