Data breach: where reputation is won or lost

The issues of data breach and cyber security have rarely been off the news agenda in recent weeks, writes Tim Luckett of H+K Strategies.

Cyber security needs to be brought into the boardroom fast, writes Tim Luckett
Cyber security needs to be brought into the boardroom fast, writes Tim Luckett
From the Talk Talk breach – its third this year – to the "internal problem" M&S experienced last week, the issue undoubtedly qualifies as headline news. And the ramifications are severe. 

The financial cost of data breach is significant with large companies facing an annual bill in excess of £2m. 

Legal changes rolling out from 2016 are set to hit companies where it hurts, with fines for data breach increased from the current limit of half a million pounds to somewhere between two and five per cent of annual turnover. 

But the most crucial element of upcoming EU legislation, from a reputational perspective, is that companies will have to report breaches and proactively publicise those breaches to affected consumers. 

That will inevitably result in some businesses having to release information before they even have the full picture themselves.

When a hack or breach happens, the ramifications reach right to the top, as the former CEO of Ashley Madison quickly discovered. 

The comms, operational and legal responses to data breaches must go hand-in-hand and careful planning is key to mitigating reputational damage, enabling CEOs to respond quickly and appropriately when an attack happens. 

The public will scrutinise how a company handled the breach, just as much as the fact it occurred in the first place. 

Moreover, senior executives need to educate employees on data management and security. However diligent companies are in building IT defences, this could all be for nothing if employees or third-party contractors aren’t trained on what’s needed of them. 

Something as simple as sharing a password, sending confidential work to personal emails or using the same log-in details across different accounts can open up a world of possibilities for a hacker. 

A major problem businesses face is a lack of operational awareness of these issues at senior level and breaches often magnify other challenges facing a company, such as failed investments, weak leadership and outdated infrastructure. 

Cyber security is no longer an IT issue. It needs to be brought into the boardroom, and fast. 

Preparing for and mitigating against data breach should be a core part of the company’s business strategies for all companies.    

With some industry experts predicting that 2016 will see the first corporate bankruptcy as a result of a cyber-attack, businesses need to act now to properly protect their organisations and their reputations.
Tim Luckett is the global chair for issues, crisis and reputation management at H+K Strategies

Would you like to post a comment?

Please Sign in or register.