• admin
  • Crisis Management
  • No Comments

Some Crimes are seen as Victimless, but Hacking is unusual in being a crime where the Victim actually gets the Blame

The Federation Against Copyright Theft (FACT) has fought a uphill battle for decades to convince consumers that video or music privacy isn’t a victimless crime. Even those of us who understand exactly what they mean, aren’t always quick to condemn the pirates (on whatever scale they act).

There is however one crime that is one the rise, where the victim is usually the one blamed (rather than the criminals), where the costs to the victim can be monumental and where the impact on the victim’s brand can be disastrous – it is hacking.

To make matters worse the tried and tested crisis management techniques used in all other crisis, which focus on containment, simply won’t work with a hacking incident or data breach. This is because the new data privacy regulations (GDPR) mandate prompt and wide disclosure.

Let’s consider just how different a hacking incident or data breach is from a more physical crisis:

  Physical Crisis

Bank Robbery

Physical Crisis

Fire caused by staff

Digital Crisis

Hack & Data Breach

Incident
Criminality Criminal action by a third party Possibly criminal or negligent action by members of staff Criminal action by a third party
Responsibility We did all we could to ensure physical security but nothing is ever 100% secure We did all we could with recruitment and training to prevent such actions, but it can still happen We did all we could to ensure data security but nothing is ever 100% secure
Response
Containment The bank robbers won’t be publicising their actions and police will focus on investigation, so containing the issue is entirely possible If there is likely to be criminal prosecution, then there is a limit to what detail can be shared publicly – so containment is likely There is a mandatory obligation to inform the regulators and impacted customers within 3 days. Containment is impossible
Blame The media and public opinion are likely to focus on the bank robbers as the villains and have sympathy for the bank and its staff The media and public opinion are likely to focus on the actions of the employee and have some sympathy for the company impacted The identity of the hackers is unlikely to be known. The media and public opinion will put the blame on the victim instead – your company

 

Whether or not a physical crisis results from the criminal actions of your own staff or of a third party, containment is typically a possibility and as the victim you are unlikely to be the main focus of blame. There are also very few incidents that will have an impact on consumer trust in your brand. People won’t stop using a particular bank if one of its branches gets robbed. The bank’s insurance premium may rise and this may be passed indirectly on to its customers, but they experience no personal impact or emotional connection here.

Conversely with a digital crisis, containment is typically impossible (due to the mandatory disclosure obligations). And even if you took all feasible measures to prevent the breach, you will still be seen as having failed to protect your data and will therefore be the main focus for any blame. Also as the party being blamed, your credibility will be at an all-time low, and your ability to counter the inevitable hysteria and misinformation that will follow any breach, will be minimal. Whether all your customers are directly impacted or just a subset, and whether or not this leads to direct financial loss, all you’re your customers will feel an emotional connection and may reconsider trusting you with their data any further in future. There will consequently be an immediate and a long-term impact in the level of consumer trust in your brand. Much of the brand damage may well even be caused by any hysteria and misinformation that your failed to counter as the story exploded.

This may all sound unfair. It probably is. You just need to be ready to deal with it.

Important points to understand:

  1. Don’t expect traditional crisis management techniques like containment to work
  2. Don’t expect the media and public opinion to have any sympathy for you as the victim
  3. If you can’t contain a situation and can’t expect any sympathy then prepare for the worst
  4. An inevitable level of hysteria and misinformation will accentuate the brand damage
  5. Being publicly blamed for a data breach will have long term impact on trust in your brand

You need to adopt a different approach, We can help!

Author: admin

Leave a Reply