According to PwC’s 2017 Global CEO Survey, cyberthreats have become a major focus of C-suite management, with almost two in three CEOs rating it among their top five concerns.
Recent cyberattacks including WannaCry and Petya disrupted or halted operations at companies ranging from Mondelez, Merck, and Maersk to WPP.
IBM and Ponemon’s annual Cost of a Data Breach Study says one in four companies will suffer a databreach this year. Whether it is state-sponsored espionage or terrorism, hacktivist social justice advocacy, or criminal data-theft and ransomware, all companies, institutions, and governments must plan accordingly.
Communicators should lead in advising C-suite colleagues, clients, and boards about how to prepare for and manage cybersecurity issues.
This work encompasses actions that prevent hacking and breaches; developing tools and rehearsing rapid-response plans to assist with business continuity; managing reputation, including misinformation, negative news coverage, and social media criticism; and restoring trust, confidence, and reputation.
Cybersecurity is a shared priority across executive management, not the sole responsibility of the chief technology officer. Strong strategic preparation and response require a dedicated team of leaders from IT, business operations, finance and investor relations, HR, legal and compliance, and, especially, communications – working closely as equal players.
Communications must be a strategic partner on this team in helping develop detailed plans and solutions for cyberattacks, rather than just a tactical service to create messages, distribute information, and respond to media enquiries.
Chief communications officers and their agency advisers can work with HR and IT to develop training and comms programs that create internal cultures of cybersafety, where employees clearly know the do’s and don’ts of working with company computers, networks, and proprietary data.
They can also help to maintain business continuity and vital communication when cyberattacks shut down company networks and operations. This includes establishing alternative outside comms channels such as individual Gmail accounts, and using company Twitter, Facebook, LinkedIn, and Medium pages to share facts and status updates with employees and important customers, investors, media, and influencers.
Initiate mock cyberattacks, rehearse roles and planned actions, test comms channels and key messages, and refine approaches based on what is learned.
Most importantly, comms professionals must lead in helping companies and colleagues respond quickly to cyberattacks and frequently share status, impact, and expectations of resumption of normal operations.
When company leaders don’t respond quickly, they unwillingly create a chaotic information vacuum that perpetuates harmful rumors and confusion. Facts always matter and speed is everything.
Post-attack, share facts about how it impacted business and customers, how issues were resolved, and how company actions strengthened its cybersecurity capabilities.
Strategic communications planning, internal collaboration, and rapid, fact-based storytelling are highly effective in helping companies and senior leaders manage today’s inevitable cyberattacks and restore reputation and improve trust.