The financial and operational implications of a cybersecurity attack can shatter an organization. In 2023, the global average cost of a data breach soared to $4.45 million. This is a detrimental figure for small and midsize businesses (SMBs) that may lack the resources and expertise to effectively respond to breaches.
Beyond the immediate costs and disruption to critical operations, data breaches damage customer and stakeholder trust, threatening an organization’s reputation. Clear, prompt communication is key to mitigating these risks. That’s why MSPs must assist their SMB clients in developing robust crisis communications plans to swiftly rebuild trust and ensure regulatory compliance in the aftermath of a data breach.
Pre-breach Preparation
Why do SMBs need cybersecurity communications plans? Well, 43% of cyberattacks today target SMBs. And last year, more than three-quarters of customer incident response cases managed by Sophos’ X-Ops Incident Response service involved small businesses.
Maintaining a strong security posture reduces the likelihood of an attack, but cybercriminals will find new ways to circumvent defenses. This reality underscores the need to help your SMB clients prepare for breaches and the aftereffects.
Without a comprehensive crisis communication plan, a client may not know who to contact about a breach or the level of detail to include in their messaging — often resulting in delayed response times and diminished stakeholder trust. However, a swift and transparent cybersecurity response can mitigate reputational damage. It would help your clients maintain control over the narrative and avoid the spread of misinformation.
To ensure an SMB’s incident preparedness, start by asking about their incident response plan. Does it include a crisis communications plan with specific steps for responding to a breach? When did you last update the plan to reflect evolving cyberthreats? To help you create or update the plan, ask clients to assemble an internal, cross-functional team — ideally including IT, legal, and public relations or communications professionals.
Also, designate a spokesperson to ensure consistent messaging to stakeholders and the public. This individual should be a senior-level executive, like a CISO or head of communications, who is familiar with the organization’s operations and can communicate effectively under pressure.
Encourage clients to maintain multiple copies of the cybersecurity communications plan, including physical copies and versions stored in secure cloud solutions. By doing this, the company can access all important details even if certain systems are compromised in a breach.
Post-breach Response
An effective plan outlines specific actions to take following a breach. Escalation processes and messaging needs may vary, so tailor each plan to the client’s specific needs and risks. In nearly all cases, these are the critical communications you and your clients must prioritize in the immediate aftermath of a data breach:
- Inform law enforcement. Your client’s designated spokesperson should immediately notify the local police department for proper documentation and initial investigation. Make sure your communications plan includes the department’s contact information. Local authorities may redirect your client to federal authorities if necessary. Prompt communication with law enforcement ensures that public statements don’t interfere with the ongoing investigation.
- Consult with experts. Almost every state has its own laws regarding data breach notifications. Help clients understand their local and state laws, and incorporate them into their communications plans. Clients may also need to consult with legal counsel. For example, there are specific rules about breach reporting for incidents involving healthcare patient data.
- Release a statement. Timeliness is crucial for controlling the narrative and managing public perception. Consider creating a template that empowers clients to quickly craft a statement following an incident. Also, clearly communicate how the breach occurred, which data was affected, and the steps being taken to address it — and prevent future breaches.
- Communicate with key stakeholders. Help clients identify stakeholders who may be affected by a breach. Those can include vendors, key customers or investors. Include stakeholders’ contact details in the plan for fast communication and account for worst-case scenarios. For example, if a client’s systems are down and they can’t reach investors via email, plan for alternative contact methods like secure messaging apps to preserve communication during a crisis.
- Notify impacted individuals. Be transparent, empathetic, and timely while communicating with individuals whose personal data was affected. In this case, creating templates can help resource-strapped clients respond quickly. In these messages, explicitly state how the breach occurred, what information was stolen, and actions being taken to remedy the situation. Even with limited resources, SMBs can support impacted individuals by providing clear instructions on how to protect themselves and maintaining open lines of communication for any questions or concerns.
Swift and Effective Crisis Response
Creating a cybersecurity communication plan is crucial, but it’s only the first step in preparing your clients for a breach. It’s just as important that they can execute their plan smoothly during an incident when pressure is high.
By regularly testing the plan through simulations and drills, and adjusting it to reflect gaps and evolving threats, your SMB clients will be ready to act swiftly in the face of a data breach — regardless of headcount or resource availability.
Scott Barlow is vice president, Global MSP & Cloud Alliances for Sophos.
Image: DALL-E