Contact Us

Continuity Insights Management Conference

Cyber-Crises Are Never “Just an IT Problem”

Continuity Insights

CyberDisaster RecoveryEnterprise Risk Management

By Tony Jaques PhD:

Online data failures and ransomware attacks are emerging as a leading deadly threat to reputation – yet some organizations still seem to be treating them mainly as IT problems.

While cyber-crises are nothing new, experts say they are increasing in frequency and scale. Consider the ransomware attack on Colonial Pipeline which shut down fuel supplies across the East Coast of America, and the attack on JBS Meats which disrupted 47 facilities in Canada, USA and Australia.

Or the global impact of system failures in June at US-based cloud network providers Akamai and Fastly which shut down thousands of companies across the world.

Russian-linked hackers were reportedly paid $4.4 million by Colonial and $11 million by JBS. But for every ransomware case that makes the headlines, many small, or medium sized companies prefer to keep their crises under wraps. Indeed, internet security experts Kaspersky have reported that more than half pay their hackers.

There is a good financial reason to comply. In a notorious case in 2018, the City of Atlanta declined to pay a ransom of about $50,000. Instead, their recovery efforts cost more than $2 million on crisis PR, digital forensics and consultants. And in Australia, cyber-security incidents overall cost businesses an estimated $29 billion every year.

However, the reputational risk is also high. Despite regulators and law enforcement urging transparent reporting of cyber-crime, organizations fear the possible impact of cyber-shaming on share value and brand trust. And they know a breach resulting in loss of consumer personal data can trigger a multi-million-dollar class-action lawsuit.

So why are cyber-crises so damaging to reputation?

  1. They are so visible. Although some organizations try to hide or minimize data failures and ransomware attacks, social media in particular has made it increasingly difficult to avoid scrutiny.
  2. So many people are affected. Inter-connectedness of modern business means some cyber-crises directly affect millions or even tens of millions. For example, when bank or supermarket systems go down and people can’t access their own money or pay bills or buy groceries, the impact is immediate and widespread.
  3. They are such an easy headline. Cyber-crises are natural fodder for critical headlines and brand shaming, even though some of the world’s biggest news organizations were themselves brought down by the Fastly failure.
  4. They are perceived as preventable. Regardless of the technical cause, and whether or not foreign agents are responsible, the reality is that – rightly or wrongly – it’s the big brands and household names which get blamed for failure to prevent the problem.

Too often organizations fall back on default messages such as “It was outside our control” or “We were just one of many companies involved” or “We regret any inconvenience.” These may seem tactically smart but reflect little appreciation of the reputational damage involved. Look no further than the Commonwealth Bank, which attempted that approach but could not escape reputation-sapping headlines last month which highlighted their customers had suffered three system outages in just three weeks.

The challenge for issue and crisis managers is that customers often see cyber-crises simply as a failure of service. They will more likely blame their own supplier, not a previously unknown cloud-based operator on the other side of the world, or some anonymous Russian and Chinese hackers.

Moreover, judgement can be harsh. For example, one pre-pandemic survey across the USA and Europe found three-quarters of consumers would stop engaging with a brand online following a breach, and half would not sign up for an online service that had recently been breached.

As Deb Hileman, CEO of the Institute for Crisis Management, recently asked: “Is your business at risk for a Cyber Armageddon? Yes. What are you doing about it?”

A Parting Thought
“Whether we like it or not, data security risks have entered the reputation management and crisis communications field.” Philippe Borremans

Learn more about Reputation Risk in Tony Jaques’ new book, Crisis Counsel: Navigating Legal and Communication Conflict.

About the Author: Tony Jaques PhD, Director of Issue Outcomes Pty Ltd, for people who work in issue and crisis management, is the author of Crisis Counsel: Navigating Legal and Communication Conflict.

CLICK HERE TO DOWNLOAD A FREE CHAPTER VIA ROTHSTEIN PUBLISHING.

LinkedInFlipboardPinterestRedditSMSWhatsApp

New Webinar: Enterprise Resiliency During a Severe Weather Crisis

Capability-Building: Getting Learning Programs Right

Continuity Insights

Similar Articles

Building a Crisis Communications Team

By Jennifer March, Vanguard – Warren Buffett once famously said, “It takes 20 years to build a reputation and five minutes to ruin it.” A crisis communications team, as part …

AI Apocalypse

Which States Would Fare Best In An AI Apocalypse?

Confuse The Machine used advanced AI analytics to determine which U.S. states are best equipped to withstand a hypothetical AI tech uprising.

Free Chapter: No Successful Crisis Response Begins on the Day of the Crisis

Now, more than ever, today’s executive needs to be prepared to take quick action to annihilate crises before they happen. Executing Crisis: A C-Suite Leadership Survival Guide is made for …

Leave a Comment

Address

Group C Media, Inc.
The Galleria, 2 Bridge Avenue, Suite 231
Red Bank, NJ 07701

Contact

800.524.0337

info@groupc.com

Newsletter

Read the latest news and information for business continuity professionals. Get information on new products and services from manufacturers and service providers to the industry. Learn More.

© 2024 Continuity Insights

About Contact Privacy Policy Terms of Use Advisory Board Advertise
Share to...
BufferCopyFlipboardHacker NewsLineLinkedInMessengerMixPinterestPocketPrintRedditSMSTelegramTumblrVKWhatsAppXingYummly