Countering data breaches now features high on the agenda in board room meetings, and there is growing desire on the part of forward-thinking leaders to improve capabilities in this important aspect of management and strategy. It was no surprise to see it feature prominently on the agenda at Davos earlier this month.
One challenge from a communications perspective is that the phrase “cyber-attack” has become a media buzz word for data-breaches, ubiquitously applied to describe a whole host of different scenarios that have varying degrees of severity and impact.
At one end of the scale are sophisticated, malicious hackers – professional criminals, corporate spies or, as we have seen recently, foreign government agencies. However, many cyber-attacks are not so sophisticated. At the other end of the scale exist the ‘script kiddie’ hackers using existing computer codes to take advantage of out-dated IT-security; or disgruntled employees stealing company data on a USB data-stick for sabotage or ransom. Further, data breaches can be the result of human error – laptops left on trains, confidential documents left on desks overnight or unlocked USB portals.
A nuanced understanding of a data-breach is often lost when the generic term “cyber-attack” hits the media headlines, causing the financial and reputational damage to be disproportionate to the true nature of the breach.
An ability to establish the facts, to respond quickly and place any data breach in its proper context is vital to establishing a counter narrative, informing stakeholders and managing the fallout.
As with any crisis scenario, it comes down to preparation and a seamless legal, business and communications response.