Cybersecurity Requires a Strategic Chief Communications Officer

Hackers steal way more than data, if you let them

We’re in the midst of a data explosion, which makes big data big business…and the bad guys want access to it. There are no surprises here; you’ve seen the headlines. Hackers are targeting businesses and individuals alike.

As CCOs, this makes our jobs more important than ever.

Even though I doubt you’re thinking a cyber breach won’t happen at your company, are you actively planning for one? If your company is breached, are you ready to respond? In the case of a natural disaster or product failure, we can look to well-established crisis communications guidelines for our response strategy. But a cyber crisis is different.

A major difference from a traditional crisis is timing. A cyber breach might infiltrate your systems for days, weeks, even months, before you find out about it. In fact, Verizon’s 2016 Data Breach Investigations Report says that in 93% of breaches, organizations take weeks or longer to discover an intrusion. And even then, it’s often customers or law enforcement who raise the flag, not a company’s own security measures. In some instances, companies identify the breach and know criminal activity is taking place, but they aren’t immediately sure of the total impact. It can be a confusing and frustrating situation.

The good news is a well-prepared CCO can make all the difference. We have the unique ability to partner cross-functionally and balance the needs of our c-suite peers with those of our internal and external audiences. We also understand how important real-time updates and authenticity are to maintaining trust throughout a crisis. Ultimately, we are masters at balancing our stakeholder demands for speed and transparency with the internal concerns of Legal, IT, and others, whose main goals are to protect the company and maintain business operations. Backed by a team of skilled communicators, we lead the charge in strategically positioning our companies to move past a crisis as quickly as possible.

We know the way a company responds to a cyber event significantly impacts the total cost of a breach. That’s why it takes PRACTICE to respond successfully. Even though we know our audiences and how to navigate our company’s internal politics, we have to plan. We have to drill with our emergency response teams. We have to discuss different scenarios and talk about our fundamental business principles. And just as we can’t do any of this in one day, we can’t do it alone. We need to partner with our peers within our companies and industries to share best practices, and reach out to our trusted agencies for counsel and support.

It takes strong collaboration because we are up against highly sophisticated adversaries who will stop at nothing to steal financial, customer, and employee data. Most of the time, its stolen data that hits the headlines — not physical money siphoned from company bank accounts. That’s partially why most leadership teams don’t fully understand the true costs associated with a breach. Sure, it’s easy to understand how data theft leads to expenses like notification costs and identity theft or credit monitoring services for impacted customers. Management might also anticipate regulatory fines, lawsuits and expenses to investigate and remediate the problem.

But there is something much more valuable at risk in a hack: TRUST.

Consumers expect organizations to earn their business. They want assurance their personal information is safe and secure; they value companies that invest in sustainable products and supply chains; they want to see organizations show care for their customers, employees and the welfare of humankind; they want to see their favorite brands standing for racial and gender equality. In other words, customers won’t accept irresponsibility in a breach situation. They will take their business elsewhere, and fast.

That’s why the CCO should bring together three topics for discussion — with both the executive leadership team and the emergency response team — to proactively plan for protecting the company’s brand during a cyber crisis.

First, be ready to talk about your learnings from leading reputation management and handling other crises over the years. While cyber is certainly unique, the fundamentals baked into crisis communications guidelines is absolutely helpful in getting others to understand your counsel.

Second, stand behind your company values. People often get wrapped up in details of the particular scenario being discussed. Bring the conversation back to what your brand stands for, what the world expects from you, and what you’ve promised the customer. It sounds simple, but in my experience, this “back to basics” conversation has resolved many highly spirited debates.

Third, study the communications strategies and results of other companies that have been breached. Be able to give your teams real-world examples of what worked and didn’t work. You can use another company’s situation and look at what their long-term brand impact was in order to give your teams clarity on what decision is best for you. Studying and learning from others’ mistakes — and wins — is simply smart.

When your organization is faced with a cyberattack, your c-suite peers will look to you for guidance on resolving the crisis. Through preparation, practice and collaboration across the executive leadership team, we will position our companies — and ourselves — for success.