Companies operating in the Asia Pacific region know that strong cybersecurity protection is vital in a region and at a time, when attacks are escalating. Data released by Singapore’s Cyber Security Agency (CSA) provides evidence that cyber threats not only increased in 2019 compared to 2018, but accelerated significantly during the early days of the COVID-19 pandemic in 2020.
Smart business leaders today must be aware that the effects of a cyber attack will be significant across all areas of their operations and all geographies. To add to the challenge, with cybersecurity laws varying from country to country, companies with regional or global operations must adopt policies that protect customers and are compliant with each country’s regulatory developments. Financial losses, operational downtime and reputation hits are all consequences of a breach that can cause potentially irreparable damage to brands.
Research of security leaders in the region indicates that the costs of a breach are higher in the Asia Pacific than in other parts of the world, with a higher percentage of organisations experiencing more than 24 hours downtime and paying more money after a breach. While this can be devastating to a business, changing customer perception after a breach can prove much more difficult in this digital age. Global research suggests that customer loyalty suffers after a cybersecurity incident as customers lose trust in brands that fail to protect their personal information.
Protecting Brand Reputation Before a Cyber Attack
As with any crisis, planning needs to start long before any incident and while we all like to think it will never happen to us, no company is ever going to be immune – so “anticipate the worst and prepare” is the best policy. Human error and malicious insiders are the most significant threats and then, as recent studies show, even knowing what is the right behaviour, employees put data at risk for the sake of convenience or productivity.
The Covid situation and the massive shift to remote working has put already stressed IT departments under increasing pressure to identify network vulnerabilities. Smart operators are proactively educating employees about cyber threats; investing in new technology solutions to secure and better manage authorized access to it and implementing rapid response initiatives to shorten threat detection and response times.
So while all these in-house technology and workflow processes initiatives are being put in place, communications is the next most important part of the crisis management plan. Customers and partners are probably willing to concede that cyber attacks will and do happen; the recent hacking into several global billionaire’s Twitter accounts is proof of that, but they do want to know that your organisation took every possible measure to manage the risk and be responsible.
Crisis Communications is all about building and accumulating credibility and goodwill in advance of any crisis so that if and when anything happens, there is traction with the most important publics of any organisation. Plans need to identify (and train) the spokespeople; build and test out the cascade mechanisms to get information out to people when usual communications channels may be disabled or compromised and of course, how to mange the flurry of queries coming from the media when customers are all baying for blood.
Communications Tips for Your Organisation’s Cybersecurity Approach
Prepare and publish your company’s cybersecurity policy which spells out in detail the behaviour and action items expected from all stakeholders within the organisation and the supporting systems.
Announce your organization’s support for, or alignment with, new cybersecurity laws passed in the region. Raising awareness of the efforts being made locally to protect customers is important in raising overall confidence in the evolving ecommerce space.
Collaborate with partners, providers and other third parties on case studies that emphasize the attention paid to cybersecurity in every business process. As the saying goes, you are only as good as the company you keep.
Participate in local and regional awareness initiatives, and industry-wide efforts to enhance cybersecurity (e.g. virtual events and webinars). This helps to highlight industry experts within your organization, and allows communicators to expand on the issues that support your brand’s message.
Share and amplify “best practice” information to educate partners and other relevant stakeholders. All stakeholders involved have a role to play in reducing cyber crime. A great way for companies to do this is by helping to disseminate useful, relevant information about ways to reduce security breaches.
Be transparent about efforts to protect customer data, and quickly disclose when breaches occur. This is vital in maintaining the trust of your customers and reducing the response time when a company is hacked.
Draft a media statement for immediate distribution in the eventuality of any data security breach. This may be a very short acknowledgment of the issue to demonstrate that your organisation has taken control from the outset. Updates can be prepared as the impact becomes apparent.
When a security breach does occur, these simple steps will demonstrate that the company was committed, proactive and transparent about cybersecurity practices. Most importantly, they will help instill confidence in consumers that steps to protect personal information were taken to the best ability of the organisation which is possibly the most anyone can ask.
Contact us to prepare a Cybersecurity Communications Plan for your organisation and learn more about how your organization can make this challenge into a reputation-building opportunity.