Protect Your Brand in a Cyber Security Breach
As businesses constantly invent new ways of using digital tools to broaden their customer bases and work more efficiently, cyber attacks are also getting more sophisticated — and more common. Pareto Cyber, a Roger That client specializing in proactive cyber security solutions, reports that businesses are targeted by cyber attacks every 39 seconds. On average, a successful data breach costs a business $3.9 million.
The less quantifiable but often more persistent cost of a cyber attack is the hit to a company's brand reputation when word gets out. Stephanie Schlesinger of HawkPartners, a marketing strategy and research firm (and another Roger That client), says it all comes down to trust.
"Worst case scenario is that customers lose all trust with that company or brand. That's mission critical. If your customers can't trust you ... that's one of the most massive losses a company can experience," she says.
The good news is that when cyber attacks do happen, a brand can be remarkably resilient if it’s armed with a cyber security communication plan including preparation, quick response, and transparency.
How does a cyber security breach happen?
Chad Hayden, co-founder and chief strategy officer of Pareto Cyber, explains that data breaches are usually caused by vulnerabilities in access management, patching, and security awareness. He says phishing is the most common method attackers use to gain access to an organization’s environment. In a phishing scheme, an attacker contacts people in the organization under false pretense – posing as a trusted vendor or authority figure, for instance – and tries to trick them into sharing information the attacker can use to get access to the organization's system.
What the attacker does once they've gained access to an organization's system depends on their motives, the size of the company, and the industry it's in.
For small- to mid-market organizations, Chad says attackers are usually financially motivated and so ransomware is the most common form of cyber attack. Ransomware is basically software that locks a company out of mission-critical systems or seals away sensitive information until the company pays a ransom to get it back.
Larger companies that handle a lot of consumer data, on the other hand, may be targeted by attackers that want to sell that data to other groups who in turn target their customers with things like identity theft and credit card fraud.
While a brand can take collateral damage from any type of cyber security breach, sometimes the brand itself is the target. Attackers can use emerging deep fake technology to impersonate a company leader, spread disinformation or create a scandal. Attackers may be attempting to harm the company's brand to make a social statement or to disrupt supply chains, for example.
The bottom line, Chad says, is that cyber attacks could happen to anyone.
"Every company's going to have a breach at some point. It's going to happen. But if you're able to limit the total number of systems or the total amount of data they can get access to, you're really lowering the overall blast radius for any event that occurs in your environment," he says.
Be prepared for anything
From a technical standpoint, there are many preventative measures a company can take to bolster their cyber security and protect their systems from a potential attack. Chad and his team share a ton of great information on the Pareto Cyber blog about cyber security tactics, building a secure IT infrastructure, and the importance of creating a culture of cyber hygiene.
From a reputation perspective, the best protection for your company's brand when a data breach happens is to have a solid foundation of authenticity with your customers. Authenticity and trust go hand-in-hand—if your customers believe you mean what you say, then you're starting from a much stronger place to win back their trust after it's shaken by a cyber security breach.
HawkPartners recently released its latest Brand Authenticity Index, which identifies characteristics that help a brand stand out as authentic in consumers' eyes. A few of those characteristics – explicitly moral, brutally honest, and unapologetically transparent – would clearly come in handy in the aftermath of a data breach.
"Make sure you're staying true to your brand's values through every step, regardless of the situation," Stephanie recommends. "If you are rooted in your values, that can always be your guiding light."
Stephanie recommends building out an agile crisis communication strategy that can adapt to fit all sorts of scenarios. Have your communications team work with your IT partners to understand all the possible ways a cyber attack could go down, and prepare responses accordingly. If you have a plan at the ready, you can react immediately and confidently when time is of the essence.
Chad adds that it's a great idea to practice your response to a data breach. Better yet, include your third-party technology and communication partners in those exercises. "It's just like anything else—the more you do it, the better you are at it," he says.
Respond quickly and with transparency
When a cyber security breach does happen, communicating with honesty and transparency is critical.
"Consumers are acutely aware of when brands are being honest and transparent," Stephanie says. "Communications teams dealing with something like this really need to take that to heart and not try to sugarcoat anything."
When communicating with customers or with the general public about a data breach, be transparent about what happened, what steps you're taking to remedy it, and what ramifications the breach may have for customers.
"Being a partner with the consumer and helping them navigate any issues that may arise is hugely beneficial in terms of re-establishing the trust relationship," Stephanie says.
Ideally, you want your customers to hear it from you first if there's been a data breach at your company that could impact them. That allows you to lead the conversation and take some control over the narrative. Cyber security incidents develop quickly—and you may not have all the information right away. That's where that preparation pays off. Even if your first communication is simply that you had a cyber security breach and you're investigating the extent of it, that says loud and clear that you have the situation under control.
Make authenticity your brand’s shield
At RogerThat, we believe that a strong brand is the foundation that lets our businesses withstand hard times. None of us can predict when something like a cyber security breach could happen, but we can do our best to be standing on solid ground if it does.
There's no time like the present to take a hard look at your brand, your website, and what kind of relationship you’re building with the customers who put their trust in you.