Cyber security professionals and organisations are under significant pressure with a rapidly evolving threat landscape, increased threats from nation state sponsored actors, the offensive role AI can play in cyber-attacks and the increased availability of cyber exploit kits. Part of the challenge is that the everyday detection and prevention of cyber-attacks does not make headlines but does contribute significantly to the performance and resilience of customers and the global economy.
To address these challenges, cyber security companies need a best practice approach to major incidents.
Engage PR specialists to protect reputation and maintain trust
Public relations organisations specialise in managing communications to the media, stakeholders, and the public during a crisis. They are well placed to develop a crisis communications plan, working closely with cyber incident management experts, to ensure the cyber security organisation is prepared for a variety of eventualities. Management of communications across a wide range of channels further complicates the situation, with social media and other digital channels often voicing speculative views or even misinformation on the causes of an incident. Setting up a dedicated communication channel ensures there is a trusted source of information during the crisis. The speed and accuracy of communications during the incident is critical to maintain trust and help to protect the organisations’ reputation.
As a pro-active measure, PR specialists can highlight the positive contributions made by the cyber security organisation, demonstrating the number of attacks prevented and mitigated. More widely, as a profession, we do need to communicate the positive benefits cyber professionals and cyber tools bring to the global economy. Reliance on complex cyber security terminology and acronyms can confuse the messaging. There is a need to provide tailored messaging to different audiences such as the general public, senior executives, specialist press and news media.
Develop business models to include insurance and compensation
The increasing complexity of cyber defences does mean that incidents will occur, either through human error, the discovery of new vulnerabilities in software or a multitude of other factors. Cyber security organisations need to consider business models to give customers confidence that if the worse does happen, there is some form of recompense. Cyber insurance can cover the costs of business interruption, forensic investigations and costs of notifying parties impacted by a data breach. Offering cyber insurance gives customers the option to buy additional services beyond the standard product.
Alternative models could include service credits or free-usage periods to compensate for losses. These are, however, unlikely to provide enough recompense for a high impact outage. Inappropriate levels of compensation can result in further brand and reputational damage.
For more, click here.