Loading...

5 Steps to Creating an Effective Crisis Response Notification Plan

Published: April 7, 2022 by Michael Bruemmer

Crises come in many forms, without warning, and can be devastating for any size business. A company’s ability to manage crises, specifically with a crisis response notification plan, directly impacts consumers’ trust and perception of their brand.

In today’s digital world, consumers are more informed than ever before and consumer trust is what keeps businesses afloat. If that trust is broken or their needs are not met, consumers will take their business elsewhere. Companies cannot afford to lose customers.

Research from Frederick Reichheld of Bain & Company, the inventor of the Net Promoter Score, shows that increasing customer retention rates by 5 percent increases profits by 25 percent.[1] When a crisis occurs, 90 percent of consumers are more forgiving of companies that have a response plan in place.[2]Despite that information, 51 percent of companies admit to not having a crisis response notification plan.[3]

While crisis communication can be fairly reactive, it helps to have a crisis communication plan in place to make the process easier. Experian Crisis Response Management features a notification system, call center deployment, and crisis specialists to help companies build trust and confidence knowing that their consumers will be taken care of, which breeds customer loyalty.

Our team of experts can help you develop a crisis response notification plan to reach out to your customers during any type of crisis.

Here are five key steps to developing an effective crisis response notification plan

Step 1: Define Your Objective

Before you begin, you must first set a clear goal for your plan. This objective should include what the plan should accomplish, when the plan should be executed, and who needs access to the information being shared. For example,

“This plan creates a communication structure with external stakeholders in the event of a crisis that affects the reputation of the company.”

Step 2: Create a Contact List

To ensure the crisis is well-managed, it’s important that all stakeholders are kept informed. Create a contact list of all employees, customers, users, partners, investors, media outlets, the government, and social media followers. Determine the best method of contact for each of these stakeholders (i.e., print mail, email, phone call, etc.) and include that in the contact list document.

Step 3: Determine an Information Sharing Structure

Depending on where a crisis originates and the threat level of the crisis, protocols may differ by scenario. To avoid confusion, form a hierarchy outlining how information should be shared within the company.

Your hierarchy may begin with notifying the CEO, followed by the head of public relations or CTO. The plan needs to define what information should immediately be disclosed to each individual or team in the hierarchy, such as the source of the crisis and the protocols in place to handle the situation.

Step 4: Prepare for Possible Questions and Concerns

Customers will want answers and if you are not the one supplying them, they will search elsewhere to uncover the truth. Create a running fact sheet that documents the known information of the situation. This helps to prevent rumors or misinterpretations from spreading to media outlets, keeps all responses in alignment, and makes it easier to field customer questions.

Step 5: Assess Your Risks

Identify the risks you might face under each plan so that, if it does backfire, you’re prepared for any additional losses. By being prepared for this, you’ll be ready for anything that goes wrong with steps to recover faster.

Fulfilling your notifications

Once you have determined who will receive your crisis response notifications, it is time to fulfill your obligations. Ensure every access point is covered by creating a notification system with Experian for direct emails, call center processes, and a landing page users can go to for fast information.

1. Notification Options

Notification requirements vary depending on the crisis at hand and your customers’ preferred method of contact. Some common examples include:

  • Paper mailings
  • Email notification
  • Web announcement
  • Phone calls

You may also consider a multipronged approach, which includes email or paper notifications, supported by a website FAQ and a call center where consumers can get more information.

2. Outbound notification and inbound response management

Experian offers sufficient phone, website, and application capacity to absorb the spikes of crisis volume on top of normal operating volumes. This service includes address validation, delivery that covers 100+ countries, reporting and analytics of the notification channels, and a dedicated account manager that oversees the entire process.

3. Experienced team of agents

Our team of dedicated account managers have serviced over 50,000 incidents, delivered over 30 million print and email notifications each year, and developed a comprehensive range of products for every need. We stay with you as a resource throughout the crisis process and work with you to recover, repair, and protect your business for the future.

No one ever expects a crisis to hit, but when it does, it’s important to have a plan in place. Having a dedicated team who can help you navigate through difficult times is essential to quick recovery. At Experian, we understand the importance of customer trust and we help companies recover from crises quickly. Our team of experts are available to help when you need it most.

____________________________________________

[1]Bain & Company. 2001. Prescription for Cutting Costs.

[2]Experian. 2019. Data Breach Consumer Survey.

[3]Deloitte. 2020. A crisis of confidence.

Related Posts

As data breaches become an ever-growing threat to businesses, the role of employees in maintaining cybersecurity has never been more critical. Did you know that 82% of data breaches involve the human element1 , such as phishing, stolen credentials, or social engineering tactics? These statistics reveal a direct connection between employee identity theft and business vulnerabilities. In this blog, we’ll explore why protecting your employees’ identities is essential to reducing data breach risk, how employee-focused identity protection programs, and specifically employee identity protection, improve both cybersecurity and employee engagement, and how businesses can implement comprehensive solutions to safeguard sensitive data and enhance overall workforce well-being. The Rising Challenge: Data Breaches and Employee Identity Theft The past few years have seen an exponential rise in data breaches. According to the Identity Theft Resource Center, there were 1,571 data compromises in the first half of 2024, impacting more than 1.1 billion individuals – a 490% increase year over year2. A staggering proportion of these breaches originated from compromised employee credentials or phishing attacks. Explore Experian's Employee Benefits Solutions The Link Between Employee Identity Theft and Cybersecurity Risks Phishing and Social EngineeringPhishing attacks remain one of the top strategies used by cybercriminals. These attacks often target employees by exploiting personal information stolen through identity theft. For example, a cybercriminal who gains access to an employee's compromised email or social accounts can use this information to craft realistic phishing messages, tricking them into divulging sensitive company credentials. Compromised Credentials as Entry PointsCompromised employee credentials were responsible for 16% of breaches and were the costliest attack vector, averaging $4.5 million per breach3. When an employee’s identity is stolen, it can give hackers a direct line to your company’s network, jeopardizing sensitive data and infrastructure. The Cost of DowntimeBeyond the financial impact, data breaches disrupt operations, erode customer trust, and harm your brand. For businesses, the average downtime from a breach can last several weeks – time that could otherwise be spent growing revenue and serving clients. Why Businesses Need to Prioritize Employee Identity Protection Protecting employee identities isn’t just a personal benefit – it’s a strategic business decision. Here are three reasons why identity protection for employees is essential to your cybersecurity strategy: 1. Mitigate Human Risk in Cybersecurity Employee mistakes, often resulting from phishing scams or misuse of credentials, are a leading cause of breaches. By equipping employees with identity protection services, businesses can significantly reduce the likelihood of stolen information being exploited by fraudsters and cybercriminals. 2. Boost Employee Engagement and Financial Wellness Providing identity protection as part of an employee benefits package signals that you value your workforce’s security and well-being. Beyond cybersecurity, offering such protections can enhance employee loyalty, reduce stress, and improve productivity. Employers who pair identity protection with financial wellness tools can empower employees to monitor their credit, secure their finances, and protect against fraud, all of which contribute to a more engaged workforce. 3. Enhance Your Brand Reputation A company’s cybersecurity practices are increasingly scrutinized by customers, stakeholders, and regulators. When you demonstrate that you prioritize not just protecting your business, but also safeguarding your employees’ identities, you position your brand as a leader in security and trustworthiness. Practical Strategies to Protect Employee Identities and Reduce Data Breach Risk How can businesses take actionable steps to mitigate risks and protect their employees? Here are some best practices: Offer Comprehensive Identity Protection Solutions A robust identity protection program should include: Real-time monitoring for identity theft Alerts for suspicious activity on personal accounts Data and device protection to protect personal information and devices from identity theft, hacking and other online threats Fraud resolution services for affected employees Credit monitoring and financial wellness tools Leading providers like Experian offer customizable employee benefits packages that provide proactive identity protection, empowering employees to detect and resolve potential risks before they escalate. Invest in Employee Education and Training Cybersecurity is only as strong as your least-informed employee. Provide regular training sessions and provide resources to help employees recognize phishing scams, understand the importance of password hygiene, and learn how to avoid oversharing personal data online. Implement Multi-Factor Authentication (MFA) MFA adds an extra layer of security, requiring employees to verify their identity using multiple credentials before accessing sensitive systems. This can drastically reduce the risk of compromised credentials being misused. Partner with a Trusted Identity Protection Provider Experian’s suite of employee benefits solutions combines identity protection with financial wellness tools, helping your employees stay secure while also boosting their financial confidence. Only Experian can offer these integrated solutions with unparalleled expertise in both identity protection and credit monitoring. Conclusion: Identity Protection is the Cornerstone of Cybersecurity The rising tide of data breaches means that businesses can no longer afford to overlook the role of employee identity in cybersecurity. By prioritizing identity protection for employees, organizations can reduce the risk of costly breaches and also create a safer, more engaged, and financially secure workforce. Ready to protect your employees and your business? Take the next step toward safeguarding your company’s future. Learn more about Experian’s employee benefits solutions to see how identity protection and financial wellness tools can transform your workplace security and employee engagement. Learn more 1 2024 Experian Data Breach Response Guide 2 Identity Theft Resource Center. H1 2024 Data Breach Analysis 3 2023 IBM Cost of a Data Breach Report

Published: January 28, 2025 by Stefani Wendel

  With cyber threats intensifying and data breaches rising, understanding how to respond to incidents is more important than ever. In this interview, Michael Bruemmer, Head of Global Data Breach Resolution at Experian, is joined by Matthew Meade, Chair of the Cybersecurity, Data Protection & Privacy Group at Eckert Seamans, to discuss the realities of data breach response. Their session, “Cyber Incident Response: A View from the Trenches,” brings insights from the field and offers a preview of Experian's 2025 Data Breach Industry Forecast, including the role of generative artificial intelligence (AI) in data breaches. From the surge in business email compromises (BEC) to the relentless threat of ransomware, Bruemmer and Meade dive into key issues facing organizations big and small today. Drawing from Experian's experience handling nearly 5,000 breaches this year, Bruemmer sheds light on effective response practices and reveals common pitfalls. Meade, who served as editor-in-chief for the Sedona Conference’s new Model Data Breach Notification Law, explains the implications of these regulatory updates for organizations and highlights how standardized notification practices can improve outcomes. Bruemmer and Meade’s insights offer a proactive guide to tackling tomorrow’s cyber threats, making it a must-listen for anyone aiming to stay one step ahead. Listen to the full interview for a valuable look at both the current landscape and what's next.  Click here for more insight into safeguarding your organization from emerging cyber threats.  

Published: November 20, 2024 by Julie Lee

Review of Findings & Front-line Insights Panel Participants: Richard Goldberg (Moderator) – Constangy, Brooks, Smith & Prophete, LLP Michael Bruemmer – Experian Sean Renshw – RSM US, LLP Mark Greisiger – NetDiligence About NetDiligence Cyber Claims Study It is NetDiligence’s 13th year of doing this Cyber Claims Study. A total of 9,028 claims were analyzed during the past five years 2018-2022.An observation from the over 9,000 Cyber Claims (5000 of which are brand new claims this past year in 2023) analyzed is while many of the categories over the last five years have remained the same, the data has changed, sometimes dramatically. About Experian We provide call center coverage, notification coverage, as well as, identity theft protection, and all the consumer resolutions that go along with it for about 5000 data breaches every year, and I was delighted to be on the panel. Key Insights Experian has proudly sponsored the annual NetDiligence Cyber Claims Study for three years. During this time, I’ve witnessed companies adapt and transform their operations to confront the growing tide of cyber threats. The evolution of their infrastructure to anticipate and respond to these challenges has been remarkable and necessary. However, despite my front-row seat in this fast-changing landscape, the results of each study never fail to surprise and intrigue me. The insights from the latest study, conducted in 2023, continue to shape our understanding of the evolving cyber landscape. Ransomware’s Dominance Mark kicked off the discussion by shedding light on the escalating costs associated with cyber incidents. In 2022, the average incident cost for SME organizations remained stable at $169,000 (similar to the combined five-year window from 2018 to 2022 at about 175,000). However, there was a substantial increase for large companies, reaching $20.3 million in 2022 (and if you look at the five-year average, it was about 13 million). This surge raised eyebrows and set the stage for a deep dive into ransomware, a leading cause of concern. Examining Ransomware Trends The conversation swiftly shifted to ransomware, a pervasive threat in the cyber insurance landscape. As I stated, at Experian we see a correlation between the rise in ransomware and third-party breaches. Most of the industry experts on the panel participate in a Ransomware Advisory Group together. Mark brought up a good insight from our advisory group on the brazen tactics employed by threat actors lately, showcasing their intimate knowledge of the cyber insurance world. Business Sectors Under Siege Richard and Sean added to the discussion the top ten business sectors affected by ransomware, with professional services leading the pack. The impact on technology, with a payout of $830,000, stood out as well. Beyond Ransomware The conversation broadened to encompass other types of losses, such as social engineering and business email compromise. The focus on business interruption emerged as a key concern for cyber insurance claims, with the industry grappling with criminal acts versus non-criminal acts. Looking Ahead As the discussion unfolded, industry experts, including myself, expressed eagerness to anticipate the future cyber landscape. Predictions range from the industry mutating to the emergence of new players in the nation-state game. The role of artificial intelligence and innovative solutions from new vendors becomes a focal point of interest. In conclusion, the NetDiligence Cyber Claims Study 2023 Report paints a vivid picture of the challenges and transformations within the cyber insurance domain. The increasing sophistication of threat actors, coupled with evolving business strategies, sets the stage for continuous adaptation and innovation in the fight against cyber threats. As we look ahead, the resilience of businesses and the collaboration between industry stakeholders will play a pivotal role in shaping the cybersecurity landscape. I invite you to access the report and view the discussion replay for a deeper understanding of the challenges and transformations within the cyber insurance claims domain. Get NetDiligece Cyber Claims Study resources on-demand now! Download the report Watch the webinar NetDiligence’s latest Cyber Claims Study and Webinar, sponsored by Experian Data Breach, is available on-demand. This report serves as a resounding call to action, prompting businesses to ready themselves against cyber threats. Dive in to get insights and stay one step ahead of cyber adversaries.

Published: February 12, 2024 by Michael Bruemmer