Not that long ago, chief marketing officers were most concerned with generating leads and conversions, managing budgets, earning a healthy return on investment, maintaining digital relevance, and growing market share while keeping a close eye on the competition.

These are still important. However, according to a recent article and global survey of senior marketers and chief marketing officers, these concerns pale in comparison to their biggest concern today – the data breach.

There’s real cause for worry. A year ago Equifax found itself saddled with one of the biggest data breaches in history. High-profile brands including Facebook, Panera, Yahoo, Under Armour and Target all have suffered massive data breaches in the past few years. And recently, the marketing and data aggregation firm Exactis had nearly 2 terabytes of data exposed, affecting up to 340 million American adults and businesses.

Because of the devastating effects a breach can have on business results and reputation, and because every organization is at risk, company leaders can no longer cross their fingers and hope they don’t become a target.

Unfortunately, even the best crisis plan is not a total defense for the complex, rapidly evolving and powerful impact a data breach can have on an organization’s reputation. Minimizing a data breach’s impact requires organizations to follow some specific communications best practices. For example, be prepared to:

• Acknowledge the breach promptly. At first, there will be far more questions than answers. But keeping consumers oblivious to a breach will backfire once it becomes public.
• Give those affected a way to take action. Toll-free hotlines, information about how to cancel credit cards, or allowing consumers to sign up for free fraud monitoring services are examples.
• Make it easy to take action. Don’t place burdensome new requirements on consumers in return for helping them solve a problem for which they are not responsible.   
• Deploy a “dark site.” A dark site is a website that lies dormant until the owner takes it live. It provides information about who to contact with questions, ways to take action and a place for news updates.
• Monitor and engage on social media to reach a wide audience in real time. Employing social media during a crisis requires special protocols for messaging and management of those channels.
• Coordinate public relations and legal response strategies. Public relations experts will be focused on the company’s reputation; lawyers will be working to minimize legal fallout. Both teams can contribute to the best possible outcome through close collaboration.

As hackers continue to push the envelope to exploit vulnerabilities, companies will be forced to take every precaution available to protect and preserve data. But they must make an equal effort to sympathize, right the wrong and communicate. That may be what saves a bad situation from getting worse and preserves the hard-won reputation of a good organization.