Saturday, September 4, 2021

How To Win Back Customers After You Have Been Hit By A Cyber Attack

 


There are a lot of Cyber professionals out there try to calculate what the true cost of a Cyber attack is to a company.  Typically, this includes downtime as well as the time that it takes to recover back to your mission critical processes.

Most of these variables can be quantified, so in a way, they can be rather easy to calculate (in a loose sense of way). But then, there is also the other side of this, which are the indirect costs after you have been hit. 

Typically, nobody really thinks about this, as all efforts are trying to prevent from going out of business.  But they are real, and they need to be taken into consideration just as much as the direct costs.

So, you may be asking what is an indirect costs?  Well, these are the ones that are harder to get solid numbers for and are therefore much more qualitative in nature.  These costs include what it takes to notify key stakeholders, the chances of you being named in a lawsuit down the road, the probability of being audited by the regulators from either the GDPR or the CCPA, but most importantly, this involves the costs of losing a customer, and trying to win them back again. 

This all comes down to what is known as brand loss, or damages to your brand image.

This is true in no matter what industry that you might be in.  If something happens to your business, customers will pretty much swarm and go to your competition.  It can take months to get a new customer, but just a few seconds to lose them.  And unfortunately in the world of Cybersecurity, once you have been hit, the chances of getting your old customers back is very slim.

It’s not that you don’t have a great product or service, but your customers have entrusted you with the safe handling of their PII datasets.  Now that trust has been violated, so it will be very difficult to rebuild, if at best.  It’s sort of like dating.  If you or your partner have violated the trust amongst one another, it will be very difficult to build back up again, and thus you may want to start to find somebody else to date.

But all is not lost, and there are ways to try to win back your old customers in case you have been hit with a security breach.  So here are some remedies that you can try:

*Always be honest:

After you have been impacted, one of the best ways that you can keep your reputation is to simply be upfront and honest about it.  In other words, being transparent will rule in the end.  So for example, the moment you are hit, your PR firm (if you have one) should start making plans as to how they will contact key stakeholders, especially your customers.  They should be notified as quicky as possible, with no delay.  All modes of communication should be made in this regard, which includes phone, Email, Snail Mail, and yes, even Social Media.  But you have to also walk a fine line here, as you do not want to give out too much information and detail, especially as the case will be ongoing.  Let your customers know that they come first, and that you are working hard to protect their PII datasets.  Also let them know that you will be offering services that will help them to reclaim their identity in case they truly have become a victim.  Yes, it may embarrassing at first admitting to the public that you have been impacted but being honest and transparent from the very beginning will pay huge dividends for your business in the end.

*Be proactive:

You always want to be proactive after a security breach, but this will be made a lot easier if you have that proactive mindset from the very beginning.  In other words, you want to have that Incident Response/Disaster Recovery/Business Continuity firmly in place, and well-rehearsed on a regular basis.  That way, if something were to happen, responding to a security breach will just be like a second nature to you and your IT Security team.  By showing this sense of urgency, your customers and even the suppliers that you rely upon will see that you are on top of you’re A game.  Although you have may been impacted, showing this sense of proactiveness will also a long way as well in terms of keeping your customers. 

*Use what is known:

By this, I mean try to follow a certain kind of Framework when you craft out those plans just described in the last section.  There are many of these that are available online, and a majority of them come from NIST. A Google search can show you how to download these particular Frameworks, and how to make use of them.  True, these document sets are not the end all or the be all when it comes to fortifying the lines of defenses at your company, but it will for sure be a good place to start with.  And also, there is yet another bonus to this:  If you advertise to your customers that you are following a set of best practices and standards that is supported by the Federal Government, this will also help your brand image in the long run as well. You may even want to hire a dedicated professional to run this task for you.  For example, you can hire many of them on a contract basis, for a fixed fee which is very affordable.  These individuals are now known as “vDPOs”, or “Virtual Data Privacy Officers”.

My Thoughts On This:

Yes, being hit by a security breach is no fun task, and losing customers is even worst yet.  So, from the standpoint of sales, you always need to keep your pipeline filled with prospects on a continual basis, to the best that you can.  In the end, if you are faithful and honest to your customers, and build a business model of providing great customer service, your most loyal customers will stick with you, through both thick and thin.

No comments:

Post a Comment

How To Launch A Better Penetration Test In 2025: 4 Golden Tips

  In my past 16+ years as a tech writer, one of the themes that I have written a lot about is Penetration Testing.   I have written man blog...