Analysis: PR rule book amidst a data breach

Cybersecurity has been a increasing prevalent issue in recent times. Most recently, COURTS was found to have a data breach for the second time in two years, which saw it being slapped with a SG$9,000 fine. There also has been a slew of data breaches from brands such as ShopBack, RedDoorz, Razer, and Shopify.  

While data breaches are becoming far more common, it still doesn't take away the fact that when an actual breach occurs, the trust between the consumer and the brand is put on the line. Pamela Tor Das, managing director, LEWIS Singapore, told MARKETING-INTERACTIVE that once the  trust is broken, consumers will become wary of providing their data with the brand in the future.

With the increased adoption of digitalisation, especially during the COVID-19 era, efforts to prevent data breaches should now be integral. As such, the possibility of a data breach must now be part of a standard crisis preparedness and planning conversation. “Protocols to protect and limit the breach, investigation taskforce, activating the crisis management team, as well as communication strategies and holding lines need to be prepared in advance,” she added.

According to Kunalan Chakravarthy, chief executive of Priority Consultants Group,

A data breach can whip up a perfect storm of cascading events with a broken trust being just the tip of the iceberg

Aside from risking the loss of customer confidence and loyalty, a data breach may also lead to a fall in market confidence, resulting in tumbling share prices and difficult questions to answer from investors and analysts.

Weighing in on the conversation, Nadia Chan, general manager, PR Communications, added that brands may also suffer financial losses in terms of compensation to affected customers, heightened security costs, as well as regulatory fines. “Data breaches can also significantly damage brand value and reputation when the incident is covered by news sources and spreads widely on social media,” Chan said.

Align your narrative

Should a breach occur, transparency and speed are key to a brand’s reaction. Tor Das added that the PR professionals involved need to find out as much information such they can such as what types of data have been impacted, and ensure those impacted are contacted swiftly. “It is also up to the brand to assess what would be critical data they need to capture versus other sensitive data they can omit capturing,” she added.

Agreeing with Tor Das, PR Communications’ Chan said when involved in a data breach, brands should firstly have a full grasp of the incident – when and how it happened, what data was compromised – and quickly acknowledge the issue by communicating it to customers. In such cases, putting one’s customers first is vital and practicing clear, transparent and proactive communication with empathy is critical to rebuilding trust among them.

"Brands should always aim to be the first source of information for the public when a breach has occurred. This will allow them to control the narrative around the issue, before news of it spreads quickly on mainstream media or through word of mouth,” Chan said. The information deployed should also be clearly communicated to all internal stakeholders such as employees and investors, with a communication plan in place to ensure consistency, along with regular updates at every stage of response. Brands should also not forget to restore trust with its external stakeholders such as suppliers and partners, and shareholders.

PR teams need to be quick on their feet to sieve through information that is widely available offline and online – whether it’s through media coverage, forums or social media, Chan said. It is vital to stay on top of what is being said about the brand in real time to prevent anything from escalating, and to address areas that are not factually true through a media statement or press release.

The aim here is to diffuse any possible speculation among those affected.

It is also essential to ensure that the communications plan and messaging developed by the PR team stay consistent with all relevant stakeholders, which is vital when communicating with the press during interviews or press conferences and with affected customers.

Jessie Ho, managing director of Ninemer Communications added that PR teams need to understand the context of the data breach, and how it affects the users to respond swiftly and effectively. “More importantly, brands should not shy away from addressing the gaps and putting in place measures to close these loops. They should have the mindset that consumer outreaches after a breach is a way to constantly stay connected with their stakeholders, to improve the system,” Ho also said.

When it comes to addressing the issue, Chakravarthy told MARKETING-INTERACTIVE that it is important to have pre-prepared statements and more importantly, a clear understanding of responsibilities across the team on how to stop the data breach and generally manage the entire data system. These pre-emptive measures should be made public on the company’s website and shared via direct communications with partners and clients.

Additionally, he cautioned that should a breach occur, rather than play the “blame game”, brands need to be transparent and through decisive actions, try to limit the reputational damage. Staff also need to be trained and  briefed on their respective role and responsibilities when it comes to data security and breaches. “Many mistakes are not malicious but just come from a lack of training,” he said, adding that brands should always use communications tools and techniques to keep all the stakeholders updated on the company’s commitment and pre-emptive actions that are in place to protect digital assets.

Not the end of the road if breached

Although data breaches are definitely detrimental to brand trust, PR players are of the view that all is not lost for brands should it occur.

Chan said while many believe companies’ reputations will be severely tarnished by data breaches, sometimes data breaches can actually foster a deeper sense of brand loyalty and stronger customer relationships if brands are able to handle it well.

While the issue has already taken place, what matters is how well one responds to it.

Good practices include showing empathy towards those affected, being proactive and transparent, according to Chan. To reduce the risk of future data breaches, brands should also have additional security measures in place and develop a business continuity plan outlining the various steps for responding and reporting data breaches should it occur again, Chan added.

Holding a similar sentiment, Lewis’ Tor Das is of the view that to regain consumer confidence after the breach, brands need to communicate clearly the measures they have put in place to protect the data, whether that's through website security during a registration process or through proactively lending their voice on the topic in the media space.

Having an optimistic outlook is Ho as well, who said there have been brands which were involved in data breaches and bounced back from the glitches. She added that these brands are usually well prepared, and deliver strong post-breach solutions and communications to assure their stakeholders. Hence, it is crucial to be well prepared because a confusing and evasive post-breach communications efforts can magnify the problem, causing more damage than the breach itself.  

(Photo Courtesy: 123RF)

Join us on week-long journey at PR Asia 2020 as we delve into topics such as diversity, cancel culture, future of PR, PR with a purpose and many others from 8 to 11 December. Sign up here!

Related Articles:
PR lessons from NLB's handling of book with 'dark-skinned' bully with 'oily curls'
Staying relevant: Can PR professionals dodge the axe during a crisis?
Analysis: Will Facebook's numerous PR crises boil over or simmer down?