Posted May 24, 2016 – By Anna Kobylinska
In a business world awash with sensitive customer data, cybersecurity threats have become persistent and perhaps even unavoidable. These new realities are beginning to redefine excellence in customer service.
No such thing as a zero-impact incident
The cause of a cybersecurity incident may be outside of your organization’s control, but it can still massively impact your customers. In a bank heist last February, cyber criminals almost got away with US$1 billion by initiating fraudulent money transfers using the SWIFT code of the Bangladesh Central Bank. The SWIFT code is an international bank identifier registered with the Society for Worldwide Interbank Financial Telecommunication.
Although some of the transactions went through, the fifth attempted transfer sounded alarm bells in the offices of Deutsche Bank, which was involved with routing the funds. Unfortunately, the US$81 million that had already been transferred could not be recovered.
Any cybersecurity incident that affects your customers will challenge the relationship of trust you have put so much effort into building. This can also be incredibly costly. LexisNexis Risk Solutions estimates that for every $1 of online fraud, the actual cost to a business totals on average $3.08. By comparison, the overall cost of unplanned downtime at a data center is a whopping $8,025 per minute, according to the Ponemon Institute. For these reasons alone, your organization needs to be prepared for the seemingly unthinkable.
By planning ahead, your company can minimize the cost of a cybersecurity breach. Based on an initial analysis of how customer financial data may be impacted, your company needs to design an incident command system, a standardized decision-making framework for the command, control and coordination of an emergency response to any given cybersecurity incidents.
Banks have learned the hard way that aiming for a zero-incident target is unrealistic. As a result, financial institutions have an incident response system in place and are prepared to embark on risk mitigation at the first sign of trouble.
Retail banks are more than willing to replace credit cards or access codes if there’s even an inkling of a possible data breach. Financial institutions are also proactive in other ways. They may notify their customers of any unusual charges or request an additional authorization by placing an automated phone call.
Communication in a crisis
Every incident is an opportunity to provide value to your customers and build a lasting relationship of trust. Depending on the type of data compromised, you may have a legal responsibility to communicate a data breach to your customers, regulators, law enforcement and other stakeholders. Make sure your organization provides accurate and timely information that is clearly legible, and use communication channels that are appropriate given the scope and the nature of the information, as well as the level of emergency your customers are experiencing. Take for example Citibank, which uses in-person and automated phone calls, text messaging, its website, email and physical letters to contact customers in an emergency.
Bad news travels fast and customers shouldn’t learn about a cybersecurity breach from the media; rather, they should find out through your organization’s emergency notification system. You want to clearly inform affected account holders of any steps they may take in order to minimize the fallout from the incident, fill them in on what your organization has already done, as well as let them know how they can access additional information and obtain support.
You may also want to consider monitoring social media (Facebook, Twitter, LinkedIn and others), responding to user comments on relevant blogs and replying to questions in discussion forums related to your business. The bigger the impact of a breach, the more valuable your timely and efficient service is to a customer.
How technology can help (and how it can’t)
A sudden spike in contact center activity can negatively impact service levels to customers who otherwise would not have been directly affected. In order to ensure uninterrupted customer service, an emergency-response call center service can take over some of the load. In many cases, support requests can be routed by software in a network of call centers, creating a coordinated call-center system. An automated or semi-automated call routing system may involve Interactive Voice Response (IVR), Automatic Call Distribution (ACD) or Uniform Call Distribution (UCD) technology.
Even so, customer service representatives can add considerable value to the service of your organization in a manner in which additional technology can’t. By projecting a deep respect for the customer, showing empathy, customer service agents can reinforce trust, actually improve the existing relationship.
A continuous process of improvement
In order to reduce the impact of cybersecurity threats it is absolutely critical for any organization to learn from past failures. What may sound rather self-evident is in reality a complex, ongoing challenge.
In “The Global State of Information Security Survey 2016” by PricewaterhouseCoopers, the international consulting firm found that a vast majority of organizations are incorporating strategic initiatives to improve security and reduce risks. 91 percent of respondents have adopted a security framework.
With online fraud on the rise, the implications of cybersecurity breaches are very real. Another study by PricewaterhouseCoopers found that fraud in the mobile channel alone currently costs companies 3 percent of revenue. Strong anti-fraud PII and PCI compliance programs are critical to risk mitigation for any brand.
The bottom line
Regardless of your organization’s efforts to provide the highest level of cybersecurity, incidents are bound to happen, and they will affect your relationship with your existing and future customers, as well as with the public at large. See them as an opportunity — however unfortunate — to strengthen your customer relationships and build lasting loyalty by delivering tangible value through customer service excellence in a crisis.