top of page
  • OpaCyber

The Seven Stages of Data Breach Disclosure

So you may have heard of The Seven Stages of Grief which are:

  1. Denial

  2. Anger

  3. Bargaining

  4. Depression

  5. Testing

  6. Acceptance

  7. Healing

We, though, have a (slightly sarcastic 🤣) alternative take on how it applies to far too many Data Breach Disclosures

OpaCyber's 7 Stages of Breach Disclosure

This is what we see when an organisation tries to wriggle out of a proper disclosure:

  1. Silence - keep quiet and maybe nobody will find out. (They will)

  2. Denial - we can find no evidence of a breach. (People found out)

  3. Admission - we were hit by a sophisticated cyber attack. (It wasn’t sophisticated)

  4. Embellishment - no data was taken. (It was)

  5. Hope - some data was taken but not customer data. (That’s not what we heard)

  6. Evidence - breached customer data included: Full Name; Address; Social Security Numbers; Driver’s Licence Details; Passport Details. (Oops)

  7. Loss of Customer Trust (If only you’d been upfront all along…)

Most people would be far more forgiving of a breach if the disclosure was fast and truthful

Planning how you go about it is part of having an Incident Response Plan. Let us know if that's something you need help with


Commenting has been turned off.
bottom of page