Of all the Crisis categories – natural disasters, human error, ethical lapses, product recalls -Cyber is growing the fastest and exponentially. A report by non-profit Identity Theft Resource Center shows from 2014 to 2015:
- Breaches rose from 783 to 3,930
- Records exposed jumped from 85 million to 736 million
- Estimated financial losses from compromised records leaped from $400 million to $14.9 billion
The report recommends five security principles CEOs should take direct responsibility for. These include:
- Heightened employee “security IQ”
- Faster response time
- Managing employee owned devices at work
- Protecting intellectual property
- Applying data analytics to everyday security operations
No longer is there any sympathy for a company whose data is hacked. The question is: why didn’t you prevent it? The cliché is rampant: There are only two kinds of organizations – those that have been hacked and know it, and those that have been hacked and don’t know it.
We recommend the following cyber-attack communications steps:
- Prepare: All crisis plans need to be audited for Cyber components. Crisis response drills and simulations to test organizational communications protocols must contain elements of a data breach.
- Monitor: Watch and learn from other data events.
- Team: A cross-functional team needs to be in place. For Cyber, the lead is often the CIO, CISO (Chief Information Security Officer) and IT staff. They need support from senior management, communications, HR, IR, business unit or program heads, and legal to expedite decision-making and ensure consistency of messaging.