Marriott did a good job with responding to the hack. Source: Shutterstock

Marriott did a good job with responding to the hack. Source: Shutterstock

Why breach-readiness is critical to surviving a cyberattack

CYBERSECURITY is a concern for every business and to a great extent, professionals can do their best in terms of safeguarding their organization’s network and data — but there’s no guarantee they won’t be a victim of a cyberattack.

Getting hacked is a real possibility for any business. It’s why IDC forecasts that companies will spend north of US$100 billion on cybersecurity this year alone and Accenture believes that companies will lose up to US$5.2 trillion over the next five years as a result of cyberattacks.

However, companies that want to ensure that they’re able to mitigate the damage in the aftermath of an attack must put a breach-readiness plan in place.

Essentially, a breach-readiness plan is a carefully thought out strategy to inform regulators and customers about the hack.

It also outlines procedures to make sure that appropriate steps are taken to stay transparent about the loss of information and data and that the organization is able to impartially conduct and report on the vulnerabilities that were exploited.

Breach-readiness is a CX plan

Business leaders must think of breach-readiness as a part of the organization’s customer experience (CX) strategy.

When customers and regulators are kept in the loop, the business is able to earn (back) their confidence and trust and make sure that further damage is prevented.

Data breaches can be a public relations nightmare if not handled well.

Take Equinox, for example. Initial responses from the company were quite poor, causing the public to be more concerned — and even angry — about the credit scoring giant’s response to the incident that led to the exposure of millions of customer’s private data.

Of course, in their defense, they were doing everything internally to investigate the matter. However, if there was a breach-readiness plan in place, maybe the company would be able to save face in public.

Hospitality giant Marriott is a good example of good public relations in the event of a data breach.

The recent incident that left 500 million of the hotel’s guests’ data exposed could potentially cost the company upwards of US$200 million in penalties and damages.

Fortunately, Marriott’s team seems to be doing a good job speaking to customers about the cyberattack and answering questions they have about the risks they face and measures they can take to protect themselves.

Mariott aside, others that have managed a data breach quite well in the recent past include Cathay Pacific and SingHealth. Each had a different strategy, but

There’s plenty of evidence that a good breach-readiness plan could soften the blow to the organization’s management and stakeholders in the event of a breach.

It’s why organizations need to think long and hard about their breach-readiness plan just as they do for their overall cybersecurity strategy.