An organization’s reputation is a form of social currency. It is a binding force by which stakeholders form trust and often drives consumer decision making. This is particularly true in cybersecurity attacks, as new tactics to leverage company reputations as collateral damage during such events are on the rise.

According to the IBM Cyber Resilient Organization Report, 51 per cent of organizations reported a significant business disruption during the past two years. Researchers have suggested that most recently this increase may be due to increased risks associated with COVID-19, including remote working vulnerabilities and targeted phishing campaigns, among others.

Unlike the cybersecurity attacks we’ve seen in the past, many hacking groups are switching up the way they do business, and the impacts of these sophisticated intrusions and the commodification of corporate reputations, can have real and devastating consequences. These types of incidents not only present the obvious IT infrastructure disruptions, but also make it increasingly difficult for organizations to maintain control of the narrative and deliver timely and transparent updates to their stakeholders.

In 2020, we have seen a rise in highly aggressive tactics by hacker groups to manipulate victims into compliance. For example, we are aware of multiple hacking groups who are known to threaten distribution of stolen information via ‘mass media’ channels, including the use of dedicated leak sites, potentially leading to early-on widespread stakeholder awareness of an ongoing cybersecurity attack. It’s important for communicators to understand the need for transparency to their stakeholders in these situations; while also working with IT and legal teams to ensure the appropriate stakeholders are communicated to at the right time.

Here are some things to consider when preparing to respond to a potential cybersecurity attack.

  • Develop a communications response playbook: Ensure that your organization has an up-to-date response playbook that considers the most likely scenarios, including extortion attacks in which hackers use your reputation as leverage.
  • Practice and train:  Scenario exercises to train corporations on their communications response capabilities has grown in popularity at Edelman, where we work directly with our clients to ensure they are well-equipped to respond and mitigate potential reputational risks associated with a wide range of potential issues ahead of time.
  • Establish back up communication channels: For communicators, in addition to releasing the appropriate information at the right time, cybersecurity attacks can at times require communication teams to manage the situation with limited access to IT systems and internal communications functions. Identifying back up communication channels ahead of time can help ensure that a steady cascade of information can continue to flow.
  • Know what your insurance will pay for: Many insurance companies offer a host of protections and policies to ensure that organizations are equipped to manage through unexpected data security and privacy incidents, including external communication support.

 The costs to respond to a cybersecurity attack in Canada are on average $6 million (CAD), according to the Canadian Chamber of Commerce Cyber Security in Canada, however it is not as easy to understand the financial implications of a loss of trust. According to the 2018 Edelman Trust Barometer, ‘safeguarding privacy’ became one of the most important trust-building mandates for businesses globally. With hackers now weaponizing your reputation, the stakes are higher than ever.

A sudden and unexpected cyber incident can have long-term and significant impacts on an organization’s overall well-being. However, a well-managed incident can ultimately strengthen and build trust with key stakeholders through effective and tailored communications. Planning and preparing to mitigate potential cybersecurity risks of all kinds can help lighten the load and provide some assurance that, should an incident arise, your organization will be prepared.

If you would like to learn more about Data Security and Privacy Communications, please contact