vectorfusionart - stock.adobe.co
Cyber crisis? How good PR can save your brand
Cyber attacks and data breaches can happen to anybody and often bring reputational damage and a loss of customer trust. How organisations publicly respond to such incidents can make or break them, and the importance of a good PR strategy cannot be underestimated
In today's business environment, cyber security threats are a constant and evolving challenge. From ransomware and phishing attacks to data breaches and advanced persistent threats (APTs), the digital landscape is plagued by risks that can severely disrupt operations and damage reputations.
Companies are no longer just fighting off isolated hackers tinkering away in their parents' basements; they are up against organised cyber criminal groups for whom disrupting businesses is just another day at the office.
Now, imagine your company's firewall gets breached. Suddenly, sensitive data is flying out the door faster than you can say “customer trust”, which, by the way, is plummeting. And your brand reputation? Hanging by a thread. Given this reality, the importance of a well-defined PR communication plan cannot be overstated. In this article, we will outline the key cyber security threats facing businesses today and emphasise the critical role of PR in responding to these incidents.
Demystifying cyber attacks
Understanding the various types of security incidents businesses face is critical for crafting effective responses. Let's explore five of the most common cyber threats encountered today.
- Data breaches
Where sensitive information like customer details or trade secrets get exposed. It's a trust-killer for businesses because customers and partners feel betrayed, plus the legal fallout can be hefty. - Ransomware attacks
Simply put, ransomware attacks are when someone locks up your computer files and demands money for you to regain access to them. These attacks can cripple businesses and individuals by preventing access to crucial files or systems until the ransom is paid or alternative solutions are found. - Denial-of-service attacks
Attackers flood the target with a huge amount of traffic or requests, overwhelming its capacity to respond to legitimate users. This results in the website or network becoming slow, unreliable, or completely unavailable to users trying to access it. - Phishing attacks
Where attackers trick employees or customers into giving up confidential info. It undermines trust and can lead to financial losses if sensitive data falls into the wrong hands. - Insider threats
This is the digital version of a Trojan horse scenario, where someone with inside access misuses it. It's not just about data theft but also the breach of trust with your team and customers, which can be catastrophic to recover from.
The importance of a predefined crisis communication plan
Be upfront, be fast. A proactive and transparent approach to communication is the key to keeping customers on your side when phishing scams or data breaches come knocking.
A predefined crisis communication plan serves as a roadmap for how an organisation will communicate with stakeholders, media, and the public during a security crisis. It ensures clarity, consistency, and timeliness in messaging, which is critical in mitigating negative impacts and maintaining trust. Here are the key elements that should be included in such a plan:
- Designated spokesperson
This is your go-to person, trained up and ready to go in crisis comms. They're not just delivering messages; they're the face of your organisation during tough times. Think authority, empathy, and that reassuring character that says, "We've got this covered.” - Communication channels
You've got to be everywhere at once these days! From classic press releases that lay out your stance to social media where you can respond to questions in real-time, and of course, your company website acting as the nerve centre for all things crisis-related. These channels ensure you're spreading accurate info like wildfire, squashing rumours, and showing everyone you've got this under control — or at least that you’re working to take it back. - Escalation procedures
Don't wing it! Clear escalation procedures act like a roadmap, showing exactly when and how to step up your crisis communication. This means knowing when to crank up the messaging volume or frequency, bring in extra firepower (experts and stakeholders), and adjust your approach as things unfold.
Read more about incident response
- What goes into a good incident response plan, and what steps should security professionals take to ensure they are appropriately prepared for the almost inevitable attack, and secure buy-in from organisational leadership?
- The high-rolling city of Las Vegas experiences unique cyber security challenges rarely seen elsewhere. CIO Mike Sherwood reveals how he turned to Darktrace to help address incidents quicker and with confidence.
- Organisations need to take a focused approach to gain visibility into targeted threats for cyber-risk mitigation and incident response.
Responding during the crisis
A cyberattack can unleash a wave of confusion and uncertainty. However, clear and consistent communication can be your life raft, keeping stakeholders informed and building trust during this critical time. Let's delve into three key strategies for weathering the storm, drawing valuable lessons from real-world case studies.
- Act quickly
A cyberattack can unleash a wave of panic and scrutiny. In 2017, Equifax, a major credit bureau in the United States, experienced a massive data breach, exposing the sensitive personal information of millions of Americans, including Social Security numbers, birth dates, and addresses. Equifax didn't exactly jump at the chance to tell everyone. Weeks went by before it finally acknowledged the breach, leaving everyone in the dark. This fuelled public anxiety and left consumers feeling like their personal information wasn't adequately protected. As you can expect, the public backlash was immense. Regulatory bodies responded with hefty fines for Equifax's failure to safeguard consumer data. Ultimately, the company's reputation was tarnished. - Be transparent
Equifax can learn from Norsk Hydro's experience during its ransomware attack in 2019. The aluminium industry giant didn't go dark; instead, it issued a clear and concise statement immediately acknowledging the cyber attack. As a result, the media praised its honesty, customers remained loyal, and their local community rallied around it. Moreover, the organisation used the incident as an opportunity to enhance its cyber security measures for the long haul. - Focus on user impact
Uber's 2016 data breach stands as a cautionary tale for any company handling sensitive user information. Back in 2016, hackers snagged the personal info of a whopping 57 million users and drivers. Instead of disclosing the breach promptly, Uber attempted to cover it up by paying the hackers. By downplaying the seriousness of the situation and focusing on money over people, Uber forgot about the users it put at risk. While Uber has recovered financially, it took time to rebuild trust with users. The data breach served as a wake-up call for the company, forcing it to prioritise data security and user privacy.
The bottom line
In today’s fast-paced digital landscape, cyber threats can hit your business hard. Whether it’s a data breach, ransomware attack, or phishing scheme, the fallout isn’t just about lost data; it’s about lost trust and a bruised reputation. That’s why having a solid PR strategy is absolutely crucial. By being upfront, quick on your feet, and keeping your stakeholders well in the loop, you can navigate these challenges.
Ed Coram-James is CEO at Go Up, a London- and LA-based search marketing and SEO consultancy with clients including major brands such as Hackett and John Lewis.
