In February of this year, the 20th annual PWC CEO Survey revealed that 91% of New Zealand’s CEO’s are concerned about cyber-attacks, compared with only 61% globally. In May the validity of these fears was confirmed, with the unprecedented global reach of the WannaCry attacks, which hit companies of all sizes in both the public and private sector in 150 countries. While the immediate price of a cyber-attack is the compromising of technology, the real cost is much higher, with the reputation of the organisation taking a hit. Long after the technical consequences of a cyber-attack have subsided, reputational damage remains.
It was ransomware making the news this month, but it could be anything from data breaches to phishing scandals next. Cyber-attacks are hard to explain and even harder to trace, so blame for the breach tends to be laid on the organisation that was attacked, for a perceived lack of security.
No organisation is immune to cyber-attacks, but they can be handled with reputation management. We need to look at cyber-attacks as a people issue, not a tech issue.
The most important step in securing your reputation against the effects of a cyber-attack is crisis communications planning. A clear plan of action, including messaging, will allow your organisation to front-foot the issue and be proactive rather than reactive. To properly carry out the crisis communications planning, every person in the organisation needs to be in board with the plan. However, having one spokesperson communicating on the issue is key for clarity and continuity of messaging.
Finally, transparency is crucial. Being open with your audience, be it customers or stakeholders, will serve to repair damage done to trust. It may take time to fully understand the implications of an attack, but even the ability to honestly communicate that you don’t know what’s going on will help keep those affected feeling up to date.
Trish Sherson is Sherson Willis’ Strategy Director, and specialises in reputation management.