If you lost third-party data, what would you do?

If you lost third-party data, what would you do?

By responding accurately and quickly and putting customers first following a data breach, you can minimise the risks to your reputation.


In an era where data breaches seem to affect companies on an almost daily basis, a company’s post-breach response is all important.

Many companies appear to be underestimating the full effects of a cyber breach, however, especially when it concerns the loss of third-party data.

Just 2% of UK businesses think a cyber breach would affect them for more than 10 days.

As part of Lockton’s UK Cyber Security Survey 2017, we asked 200 senior decision makers how quickly they believed their company could be entirely operational again after a large-scale loss of third-party data.

Half of companies said they could be ‘fully operational’ again within 48hrs. Just 2% of businesses thought such a breach would affect them for more than 10 days.

These timeframes seem ambitious, as we recently noted in The Telegraph. For instance, if a company has locations in several countries it could take weeks just to identify what’s been affected. And even if a company was able to produce products again within 48 hours, it could still be haemorrhaging data.

How quickly companies believe they could be operational again following a breach

A cyber breach involving third-party data can easily diminish trust and result in a loss of existing or new customers.

The more planning your company does before a breach, the better your chances of minimising the business interruption and reputational damage that a breach can cause.

Companies who manage a breach most successfully are those that can detect and mitigate the breach as quickly as possible. As part of these processes, they should be able to explain to customers:

1. What happened,
2. How this affects customers,
3. What measures the company is taking to correct it,
4. What measures the company has taken to help customers.

As part of our UK Cyber Security Survey 2017, we asked 200 senior decision makers how quickly they believe their company would you be able to inform affected third parties in the case of a loss of third-party data. 

More than half (60%) of companies said they would be able to communicate with third parties within 2-4 hours, if not sooner.

How quickly businesses they think they could contact third parties following a cyber breach

Tense times

Following a breach, a company invariably feels a tension between the need to communicate with customers quickly and the need to communicate accurately.

Communicate too soon and you risk saying something that later proves to be incorrect; leave it too late and you risk appear uncaring and/or not in control of the problem.

Following a breach, there's a tension between the need to communicate with customers quickly and the need to be accurate.

The correct balance for a company to strike will depend on various factors, including its industry, products, services and customer base as well the nature and complexity of the breach.

To optimise the chances of striking the right balance, it’s vital for a company to involve a range of stakeholders in the pre-breach planning stages. (See Cyber breach planning: building your A-team for more analysis of this matter.) This should ensure that the timing and extent of your comms to third parties is a business decision that has factored in the various implications, and not just those of one or two divisions.

In particular, a company will benefit from there being regular, open communications between its IT/security staff and its comms and PR function. (See Why companies are overlooking reputational risks when planning for a cyber breach for more analysis of this matter.)

A good understanding of a breach’s cause and effects will be of little help to your reputation and external comms unless you can explain them in non-technical terms. Equally, a proactive comms and PR team will struggle to effectively communicate with customers and the media unless it receives accurate information in the first instance.

Having members of staff who can relate technical information to non-technical people in understandable terms is therefore vital to successfully communicating to third parties following a breach. (The importance of internal comms should also not be underestimated – any inconsistencies in your explanation of a breach will very possibly be uncovered and made public before too long.)

Typically you can retain customers’ business if they feel that you have communicated with them the cause and effects of the breach quickly, accurately and openly, and have put them first.


For more information, please contact Peter Erceg on:


+44 (0)20 7933 2608