Breach Clarity Wants to Rewrite How Organizations Talk about Their Breaches

February 2, 2021 | rjmcgarvey | credit union, InfoSec, Tech

By Robert McGarvey

Breach Clarity, a startup from onetime Javelin Strategy + Research co-founder Jim Van Dyke, is about to change how organizations talk about their data breaches – with a loud emphasis on increased transparency, reduced opacity.

Breaches are commonplace. There are four significant ones daily, says Van Dyke. But that does not mean the public knows much about them. Ask any cybersecurity journalist what they do not like about organizational breach press releases and the short answer is everything. That is because opacity – saying as little as possible and offering few details – is the operating philosophy. 

One fact: confused and frightened consumers want more facts about breaches and how they are impacted.

Scoring the Severity of a Breach

Enter Breach Clarity which aims to do three things that are game changing: it scores a breach on its severity, from 1 to 10; it tells an individual what he/she needs to do to protect himself if caught up in a specific breach; and it will soon offer a score of an individual’s risk of being a fraud victim with scores ranging from 1 to 100.

As for the action items Breach Clarity suggests, they will be specific to a particular breach and to an individual. Some breaches set up some individuals for IRS fraud, for instance. Others set up some individuals for new account fraud. Still others often will lead to attempts at account takeovers.  There is no cookie cutter advice. Customization and personalization are what Breach Clarity aims to deliver.

A fourth thing may be even more game changing: Van Dyke, whose Javelin claimed many mega banks as clients, is marketing Breach Clarity as a value add for credit unions to offer to their members.  He already claims one customer – BCU (formerly Baxter Credit Union), the nation’s 56th largest with around $4 billion in assets.  

According to Van Dyke, although BCU is offering Breach Clarity as a free tool to members, it nonetheless forecasts a 5X ROI.  How? Reduced fraud losses – financial institutions, says Van Dyke, absorb the bulk of the losses due to data breaches and the hope is that an informed membership will be better able to take steps early to minimize fraud.  

Van Dyke also says there will be a reduction in member calls for help to call centers – and financial institutions relate that after heavily reported breaches they are swamped with SOS calls.  Fewer calls mean lower costs.

Phase 2 of Breach Clarity’s marketing plan is to expand the focus to national and large regional banks.

Consumers Want This Help

Van Dyke also says that consumer research done by Breach Clarity found a surprisingly robust appetite for such tools among Gen Z and Millennials.  Interest is also high – and expected – among Baby Boomers.

Where does Breach Clarity get its breach data? Via the non profit Identity Theft Resource Center, says Van Dyke, who sits on the ITRC board.

Eva Velasquez, CEO of ITRC, said: “The ITRC is honored to partner with Breach Clarity and provide more meaningful information to consumers and data breach victims.  The biggest challenge breach victims face is understanding the risks associated with a particular breach, and what steps they should take next.  Breach Clarity, powered by the ITRC’s data breach data, addresses this challenge by providing an intuitive risk score accompanied by essential action steps.  We are proud to be a part of a no-cost solution that brings much needed clarity to the victims of data breaches.”

The analytics that score breaches on severity and generate custom corrective steps are results of Breach Clarity algorithms

Three Steps That Must Be Taken

Here are three steps every organization that suffers a breach needs to take to prepare for demands for more transparency and clarity about breaches:

*Ditch the opacity in breach related press releases.  Aim for more transparency, especially around what data was stolen, over what timeframe. 

*Breached organizations need use cybersecurity writers to polish releases.  By all means, involve lawyers and cybersecurity technicians. But writers specialize in the communication skills that will add much needed transparency.

*Be transparent about the cybersecurity steps that the organization has taken.  Don’t give cyber crooks a road map but do disclose to the public information that will help restore confidence.

###

Hear a half-hour podcast with Jim Van Dyke here.  

Leave a Reply

Your email address will not be published. Required fields are marked *