Q

How to talk to executives after a data breach

In the wake of a data breach, how do you know when to talk to executives, and, more importantly, what to say? In this expert response, learn how to talk to executives after a data breach.

What are some best practices for communicating with executives during and after a data breach? How often should they be briefed, and is there any specific information you'd suggest leaving out or being sure to include?

The short answer is: It depends. The long answer is: When you communicate and how often you communicate will be

different for each organization. This sort of communication process should be built in to your organization's business continuity/disaster recovery/incident response (BC/DR/IR) process. A data breach is no different from any other incident that may require executive notification. Timing will depend heavily on the size of the breach, when it was discovered, whether it's hit the media and any number of other particular business concerns.

If this sort of communication plan isn't already part of a larger BC/DR/IR program, sit down with the enterprise's legal team and HR department (at bare minimum) as well as with the CIO and corporate communications team to assemble a basic plan. The other members of the team will have had past experience communicating similar issues to the C-suite and should have great feedback on when and how to notify them. Once you have a rough plan that everyone is happy with, you or another member of the team can present this plan to the rest of the C-suite for their feedback. At this time, you'll get a much better feeling from the executives about when they want to be notified and how much detail they want. This will probably take a few iterations to get right. And don't be surprised when you have to make changes to the process after the first incident.

For more information:

  • Also, learn how to get information security buy-in from the executive team.
  • Security breach planning and preparation are essential. Read more about them.
  • This was first published in September 2009

    Dig deeper on Business Management: Security Support and Executive Communications

    Pro+

    Features

    Enjoy the benefits of Pro+ membership, learn more and join.

    Have a question for an expert?

    Please add a title for your question

    Get answers from a TechTarget expert on whatever's puzzling you.

    You will be able to add details on the next page.

    0 comments

    Oldest 

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to:

    SearchCloudSecurity

    SearchNetworking

    SearchCIO

    SearchConsumerization

    SearchEnterpriseDesktop

    SearchCloudComputing

    ComputerWeekly

    Close