How to rebuild trust after a cybersecurity breach

The last several years have fundamentally changed the way we live and work. The shift to remote and hybrid work has produced significant disruption, which in turn has led to technology innovation. This enabled people to connect to their workplaces and stay productive from outside the traditional security perimeter through new platform tools, workforce collaboration solutions, internal messaging integrations, remote training and more.

At the height of this innovation, however, collective trust in institutions experienced decline. In 2019, approximately 64% of respondents indicated a degree of trust in big business, according to Gallup. By 2023, that had declined by eight percentage points, while the share of people expressing very little or no trust at all in big business jumped seven percentage points to 43%.

Rebuilding trust has been a priority for companies everywhere, but there are notable headwinds slowing this process down. Unfortunately, we get news of security breaches at major institutions with alarming regularity. It’s no wonder that in this threat environment, businesses are struggling to rebuild trust with their customers. Naturally, this involves establishing a strong, proactive and preventative cybersecurity posture. It also means developing a resilience plan for when a cybersecurity incident occurs to limit the impact from a technical, organizational and financial point of view.

The first and most important element is to focus on prevention. Consolidation is the best way to achieve this. Industry did well to produce the innovation the market needed to facilitate the first phase of the rapid transition to cloud, but we’ve matured past these products’ ability to provide comprehensive protection. Most companies have adopted a host of point products to execute different kinds of business. This has produced sprawling, inadequately secured networks. It’s a patchwork system, and organizations as a result end up with patchwork coverage incapable of evolving with the company, all while paying a premium by dealing with multiple vendors. And threat actors have taken notice. The number of data breaches experienced in private industry has more than doubled since 2019, according to Verizon’s Data Breach Incident Report.

Executives understand this: Research from Gartner shows 75% of organizations are consolidating security vendors, up from 29% in 2020. Secure access service edge (SASE) and extended detection and response (XDR) technologies are a good starting point for the consolidation journey, as these solutions secure access for distributed users and enable teams to detect and respond to threats, respectively. Most importantly, these solutions are designed not only to respond to threats, but identify and prevent them from turning into breaches. When deployed in a consolidated platform with complete interoperability with the rest of the security suite, they offer greater visibility and security by transforming the toolset into a proactive, prevention-oriented program, limiting the potential fallout from a breach before it even happens. When a security incident does occur, customers can be confident that the systems are in place to limit how much damage an intruder can do, which in turn lays a foundation to rebuild trust for the future.

While a strong security posture can prevent the worst outcomes, threat actors only need to get lucky once. No organization is completely immune to breach. The damage from these incidents can range from monetary damages to broad loss of confidence in the company’s ability to do business safely. How does a company rebuild trust after this kind of unauthorized access?

First, you need to limit the damage. That’s why the first step to rebuilding trust is a proactive one: Build a consolidated, prevention-focused security posture, and you’ll be able to limit the fallout. If you’re unable to do so before an incident, it should be the first objective after restoring business operations. Customers will need to know that prevention is your first priority.

The key to rebuilding trust over time is to communicate. The company must demonstrate that they are acting according to a cohesive strategy. This will always include appropriate disclosures. Prompt and transparent disclosure of a breach is important, and most jurisdictions require one to be made “without unreasonable delay”, so there’s a compliance element to this. Beyond that, it enables the appropriate parties to take action to protect themselves or even help develop a fix.

Special communications should go to customers. If continuity of operations has been interrupted, provide a timeline that the company can stick to, if possible. Alert customers to their own potential exposure, and provide the tools to remediate as soon as they’re available.

Your external communications – whether that’s in the press, social media or on the company blog – must be informational, action-oriented and clear about the scope of the damage. Most importantly, these communications must highlight what the company has done to address the breach, how this fits into a broader strategy, and why a similar incident won’t compromise them in the future. Avoid taking a defensive posture, and instead approach the situation as partners.

Essentially, responding to a breach is about people, process and technology in that order. Make sure the people impacted are in the loop with consistent and clear communications first and foremost. Identify and fix process and technology failures during remediation.

Ultimately, there is no replacement in modern business for building a prevention-focused cybersecurity posture. A company that fails to prioritize cybersecurity is a soft target for threat actors of all stripes. Trust requires confidence that your partner is acting to protect your mutual interests, and that means investing in consolidated cybersecurity that evolves along with your business and, crucially, the threat environment.

Be prompt and transparent in your disclosures and communications – delays expand the window for additional damage and obfuscation degrades customer and public trust in the statements you do make. You must give customers and the public good reasons to trust you. Building trust takes time, and there’s no substitute for a track record. As a result, strong, consolidated cybersecurity is already serving as a differentiator.