Cybersecurity breaches can happen to anyone—individuals and companies alike. No matter how robust security controls are, organizations work tirelessly to prevent thousands of attacks daily, while attackers only need to succeed once.
When a cyber attack occurs, it’s not just the breach itself that matters—what happens next is crucial. The way an organization responds determines whether trust is regained or eroded among customers, employees, investors, and regulators.
The Pitfall of Vague Statements
A poorly handled response can be just as damaging as the attack itself. Vague statements come across as evasive, leaving stakeholders uncertain and concerned. I experienced this firsthand with LastPass; when they were attacked, It wasn’t the breach itself that caused my loss of trust, but rather by their lack of transparency in handling it. That loss of trust ultimately led me and others to leave their service.
Coinbase: A Model for Responsible Disclosure
In contrast, Coinbase has set a standard for how cyber attacks should be addressed. Rather than downplaying the breach, they acknowledged it, detailed the attack method, and provided clear guidance on necessary steps for customers. Even more commendable, they outlined security improvements made in response to the attack and—perhaps most notably—refused to pay the attackers.
Taking transparency and accountability even further, Coinbase matched the ransom demand with a reward for information leading to the arrest of those responsible. This bold move underscores their commitment to security and sends a strong message to cybercriminals: extortion won’t be rewarded, but justice will be pursued.
Raising the Bar for Cybersecurity Responses
Coinbase’s approach should set the benchmark for responsible cyber attack disclosure. In an era where digital trust is paramount, organizations must prioritize honesty, clarity, and action over vague reassurances. When done right, transparency not only mitigates damage but strengthens trust—proving that resilience and integrity are just as vital as the security measures themselves.
https://www.coinbase.com/en-gb/blog/protecting-our-customers-standing-up-to-extortionists
ARD Blog 