How can data controllers protect their customers’ reputation as well as their own?


In this blog in our series on post-breach responses to ransomware attacks, I’d like to focus on data controllers. These are the custodians of the data belonging to their customers, service users, staff and other consumers.

Data controllers have a direct relationship with these end users, and have control over how data is used and processed. In the event of data theft resulting from a ransomware attack, it is usually the data controllers whose reputation is at stake.

It’s essential that they act fast and decisively to protect consumers, minimise financial losses and preserve their reputation.

Skip to section...

Growing threats to data custodians

At Experian, our crisis and data breach response team has worked with many data controllers over the past year in the face of an explosion in ransomware incidents worldwide. Many data controllers are well-known brands and trusted organisations with thousands or even millions of customers or service users. Managing a crisis-response and communications campaign for such a huge number of people is a major undertaking.

Not only do customers need to be informed, but data controllers also need to provide support services and query handling mechanisms to guide customers through the resolution process. Specialist crisis-response organisations, like Experian, can provide valuable expertise, advice and resources – such as consumer notification and call centre support – to guide organisations through the post-breach response process. But the sheer scale of ransomware threats today, and their continuing expansion, means that global crisis-response resources are being stretched to the limit.

Why are ransomware attacks increasing?

There is no sign of a let-up in the volume and frequency of ransomware attacks. And while companies spend millions on cyber defences, access via phishing attacks or through the company supply chain continues to give criminals the opportunity to deploy ransomware. No matter how robust an organisation’s cybersecurity defences, if an employee inadvertently opens a link in a phishing email they can let a fraudster straight in.

Ransomware is a lucrative model. We have seen ransomware firms grow and prosper as ransoms continue to be paid and there is a constant flow of new customers for them to engage with. In fact, malware programs are widely available on the black market, making it easy for criminals to access the tools they need to commit data theft and hold organisations to ransom. In addition, artificial intelligence (AI) has the potential to write new strains of advanced malware in seconds. That means criminals no longer need specialist IT skills or experience to access and deploy malicious data theft tools.

The wealth of opportunities for cybercriminals is so great that ransomware firms have even begun outsourcing some of their work to freelance fraudsters. All of which means the risks from ransomware worldwide are growing. Research we conducted in December 2021 found that 82% of large organisations and 71% of medium-sized businesses had already experienced a ransomware attack.

Data breaches demand rapid response

When a data controller is hit by a ransomware attack, they know about it very quickly. That’s because criminals want the organisation to know. The criminal will inform the organisation that they have copied everything in its hard drive or network and will begin to release information if the victim does not pay a ransom by a given deadline. That means data controllers are already on the back foot as soon as they learn about the incident.

As I’ve explained, preventing ransomware attacks is difficult. That’s why data controllers need to focus on how they will respond if they become a victim. Speed is of the essence to minimise the financial and reputational damage caused, and maintain the trust of your customers. Responding to an attack means communicating rapidly with all of those affected, and providing the contact centre resources necessary to handle queries and guide customers through the crisis.

If you suddenly need a 200-agent call centre to look after your affected customers, those resources are unlikely to be readily available unless you have prepared them in advance. You also need to develop communications templates, draft your messages and allocate roles and responsibilities, so people and resources are ready to respond if your systems are attacked.

Global crisis-response resources under strain

At Experian, the biggest change we have noticed in the past year is that the scale of ransomware attacks has stretched global crisis-response capabilities to their limits. With ransomware threats growing, those limited resources may not be able to deal with the scale of responses required in future. Given the circumstances, it may be wise for data controllers to pre-book the resources they might need in the year ahead, to ensure they can respond effectively and efficiently to any major incident.

To address this issue, Experian has a range of crisis-response services, including our reserved response service. This enables organisations to reserve in advance the resources they would need – such as contact centre agents – to respond to a ransomware attack. Data controllers choosing the service will be guided through a consultancy process to plan detailed responses to different scenarios and allocate the necessary resources to respond appropriately in a crisis.

I’ll be focusing on pre-breach preparation and planning in my next series of blogs.

How can we help?

If you are a data controller and want to learn more about responding effectively to ransomware attacks and protecting your reputation, please visit our website or contact the Experian Crisis & Data Breach Response team on 0844 4815 888 or via email.

Get in touch

Get in touch with our Experian Crisis & Data Breach Response team

Get in touch
Copy Link Copied to clipboard