It’s tempting to wait until your organization knows exactly what happened to make a public statement. However, this delay allows time for inaccurate rumors to start, which can damage your reputation even more. In 2017, Equifax waited a month to communicate with the public after discovering the data breach that exposed the private information of 147 million people, which increased the damage and impact. Ultimately, Equifax ended up settling for USD 425 million to reimburse affected consumers for the time and money lost through the breach. By providing transparent communication with as much detail as you currently know as soon after an incident as possible, you show your customers they can trust that you are handling the incident appropriately — and your business controls the narrative.

Setting the right tone is also imperative. “When you send your customer a notification to tell them that something serious has happened and you may or may not have lost data and information that is very important to them and potentially putting them at greater risk, do not start that notification by saying, ‘Your security is very important to us,'” says Ensign. “As soon as you say these words or similar statements, such as your security is top priority, people tune out and if they read the rest, they are using a sarcastic lens.”