EXECUTIVE SUMMARY:

In the past year we’ve seen major businesses slammed by cyberattacks, resulting in real repercussions. With each incident, patterns seem to surface: blind trust in third-party vendors’ security; insufficient attention to early-warning signs; lack of multi-factor authentication; failure to patch known flaws. In addition, the way leaders respond to incidents reveals yet another set of patterns, resulting in situations that become amplified.

The mistakes repeated by executives following a data breach are avoidable, according to Bill Bourdon in his article in Harvard Business Review. Below is a quick recap of what Bourdon outlines as the key lessons to absorb.

1. Foot dragging: “The longer companies wait to notify their customers, the greater the chance criminals will be able to use stolen data.”
2. Poor customer service: Referring to the Yahoo and Equifax breaches, Bourdon says, “Top corporate officers need to make sure their gestures of goodwill align with the severity of the breach, even if they are expensive to implement.”
3. Not being transparent: “By issuing confusing and incorrect information about a breach, executives prevent customers from taking actions they need to protect themselves.”
4. Failing to accept accountability: “A massive breach is not an individual error or a technology failure — it’s an organizational breakdown that is the responsibility of the top executive.”

Read the full story at Harvard Business Review.