Tools of the Data Breach Trade: How to Keep Your Customers and Your Credibility in 2017Data breaches are now a cost of doing business, but the price tag is unacceptably high. Juniper Research predicts that data breaches will cost $2.1 trillion globally by 2019, which is almost four times more than in 2015. And according to the Ponemon 2016 Cost of Data Breach Study: Global Analysis, the average total cost of a data breach for the 383 companies surveyed increased from $3.79 million in 2015 to $4 million in 2016. That represents a 29 percent increase in the total cost of a data breach since 2013.

Clearly, managing data breach costs is an important part of any response, and that means spending your money wisely. It also means prioritizing your expenditures, from media relations to identity protection services.

Customers Come First: Tools of the Data Breach Trade

Talk the Talk

Participants in the Customers Come First: Data Breach Response Survey ranked the top three components for protecting their organizations’ reputation and retaining customers. Top of the list at 56 percent was a thoughtfully written notification letter. Customers take these letters seriously; 85 percent of breach victims think it’s important to follow all the recommended steps in a breach notification, according to the Javelin 2015 Data Breach Fraud Impact Report. In addition to notification, the survey also indicates that effective communication is valued, through a call center (48 percent), media relations (36 percent), and a website (32 percent).

Walk the Walk

Businesses must back up notification and other communications with action, the survey shows. This includes taking steps to prevent future beaches (56 percent) and free identity protection services such as credit or dark Web monitoring (50 percent). Conversely, discounts on products or services and gift cards fared poorly at about one percent each, suggesting that customers value real protection from the real risks of data breach—such as identity theft.

Reduce Costs through Outsourcing

With so many moving parts in a breach response, costs can quickly spiral out of control. According to the Ponemon Institute, “Efficient response to the breach and containment of the damage has been shown to reduce the cost of breach significantly.”

One way to ensure that efficient response and minimize damage and thus control costs is to partner with a reliable breach response partner. In its report, Planning For Failure: How To Survive A Breach, Forrester notes that an incident response team should include both internal and external experts.

The survey results support that best practice: Most organizations realize that breach response is not their core competency and would seek outside help. This is particularly true for forensics investigation (64 percent), which requires technical expertise. Establishing a call center (48 percent) and the mailing and tracking of notification letters (45 percent) were other specialties likely to be outsourced.

Five Questions to Ask Your Breach Response Vendor

If you do decide that outsourcing is the way to go, do your homework. Finding a breach response vendor you trust is critical. When evaluating, consider these questions:

  1. Does the vendor specialize in breach response services? You’ll want to avoid credit-monitoring businesses that offer breach response services only to gain more subscribers.
  2. Can the services be customized to fit your needs? You should be allowed to buy only the services you need, and not the ones you don’t.
  3. Can the vendor support both large and small breaches? You need a vendor who can manage all sizes of a breach, including yours.
  4. Does the vendor offer a comprehensive range of services? During a breach, time is limited. Your vendor should meet all of your breach response needs, such as digital forensics, call center, notification letter printing and mailing, crisis communications, and risk assessment and breach planning.
  5. Does your vendor of choice have a good reputation? Before signing any contract, take the time to find out if the vendor has had any recent legal troubles, regulatory infractions, or if the organization itself has experienced a breach.

You can’t control when a breach hits, but you can manage costs. That may include proactively investing in a reputable breach response vendor that can make the best use of limited resources to ensure positive outcomes not only for your business, but also for your customers.

Customers Come First: Tools of the Data Breach Trade