author photo
By Bruce Sussman
Fri | Oct 4, 2019 | 6:30 AM PDT

When most people discuss the top data breaches of a given time period, they tend to look solely at a breach by the numbers. How much data was stolen, how many people were affected?

But here at SecureWorld, we're equally fascinated by the way companies announce they've been breached. This is because Incident Response planning is always a hot topic among security leaders at our 17 regional cybersecurity conferences.

So let's look at four possible ways to announce a data breach, based upon stories we've covered. 

How are organizations announcing a data breach?

  • Breach announcement letter—corporate or authentic?
    Marriott was the largest breach of 2018, with 500 million of its Starwood brand customers impacted, and its breach announcement was complete "corporate speak." Read Breach Announcement Comparison: Marriott vs. Quora. Quora is an online Q&A site that had 100 million accounts exposed, and it went for a more authentic style.
  • Breach announcement on Facebook Live:
    A water utility got hit by ransomware. The announcement came from its CEO during a Facebook Live video recorded at a fiery all-staff meeting: "Do you bow your head, weakly, and say we'll pay you and risk another attack? Or do you look 'em in the eye and say we're Americans, we're North Carolinians, and by golly, we'll survive this too. That's what we say. That's what we're telling the cybercriminals and the world." Read and watch: The Hurricane, the Tropical Storm, and then the  Facebook Live Breach Announcement.
  • Twitter livestream breach announcement:
    An e-commerce CEO gets high marks from customers after an incredibly authentic sounding breach announcement. Read and watch: Livestreaming a Breach Announcement: An Ecommerce CEO Just Did It.
  • Use your breach announcement to attract cybersecurity talent:
    We are sure that creating a security talent pipeline will be a hot 2020 security conference topic. And we are still giving Reddit major kudos for trying to create a talent pipeline during its own breach announcement. Read Reddit's Breach Announcement: We Have Openings in Cybersecurity.
  • Some breach announcements avoid saying the "B" word:
    Lastly, what if you need to tell customers something is wrong but you don't want to say "ransomware" or "breach" because it may make people panic? You could try what happened in The Cyber Attack That's Never Been Officially Announced.

We hope these examples give you some ideas for your Incident Response communication plan.

[RELATED: Marriott Data Breach: Who did it, lawsuits, and more. See our 2018 Marriott data breach coverage stories.]