Communicating Security Breaches: When In Doubt, Shut The Door

Transporting secure data is a risky business, and one where those doing the transporting are assumed to be competent, careful and concerned. But, judging from the rash of security breaches in recent months and years - including one in which 40 tapes of Time Warner's secure data quite literally fell of a truck while being transported by data storage company Iron Mountain - proper care isn't being taken, and that's not even taking criminal security breaches into consideration. Given this trend of secure data in danger, coupled with Americans' growing concern for privacy, what is the impact of security breaches on companies, constituents, news coverage and, above all, communicators? According to a recent study by the CMO Council (in collaboration with Symantec and Factiva, and in a media partnership with PR News), the implications are ominous. The "Secure the Trust in Your Brand" survey, for which Factiva monitored the media impact of data security breaches across 10 U.S. corporations, revealed that only 29 percent of respondents (both marketers and business executives) said their companies had a crisis containment plan in case of a security breach. The statistic certainly justified the eyebrows it raised, considering the swell of security breaches among business organizations - and their impact on trust and brand erosion - but it also begs for closer scrutiny. For example, while security coverage of specific companies that suffered a breach accounted for more than half of all stories written about those businesses in 2005 (see chart 1), there is little evidence of preemptive action being taken to avoid such mishaps in the first place. But despite the apparent danger of compromised data to the general public, that same general public seems relatively unconcerned - or so says Jim Lukaszewski, chairman and president of The Lukaszewski Group Inc. (who, coincidentally, was the victim of identity theft on two separate occasions). "It's amazing how little the public seems interested, how little fear has occurred," he says. "It's not a case for which you can find a victim." But although there may not be individual victims to find among the public, victims take form in the companies that find themselves in the news for security breaches that were, more often than not, accidents. But accidental or not, it's still a blow to corporate reputation and public trust, and communications, marketing and PR professionals spearhead recovery. This raises the question: What is the ideal communications response to security breaches? The answer, of course, isn't cut-and-dried, as crisis plans are often made to be broken (see page 2, "When It Comes To Preparedness, Crisis Plans Go Up In Flames"). However, there are steps that can be taken to rectify problems, as seen by the CMO Council survey analysis of the 10 companies and the lessons they learned the hard way: Come clean first, send out a search party second: Even though breaches often don't result in actual threatened security, companies must communicate the event to the affected parties. It's a matter of transparency, but, more recently, it's also a matter of obeying the law. Legislation now requires businesses to inform consumers whenever their data is no longer secure. Keep a crisis secret and you're a bad PR manager; keep a security breach crisis secret, and you could be imprisoned. Nix the trickle-down effect: Don't make the same mistake ChoicePoint did when its communicators decided to send out word of its security breach in phases, initially only speaking to California residents. Technically they acted lawfully, but public pressure required the company to come back to the issue and address a larger public, which made it difficult to put the crisis behind them. Make the message count: ChoicePoint also serves as an example of what not to do when it comes to messaging. The messages of credit coverage the PR team tried to communicate were overshadowed by conflicting examples of poor information on the corporate Web site and poor customer responsiveness. Bank of America, on the other hand, not only focused on a message of openness, but also went beyond legislation requirements to be as transparent with affected parties as possible. Time Warner's SVP and chief security officer Larry Cockell issued a letter to employees detailing the measures being taken to address the problem, which included a credit protection program paid for by Time Warner. Preparedness is key: Lukaszewski emphasizes the benefits of anticipating a security breach before one ever takes place. "At the root, they are representative of scenarios where communications should take preemptive action to protect data," he says. The best defense is for PR to maintain a close relationship with the people who manage the data. Whether security breaches are becoming more regular or it's just a matter of increased media attention, communications executives must understand the implications such crises can have, not just on the company's reputation, but on the industry and the macrocosm as well (in the form of legislation, etc.). (See chart 2) The above tips will kick-start an effective plan of action, but if all else fails and data is at risk of falling off the proverbial (and not-so-proverbial) truck, there is always a fall-back plan, Lukaszewski- style: "Shut the damn door." (For the full CMO Council survey report, visit CONTACT: Jim Lukaszewski, 914.681.0000,

Subscribe Now  |  Login

Comments Off

Deals of the Week

Get $200 Off PR News' Digital PR Conference

Join us June 1-3 where you'll hear from top brands such as Walmart, Miami Heat, Verizon and Ritz-Carlton on PR and communication best practices for the next wave of digital trends.

Use code “200off” at checkout to save $200 on the regular rate.

Get $50 off PR News' Book of Employee Communications


In this 5th volume of PR News’ Book of Employee Communications, our authors cover more than 45 articles on crisis communications, social media policies, human resources collaboration, brand evangelism and more.

Use code “50off” at checkout.

Save $100 on a PR News Subscription


Let PR News become your weekly, go-to resource for the latest PR trends, case studies and tip sheets. Topics covered include visual storytelling, social media, measurement, crisis management and media relations.

Use code “SUBDEAL” at checkout.

Comments are closed.