Introduction

Cybersecurity is no longer just an IT issue; it directly impacts customer trust and loyalty. Customers expect their data to be secure and any breach can lead to a significant loss of customer confidence that impacts a company’s reputation and profitability. The increasing importance of regulatory compliance and legal obligations (1) mean that governments and regulatory bodies worldwide are implementing stricter data protection laws, such as the General Data Protection Regulation (GDPR) in the European Union (EU) and the Privacy Act in Australia. These regulations require companies to adopt specific cybersecurity measures and to report data breaches promptly to maintain compliance.

More Than The Basics

Beyond reporting for compliance needs, business leaders must also do their due diligence to inform customers of any breaches in a timely manner as well as pinpoint the specific customer records breached. Finding a comfortable middle ground between compliance with data protection laws and a commitment to customer welfare is critical. One of the most effective ways to achieve this is by adopting a customer-centric cybersecurity incident response strategy that prioritises the protection of, and trust in customer data, according to Logicalis Australia.

Implementing a comprehensive customer-centric cyber breach response is more complex than many organisational leaders realise. A best-practice customer-centric response ensures that organisations maintain compliance with all regulations and are also proactive in building and maintaining trust through transparently demonstrating the safeguards applied to customer data and privacy. It should also develop response playbooks from the customer perspective; that is, beyond how the impacted organisation itself can recover and how can the organisation help their customers mitigate future risk arising from the breach of their information or services.

The Crown Jewels

The most impactful breached data typically resides in databases that may contain a mix of sensitive personally identifiable information (PII), financial data, loyalty rewards, healthcare information, social media accounts, usernames, and even passwords. That is a lot of information and requires specialist skills and experience to identify the breached information. Response teams do not want to make assumptions, which can worry customers and cause major brand reputational damage. However, failing to inform customers and industry bodies accurately and efficiently can do more harm than good. As much as there should be a focus on the appropriateness and speed of response and notifications, businesses should also prepare themselves for a long game. Medibank managed its breach relatively well 18 months ago. However, the attribution to an attacker has only recently occurred (2). The resulting sanctions against that individual would limit response actions available to both Medibank and their customers in relation to any future abuse of the breached data by the sanctioned individual.

Using advanced investigation methods like database forensics can help organisations pinpoint breaches to specific customer records. This lets skilled response teams qualify and precisely scope breaches, limit the impact of a breach, and provide accurate messaging and advice to customers. In some cases, database forensics will even prove that PII governed by notification requirements was not accessed, which would release organisations from having to disclose the incident publicly.

The speed at which a business can notify customers about a breach and accurately identify the affected data depends on the organisation’s supporting security infrastructure and its capability to pinpoint unauthorised activity, as well as the availability of scalable qualified human resources to execute the appropriate response. In practical terms, this requires a skilled and scalable team that is guaranteed to mobilise immediately when a breach occurs to provide adequate customer support, and the processes, tools, and systems to manage the customers and their needs in the days and weeks following the breach. More importantly, notifying without the proper details will likely force an organisation to issue further notifications as the incident details become known, keeping its name in the news for all the wrong reasons and frustrating clients even further. The speed and quality of response is ultimately influenced by firstly, a current and comprehensive understanding of the subject infrastructure and business systems but also organisation’s ability to investigate forensic data efficiently and effectively.

However, only some businesses have the requisite resources, infrastructure, and specialist knowledge to deal with the repercussions of a successful cyberattack on their own.

According To The Plan

Successful customer-centric response plans understand the volume of trained resources required to be in place to enable an organisation’s at-risk customers to be notified, to address these customers’ questions and concerns, and to remediate any suspected fraudulent or unauthorised activity. Even the most effective breach response plan will fail to meet the speed-of-notification race without adequate tested capacity and the supporting infrastructure to execute it.

Working with a trusted third-party provider, such as a dedicated managed services provider (MSP), can help to bridge this gap and ensure every business has access to a scalable, experienced cybersecurity support team when needed. Working with an MSP ensures continuous monitoring and management of security infrastructure. It also offers access to the latest cybersecurity technologies and practices. Taking this approach ensures that businesses can enhance their customer-centric offering with a scalable support network. Ultimately, it lets the business focus on customer support and communication, while experienced cybersecurity specialists manage the rest.

(1) https://www.ag.gov.au/rights-and-protections/privacy

(2) Cyber sanction in response to Medibank Private cyber attack | Defence Ministers