A major industry association called me after a break-in. What went missing wasn’t cash or computers — it was a laptop containing names, dates of birth, and addresses for their entire membership. The kind of personal information that makes people feel exposed.
Behind closed doors, leadership was running the math. Regulatory fallout. Member cancellations. Lost renewals. The number they kept landing on was north of $2 million in potential damage.
Some people in the room wanted to wait. Get more information. Figure out the legal exposure before saying anything.
I told them we were reaching out to every single member. Proactively. Before they heard it somewhere else.
We wrote a notification that led with empathy rather than legalese. Not ‘we regret to inform you’ — real, human language that said we know this is unsettling and here’s what we’re doing about it. We trained every frontline staff member on how to handle the angry calls, because they were coming and the worst thing you can do is let an unprepared voice be your first impression. We monitored every online mention and every internal conversation so we were never surprised. And we told members exactly what was changing internally so this wouldn’t happen again.
Yes, angry calls came. Fewer than they feared. And they didn’t last long.
The final damage? Zero lost memberships. Every single policy renewed. Not one dollar in lost revenue.
The $2 million crisis cost them nothing because they chose honesty over hiding.
For many leaders, the instinct after a breach is to go quiet until they have answers. That silence is where trust goes to die. The organizations that come through these moments intact are the ones that treat their stakeholders like adults — telling them what happened, what they’re doing about it, and what comes next.