Associate Professor, Cyber, University of Kent, Jason Nurse has disclosed that companies must display empathy to protect their brands whenever a breach occurs.
Nurse disclosed this on Tuesday, November 17, while speaking on ‘’ How to Protect Your Company Brand if a Breach Occurs’’ at Sophos Evolve 2020 Cybersecurity Summit.
He said the reality is that businesses need to be prepared should the worst happen, both technically and in how to manage the fallout.
Jason, in his extensive research, suggests that companies still don’t know how to respond effectively to the public and media as regards the unforeseen occurrence.
Talking about when to address cybersecurity incident or data breach by a company, the associate professor said it should be discussed as fast as possible.
In his keynote, he shared a practical playbook for effective communication after cybersecurity incidents.
The playbook read in part: “A major cybersecurity incident can represent a cyber crisis for an organisation, in particular because of the associated risk of substantial reputational damage.
As the likelihood of falling victim to a cyberattack has increased over time, so too has the need to understand exactly what is effective corporate communication after an attack, and how best to engage the concerns of customers, partners and other stakeholders.
On the morning of 23rd October 2015, the Chief Executive of TalkTalk, a major UK telecommunications provider, featured on BBC Radio Four’s Today Programme.
The organisation had just discovered a data breach and subsequently wanted to inform its customers. During the radio interview, however, she had to admit to not knowing whether the data lost was encrypted (Khomami, 2015a).
This apparent lack of knowledge resulted in criticism both in social (BBC Radio 4, 2015) and traditional media (Khomami, 2015b).
Other public statements trying to compare the organisation’s cybersecurity capability favourably against competitors and the application of early termination fees to those customers wishing to leave were similarly admonished (Cluley, 2015).
Days later, a UK House of Commons enquiry had been convened (BBC, 2015b) and the firm was subsequently fined £400,000 by the UK Information Commissioners Office (ICO) (ICO, 2016).
Although the enquiry and ICO investigation found significant deficiencies in TalkTalk’s cybersecurity, the organisation’s approach to public communications has also drawn criticism (Maddocks, 2015) and is likely to have made the situation worse.
Similar deficiencies in communication can also be witnessed more recently in other high-profile cases such as the Equifax breach in 2017, and the Travelex cyberattack in 2020.
Whilst it is a key task of cyber security professionals to prevent such attacks, no system is totally secure, so it is important that if a breach occurs organisations respond appropriately.
The way that businesses communicate to their customers and external stakeholders following a data breach can impact their share price and reputation to such an extent that they can be considered cyber crises (Wang and Park, 2017); these also have further implications for the business’ continuity and resilience.
Buy Cheap MTN, Glo, 9Mobile, Airtel Data VTU Services, Check out the best offers for you Today