The Importance of PR in Data Breach Crisis Management

The Importance of PR in Data Breach Crisis Management

Reputation might be an intangible asset, but to most companies, it’s as important as the product or service they’re selling. After all, reputation takes years to build, and without it, the business can pretty much kiss its competitive edge goodbye.

And yet, when it comes to data breaches, there have been some pretty extraordinary corporate PR bungles in the last few years.

You can’t say organizations aren’t aware of how crucial concepts like privacy and security now are to the average consumer. Before, customers cared about privacy but didn’t do much about it. So companies also did the bare minimum so they can save on security costs but still save face when needed.

That isn’t acceptable anymore, as this 2019 survey conducted by Cisco proves. A rising number of people (32%) said they cared about privacy and have switched services in the past because of it. That’s especially impactful during a data breach; if the company handles it poorly, then they can lose those customers forever.

A strong PR presence is essential in the aftermath of a data breach if the company wants to keep its reputation intact.

Data Breaches are Massive Blows to Customer Trust

People put their trust in companies to protect the data they hand over from being misused or distributed without their knowledge. When a data breach occurs, those consumers feel that business broke their trust.

Without an effective PR strategy prepared for the event of a data breach, the company would have little chance of mitigating the damage.

Like with any other disaster, the damage is already done. But the way an organization handles the aftermath can make a big difference.

When companies rush to respond to a breach with transparency, their stock prices tend to recover in about a week. Meanwhile, companies that are slow to react or try to hide the facts see their stock prices steadily decline.

Stock prices aren’t always a good indication of sales. But they do show sentiment towards a company. That blow to customer trust can also be a massive blow to the company’s bottom line.

The Mindset of a Company After a Data Breach

Keeping the customer’s feelings in mind should help steer the conversation in the right direction. Customers feel vulnerable and may feel panicky about their safety or the safety of their other accounts. So it’s essential to take a humble and empathetic approach and to be as transparent as possible.

That last point is crucial too: people want to know what’s going on. They should find out about the breach from the company, not from the media. It doesn’t mean the company should start sending out announcements before they have a grasp on what’s happening themselves. It is important to present a calm, coordinated approach. Only then will the users know the company is handling the problem.

To sum up, fast and accurate communication is critical. This is why a data breach response plan or a crisis management framework should already be in place. It allows for better and faster communication between departments in the event of a data breach. Thus, it also leads to sooner communication with customers.

Take Steps to Mitigate Risks but Always be Ready for the Worst

Every company that handles customer data of any kind has a responsibility to keep that data secure. It means not doing the bare minimum as many competitors do to look good on paper. It means spending time, effort, and money to ensure that customer data stays safe. And regularly following up on systems and policies to make sure they’re still valid.

A proper strategy involves:

  • suitable security measures, e.g., encryption
  • policies that are enforcing privacy laws.

For example, a company could backup and encrypt data at rest and use a virtual private network that has servers in the UK (the UK VPN) to protect data in transit. Moreover, it should apply company-wide new policies to comply with the GDPR.

But even a company that takes every step to mitigate their security risks should prepare for the worst. There’s no way to secure a system or data server against every possible risk out there.


Organizations must convey a consistent message after a data breach to reassure their customers. Not just for the sake of having their own best interests at heart but also for their customers’ safety. For that to happen, the company needs to have a solid plan in place, a good grasp on the situation, and transparent communication. It all requires an experienced PR team.