BSA blog

BSA blog

News and views on topical issues from BSA staff and guests.

Sign up to receive blogs

By subscribing you consent to us sending you blogs

Blog

Guest blog: Rapid response communications in the aftermath of cybercrime

Cybercrime is the second biggest challenge facing the UK financial sector[1]. With a global impact of over $450 billion a year, it is critical that financial organisations are able to respond quickly when events such as security breaches occur. Of significant importance is communicating swiftly with customers, highlighted by recent regulatory reforms, such as MiFID II and GDPR, which require companies to have clear communication strategies in place.

Balancing prevention and response

For many businesses, the emphasis has been on preventing cybercrime, however, organisations should take a more balanced approach by also focusing on reducing the impact of an attack. Indeed, the UK Finance report states that as well as investing more in robust security systems, financial companies should also apply budget to models that are “agile, responsive and focus on protecting customers.”[2]

Key to this is developing a rapid response communications strategy and while this may pose a significant challenge, it is far less inconvenient than formulating one in the immediate aftermath of a data breach. Without forward planning, there’s an increased risk of using ineffective communication methods that confuse customers and require further messages to be sent. Having an effective strategy can reduce costs by thousands of pounds and help mitigate reputational risk.

Systems for rapid response

Available technologies mean that when cyber-attacks occur, financial companies have a number of options for sending time-critical alerts, such as email, SMS messages, printed mail or a combination of these. The crucial factor is choosing the most appropriate channel for the client and this is best done by asking them to nominate their preferred form of message. 

By creating pre-prepared, multi-channel templates that are ready for issue with a tailored message, it means that if an incident happens, the company is in a much stronger position to comply within the 72-hour response deadline.

Multi-channel communications are just part of an effective rapid response strategy. In addition, there is also a need to accurately track progress to ensure every customer has been reached within the given timeframe.

Companies can benefit from working with a rapid response communications specialist that can plan required actions, create templates designed for swift editing and trigger message delivery. In addition, it will track, report and archive as required, reducing the impact on the customer, preserving the company’s integrity and ensuring legal obligations are met.

Communicating with vulnerable customers

Any rapid response framework should also consider how to communicate with vulnerable customers – be that the financial vulnerable, or those with other needs brought on by disability, mental health problems, old age, literacy issues or learning difficulties. Such circumstances may require communications to be available in accessible formats or priority support to be offered in an emergency, such as a data breach.

By using data intelligently, it is possible to identify and support such customers. It is even possible to create a predictive model that can highlight those with difficulties through their data characteristics, so that organisations can approach them with appropriate messages, while at the same time ensuring they are handled sensitively to avoid barriers and denial.

For more information visit: www.paragon-cc.com

Posted by Peter Toole on 21 June 2019