Cybersecurity Awareness Month: PR dos and don’ts for a company data breach

Adam Hunter, MD at Hook, Line & Sinker

In 2023, more than 2,800 publicly disclosed data breaches led to the theft of over 8.2bn records, according to Cisco. On average, these breaches cost organisations $4.88m (R85.34m) per event. However, these alarming figures only account for the most visible cases, as countless other incidents go unreported, especially in smaller or lesser-known companies.

Cyberattacks have become part of our reality. Last year, South Africa experienced a spike in cyberattacks, with both the volume and sophistication of attacks on the rise. On average, South African organisations faced 1,450 attacks per week, a 4% increase from the previous year, according to ESET’s Threat Report from 2023. South Africa also ranks 14^th globally for the highest average insurance claims related to data breaches and cybercrime, according to Allianz Commercial. The situation is expected to worsen with the growing use of AI in cyberattacks.

In Africa, the situation has reached a crisis point. Cisco’s 2024 Cybersecurity Report highlights the growing complexity of cyber threats on the continent, with sophisticated attacks now targeting supply chains, healthcare systems, and government institutions. These attacks disrupt operations, with 83% of organisations still relying on outdated systems that are vulnerable to cyberattacks, making them easy prey for cybercriminals.

When it comes to data breaches, businesses and organisations are woefully underprepared. Communicating during a data breach requires balancing transparency, urgency, and reassurance.

Here are some of the most common communication mistakes committed during cyber incidents:

1. Deferring: Failing to detect and respond quickly to a data breach can add fuel to the fire, causing even greater damage. Delays in response allow attackers more time to exploit vulnerabilities, access sensitive data, and compromise systems further. This extended window of exposure can lead to increased financial losses, regulatory penalties, and a loss of confidence from customers and business partners, making recovery even more difficult.

2. Hasty communications: Don’t be reckless in the rush to set the record straight. In a crisis, rushed communication can result in misinformation, damage to reputation, legal complications, and loss of stakeholder trust so it’s crucial to get the right message across, from the start.

3. Excluding the social media team: The digital and social teams are critical in helping manage public communication, prevent misinformation, and maintain trust. They can quickly alert followers, provide updates, and mitigate against reputational damage. Teams must be aligned to prevent any potential corrections or retractions.

4. Failing to prepare: Inadequate preparation for a data breach can lead to chaotic responses and ineffective containment of the breach. It may also prolong recovery time, erode trust, and expose sensitive data to further exploitation. Poor preparation often means critical stakeholders, such as legal, IT, and communications teams, are not aligned, leading to confusion and mismanagement of the crisis. Without a clear, coordinated response plan, organisations risk repeating the same mistakes and vulnerabilities in future.
   

Effective communication is crucial in managing the fallout from a cyber breach. While speed is essential, so is accuracy. Delays can erode public trust but rushing in with incomplete or incorrect information can only worsen the situation. For this reason, IT, legal, and leadership teams must also be brought on board to help drive a cohesive message, crafted in collaboration with PR.

By responding swiftly, accurately, and communicating with empathy, it is possible to mitigate reputational damage and maintain trust during a data breach.

Data breaches, phishing scams, and ransomware attacks might be a reality, but organisations are not powerless against them. As Africa’s digital footprint continues to expand, the continent must prioritise cybersecurity to protect its digital future.

The time to act – not only to protect against data breaches but also against reputational damage – is now.

Hook, Line & Sinker (HLS) is an award-winning digital agency that helps brands to find the right hook, by selecting the best communications line, to deliver the ultimate campaign sinker. For more information about HLS and the agency’s award-winning services, visit www.hooklinesinker.biz or follow them on Facebook, X, Instagram and LinkedIn.