Data is shaping almost every area of our lives, and companies have been slow to prepare themselves for the dangers of data breaches and other AI dangers.
How should a company prepare for a Cyber Crisis? a Cyber attack? A data breach? What should the company do and say to and respond to such an event?
If Facebook cannot get it right, do you really believe you are prepared?
Recent years have seen a significant number of cyber related incidents affecting companies such as the recent data breaches at BA (British Airways), Yahoo, Marriott, Adult Friend Finder and locally the data breach at Liberty Life.
These incidents share a common thread — they were all data breaches in large organizations. And, each of these incidents resulted in a crisis for the organization concerned.
Fortunately, not all incidents (unwanted events) result in a crisis, but that is entirely dependent on a company’s business practices, incident management system and willingness to respond and deal with the situation.
Furthermore, what investigations and research shows is that most data breaches don’t occur because cybercriminals are leveraging intricate hacking methods to infiltrate companies’ databases.
They occur because companies are turning a blind eye to patchable rifts in their security, like outdated software vulnerabilities, weak passwords, and malware attacks”. Employee Behavior and company practices are not always addressed, and this often increases the risk involved. And, what compounds the situation is that many people think that cyber criminals only target large companies, but smaller businesses can also be affected.
On top of this cyber threats and incidents can come in many shapes and sizes. For instance, just imagine if your point-of-sale- system should go down at month-end due to a technical malfunction or glitch?
What would that do for customer confidence and trust? And, what should a company do and say when faced by a Cyber Crisis?
In an article: “What is a Data breach?” the Hubspot reports that: “Yahoo, Marriott, and Adult Friend Finder experienced the three largest data breaches of all time, all occurring from 2013 and beyond. And between the three of them, almost 4 billion user accounts were compromised.
(A data breach occurs when there’s an unauthorized entry point into a company’s database that enables cybercriminals to access customers’ personal data, like passwords, Social Security numbers, credit card numbers, banking information, passport numbers, driver’s license numbers, and medical records. These cybercriminals use this information for fraud and identity theft purposes).
In 2017, the Identity Theft Resource Center reported a record-high 1,579 data breaches, which is 44.7% more incidents than the previous record high recorded just one year before. Coupled with IBM’s discovery that the average cost of a data breach is a whopping $3.86 million, this prevalent cybercrime could not only plummet consumer trust in your brand but it could also wreak havoc on your bottom line and reputation.
To avoid turning into the next negative headline, it’s crucial you prioritize security at your company by focusing efforts on data protection, and giving your security team the resources needed to shield your customers’ and company’s data from malicious cybercriminals at all times.
It also means that as a company you have to be ready to respond to, mitigate, act and communicate if such an unfortunate event might occur.
Stakeholders such as customers, the media and the general public are increasingly aware of the lack of cyber security best practices and the consequences suffered by those affected by data breaches. Many have had problems with money being stolen, identity theft and company systems being hacked.
When a breach do occur, it is vital that clients are reassured. For customers and the uninitiated, being the victim of identity theft or losing money as a result of a breach can be traumatic. Customers will need reassurance that their interests are safeguarded.
A cyber crisis such as a data breach can thus seriously harm a company’s reputation and competitiveness.
Furthermore, the EU’s new General Data Protection Regulation (GDPR) requires that companies notify authorities of any breaches within 72 hours. In South Africa, the POPI Act brings its own mandatory requirements.
This increased time pressure means companies should have crisis response and communication strategy in place before an incident occurs.
Such a response plan should include awareness exercises, mitigation strategies and even elements of risk communication strategies prior to such an incident.
In the event of a breach, stakeholders will ask what the company did to safeguard data and whether the “reasonable man’ principle was applied.
Companies will need to be ready to show what they have done to prevent, and mitigate the crisis and will need to communicate in a transparent manner with all stakeholders.
International research and experience shows that when there is an incident, crisis communication is key to reduce reputational damages. In order to mitigate the impact a cyber attack can have on a company’s reputation and operational ability; a cyber incident response and communication plan needs to be in place.
Companies therefore have to think “hard and deep” about what they will do to prevent and and how they will communicate when such an incident occurs.Not only should companies have the resources to put sufficient measures in place to protect stakeholders, but these measures should include training of staff, customer education programs and other relevant strategies.
Thee are the topics that will be covered at this one day workshop on the 27th March designed to give your company a leading edge when it comes to such an event.
Maybe it will never happen, but right now statistics show that the likelihood of a Cyber Crisis for any organization is extremely high.
Will your Reputation be good enough to carry such a crisis?. Make sure you have an action and communication response plan.