Leading in a crisis: data breach response

Data breaches are unforeseen events that can have significant repercussions for organisations, demanding immediate action, composure, and transparent communication. In this blog, I explore the essential components of managing a data breach and provide practical guidance for security leaders to effectively navigate this complex situation.

Crises like data breaches often create an atmosphere of chaos, characterised by rapid changes and high tension. Navigating through a crisis effectively can lead to containing a cyber attack early and therefore minimising potential harm to people.

Responding to a cyber incident requires modifying your work activities instantly and making decisions under extreme time pressure. But even in a crisis, it’s important to put your values at the centre of every decision you make.

Amy C. Edmondson in a short video emphasises the importance of communicating often and with transparency even if there’s no complete information, because being able to show humility and say what you know and what you don’t know can help establish credibility. ​​In situations like data breaches, effective leaders should also express empathy as this can help build trust.

Recognise early warning signs

A crisis is defined by a series of unexpected events that leaders and organisational stakeholders perceive as highly significant, potentially disruptive, and requiring urgent action. Recognising these crises early is critical, as it allows leaders to promptly inform relevant individuals both within and outside the organisation. Early detection facilitates a swift response, minimising the impact of the crisis.

As a CISO, recognising the signs of a data breach early on is crucial. It enables you to initiate the necessary response protocols promptly, minimising the impact on the organisation and its stakeholders.

Communicate with transparency

Effective communication is the cornerstone of crisis management. Leaders must communicate honestly, frequently, and transparently. It is crucial to provide realistic interpretations of events, avoiding both overly optimistic and pessimistic viewpoints. By sharing what is known and acknowledging uncertainties, leaders can maintain credibility and foster trust among stakeholders.

Maintain composure

Remaining calm and encouraging a composed atmosphere is essential during a crisis. Leaders should strive to avoid panic and defensiveness, as these reactions only worsen the situation. Instead, they should remain open to different options and ideas. It is common for crises to induce a narrow focus on isolated aspects of the breach. However, as a leader, you must keep a broader perspective, considering the overall impact and potential solutions.

Show empathy

Acknowledging people’s fears and concerns is crucial for effective crisis management. Leaders should demonstrate genuine empathy towards those affected by the crisis, while also encouraging resilience and determination. By providing reassurance and support, leaders can help their teams stay focused and motivated throughout challenging times.

A data breach affects not only the organisation but also the individuals whose information has been compromised. As a CISO, it is crucial to demonstrate empathy towards those affected, acknowledging their concerns and fears. By providing reassurance and support, you can instill a sense of resolve and determination within your team to address the breach promptly and effectively.

Act with integrity

During a crisis, it is easy for individuals to lose sight of the organisation’s overarching mission and guiding values. Leaders play a vital role in refocusing their teams, reminding them of the greater purpose they serve. This realignment fosters a sense of unity and reinforces the collective effort required to overcome the crisis.

Even in a crisis, it’s important to put your values at the centre of every decision you make. Ask yourself, what is the ethically right thing to do? As a CISO, it’s important to be able to remind your stakeholders of the broader mission – to protect our customers. Your steadfastness will show not only in your plans but also in your values. 

Ask for help

Dealing with a data breach requires collaboration and seeking external support when necessary. Engage with internal stakeholders, such as legal and public relations teams, to ensure a coordinated response. Additionally, consider involving external experts, such as forensic investigators or cybersecurity consultants, who can provide specialised knowledge and assistance in managing the incident effectively.

Take decisive action

Timely decision-making and swift action are crucial during a crisis. Leaders must deliberate quickly and take decisive steps forward. While perfection may be unattainable, leaders should prioritise progress over perfection, maintaining a bias for action. It is equally important to emphasise collective learning and improvisation. The initial response should be seen as a temporary solution, allowing room for adjustments and improvements as the situation unfolds.


Crises often require adaptations to existing processes and the roles of individuals within the organisation. Leaders should encourage a collective evaluation of how processes can be adjusted to meet the demands of the crisis.

As a CISO, encourage a collective evaluation of security protocols, policies, and incident response plans. This may involve redefining responsibilities, enhancing security controls, or implementing additional safeguards to protect against future breaches.

As a security leader, managing a data breach requires strategic leadership, resilience, and effective communication. By following these principles, you can navigate crises with resilience, inspire teams and build a culture of trust and collaboration.


1 Comment

Leave a Comment

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s