Cyber attacks are de rigueur these days. Respondents to a recent survey of IT professionals reported an average of 40 attacks per year.

The price tag of a security breach is staggering. The same study reports an average cost of $1.2 million—and financial costs are not the only consequences.

One-third of survey respondents claimed their company lost intellectual property due to a cyber attack and 36% of them believe the attack reduced their competitive advantage.

A security breach is serious stuff. Yet despite the prevalence and obvious cost, some businesses do not effectively communicate an attack to key stakeholders.

In one extreme example, LinkedIn landed in a media nightmare in mid-May after a hacker tried to sell 6.5 million of their users passwords. Instead of coming clean about the hack when it happened in 2012, the company remained silent. Now, four years later, they’re facing a barrage of criticism.

Here’s a short, four-step plan to help you tell customers about a security breach without creating panic … or generating unwanted media coverage.

How to Tell Your Customers about a Data Breach

#1 Tell it all, tell it fast and tell the truth

These are words to live by when it comes to issues management and crisis communications. While your IT team is busy containing the security problem, communicate quickly, directly and honestly with affected customers and other stakeholders.

While every situation is different, your company’s initial communiqué to customers should include:

+ What customers need to do to protect themselves

+ A short summary of what happened and the information affected by the breach

+ How you’ll improve security in the future with as much detail as possible

As the situation is unfolding, you won’t have answers to all your customer’s questions. Direct them to a FAQ page on your website and tell them you will update it as you learn more.

Some customers will want to validate your company’s email and confirm it’s not a hacker’s phishing scheme. To reassure them, add information about the breach to your social media channels and include a banner on your website’s homepage.

#2 Prepare for inquiries

Make it easy for customers to contact your organization. Include your 1-800 number in your email and encourage them to get in touch if they need assistance.

Distribute briefing documents to everyone in your company who interacts with customers, including your customer service team, social media community managers, sales force, and switchboard operators.

Consistent key messages with your front line staff help ensure your company avoids contradicting itself. However, each team’s Q&A will vary since the questions customers ask your switchboard will differ from those received by your social media team.

Coach your front line staff to convey empathy to customers and ensure they reinforce how seriously you’re taking this threat.

#3 Monitor conversations and respond

Customers with complaints about a security hack won’t necessarily tell you about them. And they won’t just tell their friends and family. Many will pick their social media platform of choice to grumble. And, if they have a decent number of followers, their concerns could spread like wildfire.

Google Alerts are a cost effective way to track what people are saying about you online. If you’re dealing with a severe security breach, look for a more comprehensive online monitoring tool like CustomScoop or Sysomos.

It’s not essential to respond to every online comment. Decide on a case-by-case basis if you’ll ignore, monitor for further developments or respond.

# 4 Learn … and move on

After the dust settles, evaluate your customer communications response to the data breach. What happened and how? What did you do right? Where could your company improve? How could you do better next time (since in all likelihood there will be a next time).

Plan ahead

The best advice to manage customer communication during a security breach is to be prepared.

Crisis preparedness is the defining factor in how well your company and its reputation weather a crisis. While no one can predict what will happen tomorrow, the likelihood of a cyber attack is high. A good plan provides a solid foundation on what to do and how to do it.

If you need help developing a crisis preparedness plan, get in touch.