Crisis Communication in the Face of Data Breaches

Data breaches refer to unauthorized accesses to data. Typically but not always, data breaches are about cyber crime. An organization facing such a crime is often also in a crisis situation. Therefore, organizations should prepare also for data breaches in their crisis management procedures. These procedures should include also crisis communication plans. To this end, this paper examines data breach crisis communication strategies and their practical executions. The background comes from the vibrant crisis communication research domain. According to a few qualitative case studies from Finland, the conventional wisdom holds well; the successful cases indicate communicating early, taking responsibility, offering an apology, and notifying public authorities. The unsuccessful cases show varying degrees of the reverse, including shifting of blame, positioning of an organization as a victim, and failing to notify public authorities. With these qualitative insights, the paper contributes to the research domain by focusing specifically on data breach crises, their peculiarities, and their management, including with respect to European regulations that have been neglected in existing crisis communication research.