Building long-term resilience


The risks to all types of organisations from cyber-attacks – particularly ransomware – have increased significantly in recent years. In our own research, 100% of business leaders felt they were at risk of a crisis in the next 18 months, and the recent MOVE-it vulnerability proves that those fears were well-founded. If customer data is compromised in an attack, you need to act fast to notify those affected and mitigate the financial, operational and reputational impacts.

Understanding the implications of a data breach and its impact on your organisation is an important first step in developing a robust response and recovery plan. This means thinking about how you will notify customers, what you will tell them and how you will resource call centres to manage your response. No organisation is safe from the impacts of a cyber-attack, which means having a well-considered consumer response plan is essential for business continuity and resilience.

Skip to section...

How resilient is your consumer response plan?

At Experian, we work closely with risk and resilience teams in large organisations, as well as with operations directors and others responsible for resilience in smaller organisations. Often, we are brought in by legal or insurers to work with resilience teams to build robust data breach response plans. But resilience is about more than simply having a response plan in place. Responses need to be practised and plans need to be stress-tested frequently to ensure they remain up-to-date and relevant to your organisation as it grows or changes.

Your teams need not only to understand the plan, but be prepared to enact it rapidly should the worst happen. At least once a year, you should run through a simulated data breach scenario to give everyone an opportunity to put the plan into action. It’s a valuable opportunity to assess your readiness and identify any gaps, so you can modify and constantly update the plan.

You should also review your response plan if there are any significant changes to your organisation, such as an acquisition, winning a major new client or entering a new market. Reassessing the implications of a data breach and updating your response plan are vital in strengthening your resilience to cyber-attacks.

Take the pressure off your post-breach recovery

Managing risk and building resilience is all about doing your critical thinking and decision-making in advance. Pre-planning and scenario testing takes the pressure off the post-breach situation, meaning you are simply triggering an agreed and well-rehearsed response process, rather than trying to make critical decisions in the heat of a crisis.

The more you can prepare in advance, the better chance you have of minimising the harm of a data breach. That means developing the messages you would need to communicate to affected parties following a breach, and preparing communications templates for different cohort groups so that everything is ready to deploy when needed.

Plan your resources to minimise risks

You should also think about the resources you will need to respond effectively, including the call centre agents required to handle incoming queries. Most organisations will not have sufficient resources in-house to manage the scale of response required in the event of a data breach. If you need to outsource these resources, your response plan needs to set out how you will access and stand up enough call centre agents at short notice following a crisis.

It is possible to reserve the call centre resources you will need in advance, by paying for a guaranteed reserved response service. This will ensure sufficient trained call centre agents are available when needed in an emergency. But as in all risk planning, there are balances to strike when determining your call centre requirements.

For example, do you want to allocate 500 agents over three days to answer the flood of inbound calls. Or do you assign 80 agents to handle queries over a four-week period. The difference is in the quality of response provided. Having a smaller number of agents over a longer period enables you to provide a better quality of response, since the agents will get to know the scripts and become familiar with your response procedures. If you choose to have a large number of agents for a short time, each call is likely to last longer because agents aren’t so familiar with the scripts. But the sheer number of agents will mean you can handle more calls in a shorter period. It comes down to a choice between speed and quality.

Support for crisis response planning and delivery

At Experian, our crisis and data breach response team has worked with many risk and resilience managers in recent years, helping their organisations develop robust response plans in the face of growing cybersecurity threats. The first task in any organisation is often to raise awareness among decision-makers of the real implications of a data breach. We then help risk managers develop plans that they can take to the board for approval, ensuring they are realistic and appropriate to the needs of the organisation.

We offer different levels of service to suit each organisation. These range from free guides and resources to help organisations prepare for a data breach, through to in-depth consultancy services to develop customised response plans and scenario testing, supported by guaranteed reserve response resources.

How can we help?

If you’re concerned about the impact of a data breach on your organisation, please get in touch with our crisis and data breach response specialists via email to book your consultation or call 0844 4815 888 to talk about the Reserved Response options and consultancy available to you. Alternatively, please visit our website for more information.

Get in touch

Get in touch with our Experian Crisis & Data Breach Response team

Get in touch
Copy Link Copied to clipboard