Customer Breach Support

Fast, effective support through an end-to-end service managed service

When encountering a breach, organisations must move swiftly to communicate and engage with affected stakeholders and customers, providing the right level of support to minimise their concerns, answer questions and alleviate fear.

There are two core components to our CBS service:

• Pre-breach: our Reserved Response programme is a specialist pre-breach readiness component, which documents and exercises all critical elements of your breach response playbook in advance of an incident, enabling us to mobilise a response within 72-hours.
• Post-breach: In the event of a data breach we can notify, support, and protect your affected end customer or employees and their identities, with the objective of mitigating operational, reputational, and financial risks.

Pre-breach: Reserved Response Support

Becoming a Reserved Response client gives you access to the capability and capacity to mount an effective breach response. A specialised Deloitte team helps your organisation with planning and preparation, while our Operational Hub establishes infrastructure, capacity, and breach response procedures, including:

• Breach readiness - We undertake sessions to understand your organisation and the requirements to respond effectively to an incident. We work with you to complete an incident playbook that will serve as a critical document during a breach; containing pre-agreed decisions, templates and processes to expedite the response.
• Desktop exercises and drills - We regularly test end-to-end breach processes, from response activation and message development, through to call centre support.
• Guaranteed SLAs - Contractual agreements that specify timely outreach and customer contact capacity required for your customer base. We can mobilise in as little as 3-days.
• Scaled capacity and technology - Cloud-based telephony and workflow will be scaled and configured, in addition to outbound e-mail authentication protocols.

Once onboarded, your organisation can depend upon Deloitte’s expertise, infrastructure, capacity, skills, and logistical reach for swift and effective response to a customer breach on any scale.

Post-breach: Live customer breach response

For clients who have completed our Reserved Response programme, upon breach response activation, Deloitte will launch pre-planned, controlled support for affected individuals. An incident management team mobilises the Operational Hub and coordinates service elements, including:

• Breach activation - You can report an incident at any time through our 24/7 hotline; this will initiate our agreed procedures.
• Outbound notification and communication - Launch of a customer notification campaign via mail or e-mail including data integrity checks, return-mail handling and detailed management information.
• Inbound customer contact support - Mobilisation, training and accreditation of agents, scaled in-line with inbound call demand, to answers question and queries posed by the affected data subjects, aligned to pre-agreed scripting and FAQs.
• ID protection and repair - Affected individuals will have access to identity protection products (credit monitoring and dark-web monitoring) for a fixed period of time to protect their identities in the aftermath of an incident.

For clients who have not completed the Reserved Response Programme, you will still be able to benefit from all of the above service elements, however some areas, such as the letter templates and outreach strategy will need to be agreed with you during the mobilisation process.
 

Get in touch

Hugo Morris Partner, Risk Advisory +44 20 7303 5985	Andrew Hanlon Associate Director, Risk Advisory +44 20 7303 8732