Customer Breach Support

Protecting your customers, reputation, and brand through a data breach

The ever looming threat of a data incident is more prominent now than ever before. Constantly evolving intelligence and technology makes cyber criminals tough to defend against, with the added pressure of more than half of breaches being made as a result of human error. The ICO stated that across all UK businesses in 2022, there were 2.39 million instances of cybercrime, which is between 59% and 69% of all medium to large UK businesses. CBS demonstrates how a comprehensive, pre-planned response can help protect your organisation and customers while addressing regulatory compliance through the GDPR. If you have already been affected by a breach, learn how we can support you in the aftermath of the incident through our managed response service.

Explore Content

Fast, effective support through an end-to-end service managed service

When encountering a breach, organisations must move swiftly to communicate and engage with affected stakeholders and customers, providing the right level of support to minimise their concerns, answer questions and alleviate fear.

There are two core components to our CBS service:

  • Pre-breach: our Reserved Response programme is a specialist pre-breach readiness component, which documents and exercises all critical elements of your breach response playbook in advance of an incident, enabling us to mobilise a response within 72-hours.
  • Post-breach: In the event of a data breach we can notify, support, and protect your affected end customer or employees and their identities, with the objective of mitigating operational, reputational, and financial risks.

Pre-breach: Reserved Response Support

Becoming a Reserved Response client gives you access to the capability and capacity to mount an effective breach response. A specialised Deloitte team helps your organisation with planning and preparation, while our Operational Hub establishes infrastructure, capacity, and breach response procedures, including:

  • Breach readiness - We undertake sessions to understand your organisation and the requirements to respond effectively to an incident. We work with you to complete an incident playbook that will serve as a critical document during a breach; containing pre-agreed decisions, templates and processes to expedite the response.
  • Desktop exercises and drills - We regularly test end-to-end breach processes, from response activation and message development, through to call centre support.
  • Guaranteed SLAs - Contractual agreements that specify timely outreach and customer contact capacity required for your customer base. We can mobilise in as little as 3-days.
  • Scaled capacity and technology - Cloud-based telephony and workflow will be scaled and configured, in addition to outbound e-mail authentication protocols.

Once onboarded, your organisation can depend upon Deloitte’s expertise, infrastructure, capacity, skills, and logistical reach for swift and effective response to a customer breach on any scale.

Post-breach: Live customer breach response

For clients who have completed our Reserved Response programme, upon breach response activation, Deloitte will launch pre-planned, controlled support for affected individuals. An incident management team mobilises the Operational Hub and coordinates service elements, including:

  • Breach activation - You can report an incident at any time through our 24/7 hotline; this will initiate our agreed procedures.
  • Outbound notification and communication - Launch of a customer notification campaign via mail or e-mail including data integrity checks, return-mail handling and detailed management information.
  • Inbound customer contact support - Mobilisation, training and accreditation of agents, scaled in-line with inbound call demand, to answers question and queries posed by the affected data subjects, aligned to pre-agreed scripting and FAQs.
  • ID protection and repair - Affected individuals will have access to identity protection products (credit monitoring and dark-web monitoring) for a fixed period of time to protect their identities in the aftermath of an incident.

For clients who have not completed the Reserved Response Programme, you will still be able to benefit from all of the above service elements, however some areas, such as the letter templates and outreach strategy will need to be agreed with you during the mobilisation process.

Get in touch

Hugo Morris
Partner, Risk Advisory
+44 20 7303 5985 

Andrew Hanlon
Associate Director, Risk Advisory
+44 20 7303 8732