CLICK HERE TO DOWNLOAD THIS IMAGE & COLOR IT IN!Well, it happened. You just rolled a critical failure. The breach is here, systems are compromised, and now you're facing the most dangerous enemy of all—broken trust from executives and customers who once believed in your defenses.
Since this directly translates to thousands, millions, or billions in lost revenue, your priorities have shifted to complete incident resolution and restoration of that trust...at least for the foreseeable future.
Your path forward?
Rolling a persuasion check.
Contextually, this type of “roll” means convincing stakeholders that your organization deserves a "second chance" after a cyber breach.
Even in the best of cases, though, the data isn't encouraging. 58% of consumers believe brands hit with data breaches are untrustworthy, and 70% would stop shopping with a brand that suffered a security incident, per Vercara.
We believe that there has to be a better way—so we've put together this helpful guide to communication after a cyber breach. Read on to learn how you can turn your latest breach into a story of resilience > failure.
When a breach hits, you're dealing with a triple threat: financial, reputational, and relational damage.
The financial devastation of most cyber breaches is immediate and devastating...and it's more nuanced than people think. While the average cost of a data breach reached an all-time high in 2024 of $4.88 million, these numbers only tell part of the story.
The real damage occurs and compounds within the relationships that make businesses sustainable. Executive confidence wavers as board members question the security team's competence, and customers begin shopping for alternatives before the forensics team even finishes their investigation. These two factors make the average cost skew much higher over time, and it exponentially grows with the level of revenue that a company has reached.
The difference between successful post-breach trust recovery and catastrophic, lasting failure can be seen in Coinbase and Lastpass’ recent campaigns.
When Coinbase faced a data breach affecting over 69,000 customers, they chose to prioritize aggressive transparency. The company refused to pay the $20 million ransom demand associated with the Coinbase data breach, instead establishing a $20 million reward fund for information leading to the arrest and conviction of the criminals responsible.
At the same time, the company also chose customer obsession and experience over immediate fiscal damage control. They released a statement quickly that assured users that anyone who fell victim to the attack would be fully reimbursed. They also clearly disclosed what happened, taking full accountability.
LastPass took the opposite approach, and the results speak for themselves. The LastPass breach attack started on August 8, 2022, and lasted until November of 2022.
On November 30, LastPass finally admitted that customer data was affected in the incident. This delay created a trust catastrophe, though CEO Karim Toubba later accepted the criticism and took full responsibility.
The breach ultimately compromised virtually all customer information, was presented to consumers in a partial and delayed manner, and ultimately led to ongoing cryptocurrency thefts.
That's right: The FBI links over $150 million in crypto heists to the LastPass breach.
The lesson for cybersecurity teams across both of these tales is clear—your post-breach communication strategy determines whether your party is memorialized as a true band of warriors or agents of destruction.
If you're trying to build trust for the first time during the crisis, you've already failed your saving throw. Post-breach trust is established in the pre-breach campaigns, laying the framework for unshakeable belief and confidence in your company’s ability to continue on, even if the worst happens. The pre-breach campaigns are also your opportunity to build an understanding that cybersecurity is not an exact science – there’s a finite set of resources given to address the ever growing sea of threats. Helping your leadership understand the state of play will put you in an advantageous spot when the dragons come knocking.
Here are a few steps you can take to start establishing pre-cyber breach trust from now on.
Executives need to understand their role in your cybersecurity campaign before a breach occurs. They need to know that they're not just the "wallet" of your quest, they're active party members with roles to play, and who have abilities and responsibilities that help to support the mission when things go sideways.
How can you best assemble your party?
First, get alignment on your organization’s crown jewels. These are your org’s most important assets – things like your customer relationships, intellectual property, key suppliers, or sensitive data. You should start with a short list of the 3-5 things the business needs most to operate.
Next, stress test your response to different threats to your crown jewels. With your most critical assets in lens, you’re certain to get more engagement and attention from the executive ranks.
Use the above to ensure your executive team understands their role. What key decisions will they need to make? What tradeoffs should be weighed? Who makes the ultimate call? Are all these things documented so there’s no question when they day comes?
You can accomplish all of this with a well orchestrated exercise series.
As far as more immediate benefits go, this level of understanding and ownership is transformative—helping your stakeholders to embrace the thought of cybersecurity as a business enabler rather than a cost center.
Whether you’ve taken the time to lay a foundation or not, you’ll still have critical steps to take in the wake of a cyber breach. We’ve boiled your process down to three simple steps: Leading with transparency and sharing information, establishing action plans, and tracking progress.
Never waste a good crisis breach. Each one serves as a reminder of processes that can be improved, defenses that need to be strengthened, and an opportunity for the public to truly know the people behind the brand. How will you react? What will you say? How will the company move forward from this? Most of these answers and outcomes are all in your (very capable) hands.
The quest is clear for our brave cyber paladins: master the art of the persuasion check and transform post-breach communication from a desperate damage control mission into a strategic trust-building campaign.
The challenge, though, is real. Rolling successful persuasion checks with executives and customers after a data breach requires transparency, a gentle hand, and flawless execution—all while every second counts and the stakes couldn't be higher.
Organizations that prioritize pre-breach trust-building with leadership teams and establish clear crisis communication protocols before disaster strikes will find themselves better equipped to turn potential catastrophes into stories of resilience and renewed confidence.
Cyber teams that master both the technical and communication aspects of incident response—i.e., those who can roll natural 20s on their persuasion checks when it matters most—will ultimately prevail against any threat that faces the organization.
—---------------------
Ready to establish the communication standard you need to build trust with your stakeholders before your next breach occurs? Try Ally for FREE today and discover how our TTX platform helps establish the pre-breach knowledge, trust, and crisis communication protocols that turn your next incident response into a masterclass in stakeholder confidence. Connect today to request a demo.
About Ally Security
Ally is here to support facilitators, which in turn creates a virtuous cycle where exercises take less time, provide more value, are run more frequently, and can make every organization can be better prepared.
The unexpected wins. The client curveballs. The chaos you couldn’t have scripted if you tried. Dear Asa is your space to share the stories that don’t make it into the official post-incident report. Script, submit, and enjoy a chance to be featured or quoted in an upcoming post.
