Written by Emma Lawton • Published 12th November 2019 • 2 minute read

With just two months to go until a new decade starts, it’s fair to say that the 2010s have been the worst in history for data breaches and hacks. Thanks to the ever-increasing sophistication of hackers and the explosion of personal data collection, companies are now sitting ducks in the digital pond.

Business Insider recently reported that 4 billion records have been stolen in the last decade alone through data breaches. For businesses, not only does this represent huge risk in terms of regulatory fines and potential loss of revenue; it also poses serious risk of reputational damage.

From Facebook’s 540 million user profile data left up for grabs on unprotected servers to First American’s exposed 1.885 million financial records earlier in the year, we’ve all seen how damaging these stories have been to the businesses hit. While we can’t help you shore-up your digital infrastructure from attack, we can help you mitigate any reputational damage if you do find yourself on the sharp end of a data breach.


As with most things in life, preparation is key. Before you wake up to the nightmare of a data breach, it’s important to have a plan of attack ready in advance. This needs to start with a clear understanding within the company on what the process is for communicating any data breach to customers and suppliers, as well as who and where that message should come from.

As part of this planning process, everything from ensuring there’s a dedicated landing page ready to set live, to pre-drafted FAQs for customers should be agreed upon and created in advance.  Importantly, these protocols and content need to be shared with any partner agencies to ensure there will be one consistent message given to customers and the public should a breach occur.


The need for speed is real during a data breach. Not only are there significant financial penalties should a company not disclose to the ICO that they’ve been breached; but the longer you wait to tell customers their data has been compromised, the more damage you will do to your reputation.

As soon as the appropriate authorities have been informed, messages need to be sent directly to customers who have been affected. Whether through direct email, a statement posted on the website or even a press conference, it’s essential that customers know what has happened and how you are working to mitigate the risk to their data. Transparency is essential here. Dragging your feet to tell customers or being ambiguous about what has happened will not give customers confidence in you as a business.


Once the initial data breach has occurred, don’t go quiet on customers. By providing regular updates, when appropriate, it lets customers know you’re still working on mitigating any damage caused and not ignoring what happened. This helps to reduce any reputational damage by showing customers you are being as open and transparent with them as possible, while doing everything possible to solve the issue.

While the first line of defense should always be a strong cyber strategy, in this day and age data breaches cannot always be prevented. However, by following this three-step guide, you can start to mitigate the reputational damage caused by such breaches.

If you’re interested in hearing more about how we can help you, please get in touch.