Over on CSO, Bill Brenner writes:
No matter how rigorous the audit, chances remain high that a company will still suffer a security breach. The bad guys are always at work and it’s hard to keep up with them.
If and when that kind of failure happens, the key to bigger failure or success is in how the organization responds.
Sweep everything under the rug and hope nobody ever finds out and you set yourself up for bigger failures companies don’t bounce back from.
Own the failure up front, offer the customer a genuine apology that includes some form of compensation and clearly demonstrate the things you’re doing to harden security and you will look ten times bigger than you did before.
A pipe dream, you say?
I don’t think so.
Just a little something to think about as we start the day
Of course, it would be easier to convince companies of this if we could actually point to clear examples of big breaches where companies disclosed fully, did the right thing, and bounced back or actually improved customer or patient trust. What examples would you cite in support of his argument?