Communications is a crucial aspect of crisis management after a cyber attack

07 June 2019 Consultancy.co.za

A carefully devised communication strategy is crucial to damage control following a cyber attack, according to Partner and Head of Brunswick South Africa’s Johannesburg office Marin Bidoli. Failure to manage communications in such a scenario only compounds the damage, she said at the ITWeb Security Summit 2019. 

The digitalisation of business practices across the globe has brought growth and efficiency on the one hand, while generating significant new vulnerabilities on the other. Business that handle personal and financial data have come under a barrage of cyber attacks in recent years.

The Equifax scandal in the US is the prime example of such an attack, wherein sensitive data relating to nearly 150 million people across the world was compromised after the credit rating company’s systems were hacked into. Equifax suffered major loses as a result, as do most firms that undergo such an attack.

According to Bidoli, these loses can be cut by a substantial degree if the communications in the immediate aftermath of such an attack are handled proficiently. Bidoli works at Brunswick South Africa in Johannesburg, a firm that has been supporting South African clients with public relations for more than two decades.

Marina Bidoli, Partner at Brunswick

Most organisations are investing in cybersecurity mechanisms. Bidoli recommends an additional investment of time and resources in devising a communications strategy in the case of a potential attack of this nature, given that the reputational damage caused by such an attack can have adverse long-term consequences. 

“The victims will quite rightly hold you (IT security and top leadership) responsible. It becomes a case of, ‘You should have seen this coming; you should have been better prepared; I trusted you with my information; why did you not protect me?” said Bidoli at the security summit.

Bidoli used the Equifax example to illustrate the consequences of poor communications. According to her, Equifax’s press release following the breach was inadequate in the information it offered about the details of the attack. Transparency is essential to gaining and maintaining trust.

“Prepare for the hack – create cyber playbooks and toolkits, do simulations and media coaching for your spokespeople. Once you are hit, don’t panic. You have prepared. Bring in the experts to help you respond effectively. Have a statement on your website and annual report. Show that you have thought about cyber risk. This will help build trust with your most important stakeholders early on,” she said.