50% of PR Agencies Polled Say They Don’t Have a Cybersecurity Plan; 41% Aren’t Budgeting for It

One of the big data security stories last week was the $17 million sum insurer AETNA will pay to some customers as a result of compromising their personal data. Ironically with all the hype surrounding cyberattacks that result in compromised data, the AETNA case was an analog issue: The company mailed letters to policyholders with large, clear display windows that revealed they were prescribed HIV medications.

While privacy policy is a key issue, data breaches via cyberattacks are critical, too, of course. That’s why Rick Gould, managing partner, Gould + Partners, commissioned a quick poll of his clients on the topic. It is being shared exclusively with PR News.

“In light of the recent and ongoing cyberattacks on some of the world’s biggest brands, including Equifax and Deloitte, we were curious about the degree to which PR firms and agencies are investing in cybersecurity,” he told us in an interview. The 22 responding PR firms ranged from $2 million to $90 million in net revenue. The survey did not query respondents about the composition and breadth of their cyber plans, only whether or not they had one.

Glass Half Full

Rick Gould Managing Partner Rick Gould Managing Partner Gould + Partners
Rick Gould
Managing Partner
Rick Gould
Managing Partner
Gould + Partners

As you can see from the chart, it’s close to a glass half-full/half- empty proposition, with 50% of respondents saying they have a cyber plan in place. For Gould, though, 50% is disappointing. “When you consider the repercussions of a cyber attack, we still see this number as too low,” he says. It’s important to remember a cyber plan will not prevent a cyberattack or data breach, but it should seriously mitigate the damage.

We turn to Gould’s specialty, mergers & acquisitions, and ask if the lack of a cyber plan is a detriment when it comes to valuing firms for acquisition. “Absolutely. The firm definitely will not be as appealing to business prospects if they see a void in cybersecurity.” Buyers will want assurances that cybersecurity is top of mind for the selling firm, he adds. “These days buyers want to acquire bottom-line value. Having a cyber plan in place demonstrates to buyers that the owners of the firm put a premium on protecting their asset from bad actors online.”



Cyber Plan Will Be Like Health Insurance

Not too far into the future Gould believes any legitimate buyer of PR firms will expect the selling firm to have a solid cyber plan in place—and one that evolves along with the Internet, social and mobile platforms. “If you follow technological growth online to a logical conclusion, it’s only a matter of time until purchasing a cyber plan will be akin to purchasing property insurance for the firm’s offices or, depending on the size of the firm, health insurance for all its employees… Increasingly, the overall integrity of the firm will depend on having a cyber plan in place.”

Cost is the Issue

The biggest hurdle, Gould says, usually is cost. “PR firm owners understand intellectually the need for cybersecurity, of course, but often have a difficult time creating the budget to fund a plan. Putting off spending for cybersecurity soon will be unsustainable, however.”

CONTACT: [email protected]