Cyber Risks and Reputation: Guidelines for managing them

 

Security threats related to information technologies (IT), which focus on data transfer, processing, and storage, are among the top risks threatening the development of companies and institutions.

In its “Report on Global Risks 2020,” the International Monetary Fund names cyberattacks on infrastructure and for the purposes of data theft, fraud, and financial theft as one of the ten risks most expected to increase, according to the experts consulted. It also points to the loss of privacy tied to technology as being among the risks that are increasingly concerning young people.

The facts confirm this outlook. Cybersecurity company Fortinet recorded as many as 41 billion cyberattack attempts against just Latin American companies in 2020. The first year of the COVID-19 pandemic was also a year of exponential increase in telecommunications usage across all social areas due to the global lockdowns. According to Verizon’s “Data Breach Investigation Report,” events that compromised the integrity, confidentiality, and availability of information assets grew by 55.7% in 2020.

It is clear that cyber risks represent a threat to activity and business continuity. They not only cause a potential loss of economic and financial assets, but also pose a serious threat to the  share and relational capital (license to operate, reputation, brand, recommendation, etc.) of any entity.

Risk consultancy firm AON explains this in its “Study on Cybersecurity and Management of Cyber Risks in Spain” as follows: “If an organization is attacked or suffers a cybersecurity incident and the cause can clearly be shown to be a lack of security measures, this translates into a lack of confidence” – or reputational damage – “that affects goodwill, commercial image, and potential to generate business.”

In fact, reputational cyber risks are also a growing concern for communication professionals. The “European Communication Monitor 2020” found that around 45% of them say they have managed a cyberattack crisis in their company. However, shown by this study, “only a minority are involved in helping build resilience” to these threats. Specifically, just 25.3% have worked to educate employees on preventing cyberattacks, less than 20% have developed specific protocols to manage these incidents, and fewer still (18%) have implemented specific cybersecurity technologies.

As can be seen, there remains a great deal to be developed on reputation crisis prevention and preparation in the area of cyberthreats. This guide aims to share some concepts, strategies, and simple processes to protect stakeholder opinions regarding organizational conduct in response to these incidents.

DOWNLOAD

Authors

Iván Pino
Daniel Fernández Trejo