Breach notification is much more than a regulatory requirement. How you respond and communicate to customers about data breaches and other disruptive events like ransomware sets the tone for recovery. It’s the first step toward rebuilding customer trust, but it requires — and demonstrates — empathy if done well. A botched response invites greater public scrutiny and reputational risk, but an effective one that exhibits competence builds customer trust. This report focuses on the customer-facing response to breaches, highlights examples of effective response, and outlines an approach for security and risk leaders to seize the breach notification and response opportunity.