Frequency, complexity and intensity of cyber-attacks have recorded a sharp increase.
Cybercrime is considered one of the top 5 corporate risks for a reason, according to the World Economic Forum in its "Global Risks Report 2019". This is clear for IT experts. But is this also true for the managing directors and board members? In other words: Is the top management, which is carrying the ultimate responsibility, prepared for cyber crises?
No sympathy for attacked companies
After a cyber incident, the greatest damage potential for organisations does not lie in the technical clean-up, but in an image threat. Hacked companies do not receive sympathy (anymore). All stakeholder groups now show a critical sensitivity to digital attacks. No matter whether end customer, supplier or authority, they all want to know from the affected company’s top management, what effects the cyber-attack will have on them. So the decisive factor for the damage minimization is, how an organization communicates such an incident.
Preventing Reputation Damage through Preparedness
We as consultants see an increasing awareness on the management level for reputational risk issues – and that's a good thing. For the company’s top management it is important to understand the implications of digital risk and to develop appropriate organisational and communication precautions. Once a data leak has been detected, the extent, duration and depth of the attack are far from clear. This ongoing uncertainty poses a great challenge for communications. In addition, unexpected developments or even media enquiries are to be expected, which will require a rapid evaluation and an appropriate reaction. To be able to (re-)act accordingly, a lean, coordinated and flexible crisis team is necessary, which coordinates with the top management. A consistent silence from the company would however mean long term reputation damage and scare off customers and other relevant stakeholders.