Have you been hacked? The importance of a cyber crisis communications plan
CYBER SECURITY HAS BECOME ONE OF THE HOTTEST TOPICS IN AND OUT OF THE TECHNOLOGY SECTOR. THIS OCTOBER, FOR CYBER SECURITY AWARENESS MONTH, IT IS TIMELY THAT WE LOOK AT THE STATE OF PLAY REGARDING THE INCREASE IN SOPHISTICATED CYBER THREATS AND THE IMPORTANCE OF A COMMUNICATIONS RESPONSE IN A CRISIS.
With the expansion of the digital landscape due to the pandemic and the fallout of high-profile events such as the crash of the New Zealand stock exchange and the Optus customer data breach, there is an endless news cycle that is almost always negative, dedicated to stirring up concerns with the cyber world.
Crises can no longer be seen as one-off events or unfortunate moments in time as cyber security threats continue to change and rapidly increase in frequency. The question is no longer if but when due to the rising number of cyber-attacks, and this aligns with the importance of cyber crisis communications plan.
In the 2020-21 financial year, the Australian Cyber Security Centre (ACSC) received over 67,500 cybercrime reports. An increase of nearly 13 per cent from the previous year. This change is due to the rise in reporting of attacks made by cyber criminals globally and the high-profile nature of the impact of the attacks on the victims.
The Australian government will also review new cyber security reforms off the back of recent attacks that are expected to look at the Privacy Act and the infrastructure that will allow customers and financial institutions to be more swiftly informed when a data breach occurs to halt personal data being used across accounts.
Any cyber attacks can become a pivotal communications issue for a brand if not managed and communicated effectively to the various internal and external audiences. This means being prepared for a breach long before it occurs. WE Communications Brands In Motion study found that 73 per cent of people said they would stop using a product or service if they found out that a brand was using consumer data in unethical ways.
With this in mind and the increase in news and social conversation around a data breach, brands need to aim for the shortest news cycle possible and provide neutral statements promptly to keep relevant parties stay informed. If a brand’s cyber news cycle lasts 30 days, that month can be seen as a long time for your customers, vendors, shareholders, partners, and employees to absorb any negative headlines.
Good communication brings understanding, fosters compassion, and shows people a new way forward. At WE Communications, our framework to address issues and crisis management is built on three pillars of proactive crisis preparedness in developing a cyber crisis communications plan.
Reputation: Proactively building your reputation, at the same time as we’re protecting it, will create a halo of goodwill and credibility with stakeholders. It puts us in a position to intervene early, to mitigate and manage issues before they become problematic.
Resilience: We create reputational resilience by learning from past experiences to improve how we respond in the future. This includes ensuring the plans are in place before any issues arise, identifying whom the brand will need to engage, and what areas may need attention.
Response: Above all else when an issue does break, do not leave a void for others to fill – perception or misinformation can become reality very quickly. Brands have to communicate transparently, regularly, and with clarity. It is important to own the narrative consistently through stakeholder management, media, and public education – but balancing what can and cannot be shared publicly (often for legal reasons) is part art and part science.
Cyber crisis communications plans are not one-size-fits-all, nor should they be. We must work together to ensure we are prepared for and respond to a cyber security incident before, during and after the event has occurred.
For more information about Cyber Security Awareness Month, please see the ACSC website for helpful resources on the 2022 theme ‘Have you been hacked?’ here.
To learn more about our crisis and issues management, don't hesitate to get in touch with WE Communications at [email protected]