The Importance of a Prompt and Effective Public Response After a Breach

The Importance of a Prompt and Effective Public Response After a Breach

When a data breach occurs, the affected organization has a number of steps that they have to follow as part of their response to the event. When the breach is finally publicly announced, one of the first questions from customers and the general public is, “when did this happen?” The answer to this question varies, but when it has been more than a few weeks since the data breach event occurred, the public typically wants to know why they weren’t notified sooner, why the breach wasn’t detected sooner and what else the organization is keeping from them in the midst of such an occurrence. Simply put, the delaying of a public response after a breach can be a PR nightmare.

One example of a delayed public response lies in the data breach event at the credit reporting agency, Equifax, last year. The security team at the bureau discovered the breach on July 29th, 2017, but did not disclose it until September 7th – nearly six weeks later. Prompt public disclosure after a breach is more complicated than it appears, because while organizations have a responsibility to inform those affected by a data breach event, they are also required to notify regulatory bodies as quickly as possible and have all of their facts, information and recovery plans set in place before they can craft their public message.

So how long should public response to a breach take? And what should it look like? The answer to this question varies, but the general idea is that it should be done as quickly as possible while still being as careful as possible in creating the message that will be shared. It is crucial to notify affected parties in a timely manner, because they need to be able to deal with the potential effects that a major data breach event may have on them. However, announcing the breach too soon with not enough information or in an unprofessional manner can cause additional problems as well.

Last month, communications giant T-Mobile announced that they had discovered an “unauthorized capture of data” in which hackers stole names, billing zip codes, phone numbers, email addresses, account numbers and account types of customers. The breach was discovered on a Monday, and the company began notifying customers on Friday of the same week. They chose to do so through text messages sent only to affected accounts, and this technique drew some criticism and even caused some confusion. The brief text message included a quick description of the event and a shortlink to click on for more information, which some people felt looked more like a phishing message than a legitimate announcement. The company’s attempt to share their fast cyber security response ended up looking more like a cyber security risk.

While there are really no clear guidelines or laws regarding exactly how soon a company must disclose a data breach or how much information they need to share upfront, it is clear that customers and the general public expect a timely and informative response. Businesses can achieve this by having a solid data breach response plan, and insurance agents can help businesses by offering cyber liability insurance that extends beyond just coverage and includes risk management assistance to take them step by step through data breach protection and recovery.

 

About Connected Risk Solutions

At Connected Risk Solutions, we use our expertise and experience to provide insurance information and programs to those who serve long-term care and senior living facilities. Since 2007, we’ve been offering insurance and risk management plans designed to help our agents give their clients the ability to achieve continued growth while simultaneously protecting against loss, containing costs and increasing profitability. To learn more, contact us at (847) 832-9100.

About Connected Risk Solutions

At Connected Risk Solutions, we provide our agent partners with bold solutions for comprehensive insurance and risk management that are unmatched in the industry. We have market connections and collective decades of industry experience, including deep specialization in healthcare liability and managed care E&O, cyber and tech liability, management and professional liability, as well as captive management and risk management. We strive to develop creative solutions no other wholesaler can match and to help our agent partners give their clients the ability to achieve continued growth while simultaneously protecting against loss.

Our specialists, located in offices throughout the country, are responsive and engaged. To learn more, connect with us.

Table of Contents

Related Posts:
ConnectedRisk_ProfessionalandManagementLiability
Understanding Professional and Management Liability in Healthcare: Essential Coverage for Healthcare Providers
One of your jobs as an insurance agent is understanding the intricacies of professional and management...
ConnectedRisk_HealthcareCybersecurityStrategy
Healthcare Cybersecurity Strategy: Strengthening Defenses Against Cyberattacks
In today’s interconnected world, healthcare organizations face increasing risks and challenges...
ConnectedRisk_Reinsurance
Explaining Reinsurance in Healthcare
Reinsurance is a term many in the insurance industry are aware of, and it also plays a role in healthcare....