The recently reported data breach at Marriott is estimated to have compromised the personal information of nearly 500 million former Starwood customers, making it the second largest in history after Yahoo.

Such security breaches are on the rise at an alarming rate and reach well beyond the hospitality industry. Cyberattacks have nearly paralyzed mega enterprises including Facebook, Target, Wells Fargo and even the venerable credit reporting agency, Equifax.  

Here are some compelling, if not terrifying, statistics on the growing threat of data breaches:

• In 2016, the U.S. Government spent $28 billion on cyber security.
• According to a 2018 report by the Center for Strategic and International Studies and McAfee, cybercrime may now cost the world almost $600 billion, or 0.8% of global GDP.
• Juniper Research reports that the average cost of a data breach will exceed $150 million by 2020 — and by 2019, cybercrime will cost businesses over $2 trillion

Billionaire Warren Buffett told investors at the 2017 Berkshire Hathaway annual shareholders meeting that cyberattacks are “the number-one problem with mankind,”even more of a threat than nuclear weapons. The takeaways from data breaches are mind-boggling. With more attacks on the horizon, organizations must take preemptive measures not only to mitigate the financial and reputational impact of these events but ultimately to protect their customers.

Deploying the latest software protection is only the beginning. Transparency to customers and actionable steps to correct such a catastrophic event are critical to an orderly recovery.

The process begins at the C-Level of every company to ensure that a proactive crisis management program is in place 24/7/365 and reviewed frequently.  An effective plan includes a risk assessment to identify vulnerabilities across a wide spectrum of threats including, but not limited to, cyberattacks.

Is your organization prepared for the eventuality of a data breach or another catastrophic crisis event? If so, have you reviewed the crisis management plan? Does it include clearly established protocols with dissemination and training at all levels?  Most importantly, is the plan updated constantly and practiced routinely?  

Here are six important questions to ask your crisis management team:

• What constitutes a crisis for our organization?
• When was the crisis management plan last updated?  (at least annually at minimum)  
• Does your organization have an established chain of command and is that team trained to manage a crisis?
• When was the last time your organization conducted a crisis management drill? (annually at minimum)
• Have you fully considered the consequences that a catastrophic crisis could have on your future financial viability?
• Does your current enterprise crisis plan extend to the field and individual unit operations?  

Crisis management should be considered an integral part of an organization’s operational health and success. Most companies conduct regular financial and performance reviews. Your company should add to the list a review and practice its crisis plan.

IntegratedCrisis Management Solutions is composed of security operatives and communications professionals offering risk assessments, streamlined emergency protocols, management training, customer/media relations and recovery programs.