The personal information of nearly half of all American adults was exposed in 2016 through hacks of corporate networks.

Recently, Yahoo disclosed that nearly 500 million of its users had their personal information stolen in a 2014 “state-sponsored” hack, the latest in a string of high-profile data breaches that includes Blue Cross Blue Shield, Target, Dropbox, TalkTalk, and JPMorgan Chase.

Hacking is increasingly becoming a major problem for every business; it threatens intellectual property, adds to technology and operating costs, and negatively impacts a business’s operations and reputation. Without a forward-thinking digital reputation management strategy in place, the digital fallout on reputation can be long-term and have serious consequences for brand equity and valuation.

The Yahoo hack could have major repercussions for its sale to Verizon. After the TalkTalk hack, the ISP reported that it lost 7 percent of its users, and Target’s hack led to more than 90 lawsuits and more that $290 million in breach-related costs.

Every brand should actively manage its online reputation to prevent a crisis from becoming a business-critical event. This begins with company websites, but also extends to corporate-owned thought leadership, social media, third-party profiles, and strategy to promote positive media.

Every company should have a plan in the event of a data breach that covers:

– Hacking scenarios – what types of data could be compromised and who would be affected?
– Disclosure protocols – who needs to be notified and when? Which notifications trigger shareholder disclosure requirements?
– Reporting procedures – do we need to report to law enforcement or insurance carriers? Who do we contact?
– Owning the story – how do we use the corporate website and social media channels to own and manage the conversation?
– Media – who is the main point of contact? how do we balance transparency with operational needs in the middle of a crisis?
– Monitor – what is the tone of media coverage and public reaction?
– Plan – how do we minimize the damage from the breach to our long-term reputation?

While a data breach is not inevitable, it is highly possible, so every company and organization must be prepared and ready. Crisis plans should be updated regularly and practiced.

Please contact Lumentus to discuss how we can help your company develop and execute a breach crisis plan or if you need our help mitigating the damage caused by a previous hack.