• GUEST BLOG: John Cannon: What’s your data breach action plan?

    864 1024 Stuart O'Brien

    John Cannon is commercial director of Callcredit Information Group, and has worked for over 20 years in the information industry. During that time he has held a number of senior roles including heading Infocheck Group’s insurance business and leading Equifax’s ID & Fraud team. For the last 10 years, John has focussed on the areas of Financial Crime, Fraud, Money Laundering and Identity.

    All organisations are at risk of a data breach. Indeed breaches are becoming an increasingly common occurrence. According to the 2015 Information Security Breaches Survey, 90 per cent of large organisations reported that they had suffered a security breach last year, up from 81 per cent in 2014. With those stats in mind, it’s unsurprising business executives, and the general public, are concerned about the security of their data.

    We’ve all seen, following recent high-profile breaches, the reputational damage a security leak can inflict on a company. In a world dominated by social media and 24/7 headlines, news of a data breach will travel fast. Not only do businesses risk losing existing, and future, customers but, by not handling the situation in the right way, they can risk considerable negative impact on their reputation.

    In fact, a recent YouGov poll found nearly eight out of ten people would think twice about giving their custom to a company that had made headlines for failing to stop a data security breach.

    As a result, it’s essential all organisations have a strategy in place to react instantly should the worst occur.

    A breach has happened what do I do now?

    Any organisations first priority should be to notify key stakeholders in the business in the first 24 hours. The approach and messaging to the breach should be agreed and then communicated as appropriate to consumers, customers, regulators, politicians and the media.

    As well as communicating externally, it is important to update internal teams. All relevant, and customer facing, employees should be informed as early as possible and fully briefed on how to discuss the situation.

    As the situation develops, it’s important all channels are kept open and information is forthcoming. Organisations should be prepared for an increase in website, social media and customer service traffic. An emergency team should be in place to pick up any additional workload and prioritise reassuring customers. Customers, in particular, need absolute confidence that the company has done all they can to mitigate the impact of the breach and to prevent it happening again.

    Ensuring your organisation remains protected & responding to a breach if it occurs

    Prevention is better than cure. Organisations need to be on the front foot when it comes to cyber protection. Having a plan in place should a breach happen isn’t enough. Not only can a breach be costly in terms of lost customers, EU legislation mandating that companies suffering a breach generally have to notify the public, and which could impose fines of up to four per cent of an organisations global turnover, may soon come into effect. However, should a breach take place advanced solutions, such as Noddle Protect, offer businesses access to tools to protect company reputations and put an action plan in place to move swiftly should an organisation need to.

    By being proactive and investing in safeguarding consumers, businesses can not only demonstrate they are acting responsibly, they can also demonstrate a genuine investment in their consumer relationships, helping to build long term trust and loyalty, and ensure they don’t become part of the unlucky 90 per cent.


    Stuart O'Brien

    All stories by: Stuart O'Brien