The perfect storm of digital transformation, globalisation and populism has made safeguarding corporation reputation significantly more challenging. But it is the emergence of cyber threats that most businesses rightly fear, as an operational issue can quickly become an existential crisis for the unprepared. Many high-profile scandals this year relate to some kind of cyber-attack or data breach and a recent cyber security report predicts global annual cybercrime costs will grow from $3 trillion in 2015 to $6 trillion by 2021.
Cyber is a unique threat because it’s intangible, difficult to quantify, and has a wide range of consequences, from operational downtime to potential litigation from customers. As with any potential issue or crisis though, the response is absolutely crucial, and can greatly impact how that organisation recovers and restores trust.
When facing a cyber threat, an organisation must respond quickly, even though it may not know the facts, and demonstrate empathy with the customers and other stakeholders who have been affected. Clearly stating which facts are known, and recognising those that are not, helps prevent potentially damaging speculation.
In this digital age, it is humans that should play the most active role from the outset, both internally and externally, in communicating the actions that are being taken to resolve the issue. Typically, law enforcement agencies and other third parties will be involved and crisis plans should anticipate this. All partner communications through traditional and social media should provide consistent and timely updates.
Message delivery is absolutely critical; all communications should cascade through the organisation and converge on the agreed positions and not diverge based on speculation in traditional and social media. Ultimately how you respond to a cyber threat becomes the key factor in determining the effect it will have on your reputation.
Having a good crisis plan helps, but the speed and ambiguity of a cyber-attack means you can’t learn on the job. There is no substitution for experience, and in the same way pilots don’t learn how to make emergency landings through trial and error, management teams need to find the time to participate in crisis simulations which prepare them for the unexpected. Let’s not forget the word ‘cyber’ is derived from a Greek word meaning ‘skilled in steering or governing’ and business leaders must learn to be at least as skilled and prepared as the perpetrators of the attack.
This article was originally published by the BAB NETWORK magazine in their November print edition and which can be found online here.