So you may have heard of The Seven Stages of Grief which are:
Denial
Anger
Bargaining
Depression
Testing
Acceptance
Healing
We, though, have a (slightly sarcastic 🤣) alternative take on how it applies to far too many Data Breach Disclosures
OpaCyber's 7 Stages of Breach Disclosure
This is what we see when an organisation tries to wriggle out of a proper disclosure:
Silence - keep quiet and maybe nobody will find out. (They will)
Denial - we can find no evidence of a breach. (People found out)
Admission - we were hit by a sophisticated cyber attack. (It wasn’t sophisticated)
Embellishment - no data was taken. (It was)
Hope - some data was taken but not customer data. (That’s not what we heard)
Evidence - breached customer data included: Full Name; Address; Social Security Numbers; Driver’s Licence Details; Passport Details. (Oops)
Loss of Customer Trust (If only you’d been upfront all along…)
Most people would be far more forgiving of a breach if the disclosure was fast and truthful
Planning how you go about it is part of having an Incident Response Plan. Let us know if that's something you need help with
Comments