Case studies

Consumer Financial Institution – Crisis Simulation

Executive Summary

Following big-name data breaches at stores like Home Depot and Target, a Fortune 500 consumer financial institution came to us concerned about their ability to handle a similar crisis. Using advanced technology, we were able to run five simulations of a data breach at the institution. The first four focused on creating a comprehensive communication and response plan, while the fifth and final simulation helped us determine if the developed plan would work in a real life data breach situation.

About

This top company in the consumer financial sector provides options for payment, travel and expense management solutions. They offer both individual and business services for companies of all sizes.

Challenges

Prior to using our service, the customer’s biggest challenges was knowing whether or not they were prepared to handle a data breach, without having to actually experience one. Seeing peer companies become targets of date breaches, and knowing it was top of mind for both customers and executives alike, they wanted to test their own protocols. They questioned whether their chain of command and communication process were good enough to meet their needs.

The immediate challenge was to create a basic plan of readiness in case of a future data breach, while the secondary challenge was to create a truly durable crisis communication plan that the company could trust to be effective even in circumstances of data breach.

What We Did

We got to know the company – their culture, their departments, and their concerns. Then, we created a scenario that mimicked an aggressive data breach. We leveraged a platform that acts as a social media emulator, imitating Facebook, Twitter feeds and other social media to create a real life experience in which the participants could practice their response protocols. And, created real media calls and emails to test the limits and give the real experience to the media relation’s team. The tools used allowed us to see track timing for responses, coordinate new twists in the scenario and record the level of coordination among audiences.

Key components of the simulation included:

  • Trained 60 employees on crisis response within the organization
  • Managed hundreds of media inquiries, social media shares, and multiple streams of content
  • Worked cross-functionally with eight different departments coordinating the efforts

Results

After the scenario was completed, we gave the company a comprehensive debrief highlighting feedback based on their response and objectives. One of our main findings was that the focus was too reactionary and there was a need for greater attention to long-term capacity required for incidents of this nature. Most notably, communication to some key audiences lagged significantly and at times, messaging felt too reactive and corporate.

The result of the simulation was:

  • A rich real-life experience for employees that would serve as key responders during an incident
  • A comprehensive data breach crisis plan that will help ensure a quick, smart and seamless response if the company is faced with a similar situation
  • Awareness around weaknesses and areas of opportunity for future planning

“Deploying the program with the company’s primary objectives in mind, we were able to observe and learn the strengths and weaknesses of the current plan.”