Firms mismanaging cyberattacks risk failing their customers and losing trust

The latest customer data breaches have exposed brand inadequacies in understanding how to deal with cyberattacks and the required levels of customer engagement and communication to support clients through the crisis. If you make a hack job of a hack job you risk destroying any sense of customer loyalty, trust and confidence in the brand.

What do customers expect from brands?

While most people expect to be hacked at some point in their life but hope they won’t be, they at least expect affected brands to respond by managing the customer experience in a timely, diligent, thorough and professional way. Cyberattacks are on the rise with thousands occurring every year. Optus might be top of mind for many people right now, but it was the 51st company to experience a major data breach in Australia in 2022.

While firms can be ever vigilant to secure their data, they cannot guarantee a data breach will never happen. If the Department of Defence and the Australian Federal Police can be hacked, we should all be careful of throwing stones. There have already been another six major data breaches since the Optus hack and no doubt more to come before the end of the year.

When people see that a data breach has occurred, they immediately look to the company and its response to gauge how well prepared it was for the devastating cyberattack. Responding in a time of need is a true test of a company’s character and capability.

If the response is deemed not good enough and receives strong criticism from media, government, or customers, it generates a second wave of negativity that can be even more destructive to the company’s reputation than the data breach itself.

A survey of people impacted by the Optus cyberattack shows many believe Optus managed the issue and its communication with them poorly.  Respondents who also state that they intend to leave Optus, say they would have considered staying with Optus as a customer if the business responded to the data breach in a more transparent and effective manner.

How can brands keep the trust of the customers?

Times of crisis are the times for brands to shine. It is possible for brands to retain customers and even grow brand trust in the face of a hacking crisis provided two things are made clear.

  1. The business is not negligent in the protection of customer data
  2. The business acts swiftly and implements a crisis management plan that centres on open, honest, timely clear communication and decisive action.

Fifth Dimension’s trust model centres on the premise that trust in brands has its foundations laid in two traits – the capability of the brand to do what it promises and the character of the brand to operate in an ethical manner. Fail on both trust traits and you risk losing a client you have let down for life and weakening your brand due to the legacy of a poor reputation.

Brand capability expands beyond products, services and price to the governance of the organisation. Good governance is dependent on how well the company is managed. This includes operational effectiveness and management of data privacy and security.

While brand character extends beyond being honest and ethical to authentically driving an agenda of benevolence that achieves better outcomes for clients and the wide community, it must be built on strong and effective direct communications with all stakeholders.

As the hacking contagion sweeps through more businesses exposing brands and their clients to the murky underworld and dangers of the dark web, the failure of executives to respond appropriately is being laid bare. The latest victim, Medibank, is testament to the need for brands to step up and start dealing with the hacks in a capable, customer-centric and rigorous way to overtly maintain customer confidence and reduce real and perceived risk.

If breached, how can brands best manage the situation?

If you hold personal information on your clients you should have a comprehensive data breach response plan ready to go that includes not only the steps you need to take to secure your systems but a communications strategy for clients that can be triggered and executed at a moment’s notice. Here are key customer experience considerations for brands. 

  • Notify your customers of the breach before the mass media
  • Outline the actions you have taken to secure your systems and the impacts this has on normal day-to-day operations
  • Clearly communicate all contact channels for customers to ask questions or to find out more detail.  Have staff trained on what advice to give and how to show the appropriate empathy towards customers and build reassurance
  • Have ready steps for customers to take if personal information has been breached – even if it has not been confirmed which customers have been affected and to what degree.  Do not make nervous customers wait for confirmation to assist them proactively
  • Do not continue with regular marketing activities as this shows a lack of respect and empathy for customers
  • Keep the dialog with customers and the broader market open and ongoing

Critically, get on the front foot and don’t leave your customers or the market wondering about what you are doing to analyse and rectify the situation. The company that is well prepared with a considered and detailed response will gain respect from its customers.

Think of a cyberattack as the latest customer journey brands need to map and design a customer experience for. It is a major moment that matters – how will your brand perform? Based on recent events, the bar has not been set very high.

Lyndall Spooner is the founder and CEO of Fifth Dimension Consulting.

Lyndall Spooner, Chief Executive Officer, Fifth Dimension Consulting