As data breaches increasingly make headlines, discussions around transparency and disclosure are coming to the fore. Organizations, in fear of reputational damage, often hesitate to reveal breaches. However, transparency remains the best path to remedy security shortcomings and ensure long-lasting consumer confidence.
The Federal Trade Commission has recently approved an amendment to the Safeguards Rule, requiring non-banking financial institutions to report certain data breaches and security events. Specifically, those in which information affecting 500 or more people has been acquired without authorization. This demonstrates a regulatory momentum towards mandating transparency and disclosure within the financial industry.
With these new legal obligations, organizations must now seriously weigh their stance and strategy around breach disclosure. Attempts to conceal incidents seem not only risky but infeasible under mounting regulatory pressure. Instead, taking the path of transparency and responsibility provides the opportunity to rebuild trust through accountability.
Taking a proactive and multi-faceted approach to cybersecurity
Cybercrime is only growing in complexity, requiring companies implement a proactive, defense-in-depth approach to cybersecurity. This starts with strong governance measures like designating a CISO, developing comprehensive incident response plans, and instituting mandatory cybersecurity training for all employees on threats like phishing, malware, and social engineering to name a few.
On the technology side, businesses need advanced threat detection, continuous vulnerability monitoring, strict access controls, data encryption, and advanced endpoint protection across networks and devices.
However, as recent headlines demonstrate, prevention alone is insufficient. Organizations must also plan their response and disclosure protocols prior to incidents. Post-breach response plans outline critical actions like containing breaches, assessing impacts, notifying authorities and customers, organizing forensic investigations, and improving security controls.
Additionally, plans should cover later-stage remediation, since breaches often have lingering effects. Steps like fraud monitoring for affected individuals, offering credit protections, contingency planning for potential lawsuits, assessing business continuity risks from damaged systems or lost data, and detailing cycles of improvement to enhance resilience against future attacks should feature in response strategies.
Effective plans empower rapid coordinated response while still following growing regulatory reporting obligations. Thoughtful plans also guide reasoned transparency decisions during chaotic aftermaths when emotions can overwhelm objectivity and nuance.
With extensive readiness covering response coordination, external communications, and long-term commitments to affected customers, institutions can reinforce integrity and accountability. This comprehensive approach also sustains legal compliance and puts organizations in the best position for customer retention, despite the turbulence of breach events and shifting disclosure laws.
The high costs of obfuscating data breaches
In contrast, covering up or downplaying a data breach often devastates companies in the long run. Beyond missed legal obligations around disclosure rules, concealed breaches tend to emerge with even more consequences than before. Interestingly, we are even beginning to see ransomware groups filing complaints against companies failing to self-report. If concealed breaches do come to light it can annihilate trust in the organization - especially if the business in question holds sensitive data.
Furthermore, research shows third-party breaches account for over 60% of incidents. With complex digital supply chains, companies inherit vulnerabilities through vendors and partners, whether that be a software provider or even a cleaning service, unless they manage third-party risks methodically. Additionally, with such interconnectivity along supply chains concealed breaches can not only have implications on the business impacted, but its partners and their customers too. As a result, overall, transparency around events, while painful in the short term, serves a company's best interest earning long-term consumer and partner trust. Deception, on the other hand, can destroy that trust irreparably.
Balancing temporary impact vs lasting integrity
Companies naturally want to avoid immediate reputation damage and customer loss after security incidents. Yet positive branding relies on authenticity, honesty, accountability - pillars that transparency reinforces for the discerning consumer. When businesses follow proper disclosure protocols, communicate compassionately, and demonstrate effective remediation post-breach, customers are much more likely to grant reasonable leeway. Over time, this builds integrity and resilience into consumer relationships.
Therefore, companies should develop strategies focused on maintaining customer dignity and trust around breach events. Leadership must balance tempering short-term PR blows around incidents with nurturing enduring bonds of integrity between the business and its customers. The companies that will thrive post-event are those that handle crises with clarity rather than concealment.
Meeting the escalating complexity of cybersecurity
With supply chain attacks, increasing ransomware, and ever-more-cunning hacking threats rising, cybersecurity only grows more complicated each year. Simply buying security tools is not enough anymore. Navigating the modern cyber landscape requires broad vision with insights into regulations, advanced technologies, communications strategies and preparedness.
Companies require a firm grasp of the many interlinked facets around cybersecurity from prevention to detection to incident response. Only with such comprehensive understanding can businesses determine how transparency helps rather than harms brand value and customer loyalty. Transparency remains the cornerstone organizations depend upon to maintain stability amidst the turbulence of breach fallout.
We've featured the best privacy tools and anonymous browsers.
This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro