« Return to List
Posted on 05.12.2011
Is Data Breach Management the Latest Crisis Communications Trend?
The specifics of an effective crisis communications
response vary for different types of organizations, but the importance of developing a crisis communications plan before
a crisis occurs is universal.
The recent highly-publicized Sony data breach
, which may impact as many as 100 million customers, is just the latest reminder of how critical Payment Card Industry Data Security Standard
(PCI DSS) compliance is for any organization that handles customer payment card information. It also underscores the importance of preparing to respond to a data breach incident before one occurs.
PCI compliance is required of all organizations (merchants) that accept, transmit, or store cardholder data, and PCI DDS sets out 12 specific requirements to which merchants must adhere. Merchants fall under one of four categories of PCI compliance depending on the number of transactions they process each year and whether those transactions are performed from a physical location or over the Internet.
While PCI compliance itself is not required by law, it is required by the five major credit card companies that make up the Payment Card Industry Security Standards Council
– American Express, Discover, JCB, MasterCard and Visa. Any merchant that does not comply with PCI DDS may be subject to fines, card replacement costs and costly forensic audits, not to mention lawsuits and lasting reputational damage, should a breach event occur.
According to a recent report by Symantec Corp. and the Ponemon Institute
, there is no sign of data breach costs leveling off, and data breaches grew more costly in 2010 for the fifth year in a row. The average organizational cost of a data breach increased to $7.2 million last year and cost companies an average of $214 per compromised record, markedly higher when compared to $204 in 2009. The study is based on the experiences of 51 U.S. companies in 15 industry sectors.
The time to develop a crisis communications plan is before a critical event occurs. Are you prepared to protect your organization’s reputation should the unthinkable happen?