ctrl/shift: Business and Cybersecurity ... It’s About Protecting Your Reputation with All Stakeholders

Kevin Donahue   |     April 23, 2024

Editor’s Note: ctrl/shift is Falls & Co.’s video and blog series that provides perspective and insights to help business and civic leaders effectively manage emerging issues that have the potential to negatively impact their organizations, their people, and their communities.

In our digital age, a cyberattack isn't just a potential threat demanding an IT fix – it's a potential crisis that can shake customer confidence, tarnish your reputation by creating trust issues with your stakeholders, cost you big money, and harm your business long-term. Most companies have an IT security strategy in place to manage technology. But is it enough?

Imagine this: A hacker breaches your system, exposing sensitive data. As your IT team scrambles to contain the damage, stop the attack and put your servers back online, the crisis spirals. Customers are outraged, employees are in the dark, regulators are clamoring for answers and all stakeholders are rapidly losing confidence.

The costs are staggering. Cybersecurity Ventures predicts that global cybercrime costs will grow by 15% over the next year, reaching $10.5 trillion USD annually by 2025, representing the greatest transfer of economic wealth in world history. According to IBM’s Cost of a Data Breach 2023 Report, data breaches cost companies $4.45 million on average in 2023. That’s a 15% increase from 2020. And that's just the financial costs. The real damage? Loss of trust, negative publicity and damage to your organization’s brand.

It's not just about fixing tech, it’s about cybersecurity planning

Fixing the tech is critical – but that's just the first step. The real battle is protecting your reputation and rebuilding trust. This means communicating with all stakeholders quickly and appropriately. There are steps you can take to start building a cybersecurity strategy and protect your organization’s reputation before a cyberattack happens.

1. Know if the new SEC cybersecurity rules apply to your organization. In July 2023, the SEC announced that public companies must disclose material cyber incidents within four days. They must also provide detailed governance information annually.
2. Know how to effectively communicate the breach details and impacts to customers, employees, retirees and all impacted stakeholders. To be successful, these communications need to start as soon as possible once you have credible information and guidance on next steps for those impacted. What will you say and how are you prepared to help those impacted to restore confidence and avoid compliance penalties in all the jurisdictions where you do business?
3. Understand the varying reporting requirements and regulatory demands by state, region, and country.
4. Know how well your organization will respond to the cyberattack before it happens. Test your ability to not only navigate the IT challenges, but the reputational risks that can have a long-term impact on your company.

It’s about crisis preparedness and reputation management

Cybersecurity isn't just an IT problem – it's a multidimensional crisis that demands a comprehensive approach covering communications, compliance and more. To effectively manage a cyberattack, you must prepare your organization ahead of time to bring your Crisis Management Team (CMT) together early on, engage leadership and make good decisions quickly.  Here are a few questions to help determine if your organization is prepared to protect your reputation, stakeholder relationships and your business in the wake of a cyberattack:

1. Does your cybersecurity plan lead to an overarching crisis management plan that not only engages your IT team, cyber security forensic experts, and legal counsel, but also your leadership team, HR, risk managers and communications team (and others)?
2. Do you have a customized roadmap to help guide your response, from regulatory disclosure support to message templates and stakeholder mapping?
3. Have you pressure-tested your full cybersecurity response protocols, including crisis communications, to ensure you’re prepared to fully and effectively respond in the event of a cyberattack? 

If the answer to any of these questions is no – or you’re not sure – now is the time to act, because in today’s world, it’s not a question of if a cyberattack will occur, it’s a question of when.

At Falls & Co., we offer diagnostic cybersecurity tabletop exercises to pressure-test your team's readiness with interactive scenarios tailored to your business. This proprietary strategy helps identify any gaps in your organization’s structure and protocols. We also provide rapid response crisis communications support, working in partnership with your IT, legal and compliance teams.

Contact us to learn more.

Watch more ctrl/shift videos:
•    Navigating the Rapidly Evolving AI Landscape
•    New Video Series ‘ctrl/shift’
If you have a topic or idea that you'd like us to address in future ctrl/shift videos, please let us know by completing the form below.

---