In October, CPRS Vancouver hosted an online professional development event about responding to cyber-attacks and building a crisis-ready culture.
Here are some key takeaways for those who missed it.
When COVID-19 forced many organizations to adopt a work-from-home model, cyber crime spiked. It’s only been growing ever since, and all sectors and organizations are at risk.
What are the most common methods cyber criminals use?
Most hackers areout to make a profit by obtaining personal information so they can access banking and credit card information.
Unfortunately, people are unknowingly giving this information away. Unintended human errors – like opening suspicious emails – contribute to 85% of cybersecurity incidents.
Ransomware attacks hold your company’s information, websites, or online services hostage until a ransom is paid. Unfortunately, most companies are finding the easiest way to resume operations is to pay off the cyber criminals.
Spear phishing techniques trick people into transferring money to cyber criminals. They target specific users and, usually, the attackers will perform research before attacking. This can make these techniques harder to spot as attackers have information about the target that makes them appear legitimate.
The hidden and “not so hidden” costs
The financial risk of cyber crimes to companies is obvious – data breaches are very expensive, and those costs are rising. In 2018, the average ransomware payment was around $7,000. In 2020 the average cost of a ransomware attack grew to over $200,000. In 2021, the average cost of a data breach surpassed $4 million for the first time ever.
But cybercrime is not only a massive threat to an organization's finance and operations – it’s a significant threat to its reputation.
This is where communicators come in.
If a breach is detected and customer or client information has been compromised, the key to restoring trust after the fact is to be transparent. Even if there is not much information available–say something. It can be as simple as, “We are aware of the incident and looking into it. We will continue to update our stakeholders as more information becomes available.”
Before an attack occurs, communicators can be prepared by drafting dark site content, media Q&As, and call center scripts. This ensures every touchpoint in the company is sharing the same key messages with external stakeholders.
Make sure to seek guidance from cybersecurity firms, insurance providers, and internal and external legal counsel.
Creating a “crisis-ready culture” needs to start at the top. So how can you gain buy-in from senior leaders?
While your company may be well positioned to respond to a reputational crisis, many are not – simply because leadership may not be aware of the severe and long-lasting financial and reputational impacts of a poorly handled crisis.
Alex Russell and Kylie McMullan shared tips on how to foster crisis communications preparedness within your immediate team – and all the way up to the C-suite.