“Cyber Insecurity” and Reputation

Ken Makovsky

“Cyber Insecurity” and Reputation

It’s November, and 2017 has just been proclaimed “yet another ‘worst year ever’ for data breaches.” In the first six months of this year, hackers exposed more than six billion records, greater than the number of records compromised in the entire 12 months of 2016. And the number of incidents involving theft of at least 1 million records has more than doubled.

It’s no wonder, then, that increasing numbers of us feel that our personal information is under siege. In a recent Pew survey, a majority (64%) of U.S. citizens said they have personally experienced a major data breach. Roughly half (49%) perceive their information to be less secure than it was five years ago. Study after study affirms the loss of trust in institutions due to handling of data breaches. And this means loss of reputation.

To say the obvious, just as private individuals can be profoundly affected by a data breach, so can companies. However, crisis management in this area has been spotty, according to various sources from tech providers to the Harvard Business Review (which published an excellent article this year on cyber crisis planning that I recommend).

However, I am happy to see that REPUTATION has finally been recognized around the world by companies as a potential existential risk in a breach incident that needs to be planned for and managed with gravitas alongside three other categories of risk: financial, legal, and regulatory. This is according to a global survey commissioned by Kroll, on the state of managing cyber risks.

I believe that of the four major risks, reputation may be the most challenging. That’s because reputation takes a beating at the very early stages of cyber crisis response, around disclosure.  If an organization doesn’t have its ducks in a row with planning, it is likely heading for a disaster. Such was the recent case with Equifax, a leading credit-monitoring company.

As widely reported, the Equifax breach exposed personal information of 145.5 million consumers in the U.S. and abroad. Within a few days of disclosure, the company experienced a 40% drop in stock value. Consumers were upset because they couldn’t get through via phones or the website to sign up for a credit freeze. The CEO resigned, and then other senior executives departed. The company took a one-time third-quarter charge of $87.5 million for legal costs, cyber forensic investigations, and free credit-monitoring services. And it described how it would try to stanch the flow of fleeing customers.

And that wasn’t all of it.

Clearly, the fact that data breaches can do great harm to a company’s reputation shouldn’t come as a surprise to businesses anymore. So, get ready. Hopefully, these situations will motivate companies to establish a cohesive  strategic plan that addresses potential cyber crisis scenarios, combined with technology and resources that help protect the company and its stakeholders.