Skip to main content

In the information age, people know how valuable their data is. They understand the disruption a cybercriminal can do to someone’s life with just a few pieces of key personal information.

They do not take it lightly when a business handling their information suffers a data breach. It has been reported that more than 40% of costs associated with data breaches is down to reputational damage. Those affected have trusted you with their data and they feel like that trust has been betrayed.

It is crucial, following a data breach, to communicate properly with your customers, particularly those whose information is involved. In a survey by Experian, 66% of people said they would “stop doing business with a company that had a slow or ineffective response to a data breach”. 45% also said they would encourage their friends and family to do the same.

Getting your communication right has an enormous impact on how willing your customers are to give you a second chance.

Be transparent

It can feel like there is no good way to talk about a data breach. At some point you’ll have to explore mistakes made at your end. That is never easy. But don’t try to hide it from people.

The fact is the truth will find a way out eventually. You’ll look worse if people find out you purposefully kept information from them. When the records of 600,000 Uber users were compromised in 2016, people took offence to the fact that the CEO and CSO at the time paid the hackers $100,000 to hide the breach from regulators and the media. When it did get out, it was more damaging for the company than an honest and straightforward announcement would have been.

Being truthful with people about difficult topics can endear you to them. Customers appreciate when you accept responsibility. They respect honesty.

Be accurate

Make sure you have all the facts before you make any claims about the incident.

If you make a mistake describing what happened in your initial communications, people could misinterpret any retractions you make. They might think you don’t know what you’re doing. Or they might think you’re deliberately obfuscating the situation. Either way, they won’t come out of the exchange believing they can trust you.

Give people the facts you have, clearly, in language that is easy for anyone with limited knowledge of cybersecurity to understand.

Be honest about anything you don’t know. Let people know where the gaps in your knowledge are and what you’re doing to fill them. If you can, offer an estimate of when you’re likely to have updates – but, again, only if you can be confident that your predictions are accurate.

Be specific

It is wise to release a statement offering an overview of the incident and what you’re doing about it to the general public. But you also need to directly contact anyone who has been personally affected by the breach. Here, you need to carefully curate the information you provide to ensure it is clear and relevant.

If you overload people with information they don’t understand, or that doesn’t explain how the situation will impact them, they’re likely to get scared and stressed, which can worsen their opinion of you.

People only really care about their own data. Make sure you know who has been affected and how, and then inform them. Don’t waste people’s time messaging them about their data if they haven’t been affected.

Offer support

If anyone affected by the data breach needs to take action to minimise further risk to their information, help them manage that. Let them know exactly what they need to do next.

This could be as simple as changing a password, or they may need to update their account identification. If the breach is particularly serious, they may need a credit monitoring service while the extent of the damage is established.

Make sure affected customers thoroughly understand how involved they need to be in the next steps. Give them everything they need to move towards a resolution with as little hassle as possible. Extend support centre hours as much as you can. Make it easy for your customers to get hold of you and be prepared to answer any questions they might have about the situation.

How easy you make this process for them will ultimately determine how much they trust you in the future.


Communication often isn’t easy in the chaos following a data breach. But if you can help ease the confusion for your affected customers, you can offer them peace of mind in a situation that could be incredibly stressful. Showing how you are actively working towards a resolution for your customers and involving them throughout the process goes a long way towards rebuilding a sense of trust and maintaining a relationship going forward.


Cyber attacks have become the norm in business over the past three years. Find out how you can protect your business with ThreatAware’s complete guide to cybersecurity.

Find out how ThreatAware can help manage, monitor and communicate your cybersecurity processes by accessing our demo site or signing up for a free trial.