The worst part of a data breach for many organizations isn’t just the information lost or stolen: It’s the loss of trust that happens when the public finds out.
And while your organization likely won’t come out looking too good no matter what following a breach, one way to make it even worse is to have incorrect information when you do go public.
The IRS found that out when it was forced once again upped the estimate of how many taxpayers were affected by a 2015 data breach. The initial estimates were 100,000 taxpayers last April.
That number was later upped to 300,000 as new information came in.
And recently, the estimate has more than doubled. IRS officials said that another 390,000 taxpayers may have fallen victim to the attack, which involved stealing information using the “Get Transcript” application for IRS.
Quick or correct?
By the time you’ve fallen victim to a data breach, you’re already going to have a lot of unanswered questions. The difficult part comes when you have to consider what to say and when.
Some companies want to get ahead of the story as quickly as possible and share everything they know. But if that information turns out to be wrong or incomplete, they’re going to pay a price in public image.
On the other hand, if the story gets out before you’re ready to go public, that could be just as bad.
One possible solution: Look into cyberinsurance. One of the costs that may be covered is crisis communication and planning.
And while it won’t solve everything, this service could be one of the most valuable in the short term.