Reacting to a Data Breach: 4 Essentials for Every Exec

A splendid article written by Bill Bourdon for the Harvard Business Review explains the four mistakes that executives make after a data breach. There is only one problem with the article: it is easier to persuade people to be positive, than to persuade them not to be negative. If you tell somebody not to do something, they think of all the reasons why they might do it anyway. If you tell somebody why they should do something, they might just agree with you. So with that mantra in mind, I have simplified Bourdon’s article and reversed its polarity, turning it into four simple principles that every executive should adopt when their business is struck by a data breach. They are:

  1. Act rapidly. The sooner you tell customers their data has been compromised, the sooner they can protect themselves. The sooner you fix your own issues, the sooner you will regain trust.
  2. Serve customers. It is their data which has been exposed, not yours. Do what is necessary to minimize the harm to them, not what you think might limit the harm to your business, because your customers are your business.
  3. Be transparent. If you cannot stop data breaches, you cannot stop the truth coming out either. Gossip and rumors compound the damage to your business, especially if later proven true.
  4. Be accountable. Execs are in charge; the buck stops with them. An exec who is humble about mistakes and who takes ownership of a problem may take steps to prevent future failure. An exec who denies responsibility cannot deliver change.

Despite its negative tone, the HBR article is still a good read, not least because it lists examples of where executives have gone wrong. You can read it here.

Eric Priezkalns
Eric Priezkalns
Eric is the Editor of Commsrisk. Look here for more about the history of Commsrisk and the role played by Eric.

Eric is also the Chief Executive of the Risk & Assurance Group (RAG), a global association of professionals working in risk management and business assurance for communications providers.

Previously Eric was Director of Risk Management for Qatar Telecom and he has worked with Cable & Wireless, T‑Mobile, Sky, Worldcom and other telcos. He was lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He is a qualified chartered accountant, with degrees in information systems, and in mathematics and philosophy.