Don’t Ignore Cyber Risk in Your Comprehensive Crisis Planning

The massive growth in businesses shifting functions, products and processes online means cyber risk is growing too. Hopefully you and your clients already have top-notch crisis plans in place—but do you have a specific plan to address a cyber attack? If not, the time to tackle that is now. Don't wait to strategize until you face a hacking or breach scenario that could potentially destroy you or your client's brand.

Picture yourself trying to decipher, assess, and navigate the cyber risk catastrophe that just landed in your lap(top!).  You immediately start mobilizing on how you can minimize the potential correspondence chaos, alleviate pressure from all directions, and resolve the situation swiftly. But you are at a significant disadvantage. Like with any other kind of crisis, you need to have a concrete approach to mitigation and resolution in place. Especially when it comes to cyber risk crisis, as the stakes can be extremely high. Infiltration can lead quickly to devastation.

Gina Richmond, SVP at Abel Communications in Baltimore, speaks from firsthand experience and emphasizes that the plan is everything. “We take the time early on in the relationship to sit down with our clients and evaluate their needs for any type of crisis communications, and including those that might compromise their customers in the cyber world.  We warn that it is best to have a comprehensive plan even though they have yet to ever encounter any type of cyber disruption thus far. Plans we have created typically span 20-40 pages of a highly detailed course of action,” said Richmond.

She also recommends planning for the worst, while hoping for the best.  “If the plan never gets used, great, but being prepared will protect the brand, shield your stakeholders, and ultimately allow the focus to lie on the message and not the method,” added Richmond. Be sure to start from the bottom up and inform all phone agents or those on the front lines so that communication is consistent and calming vs chaotic and confusing.  There’s no hiding from a cyber breach.  Be as transparent as possible.

Because of the persistent threat of cyber attack, there has also been a trend of agencies and brands hiring outside vendors to conduct risk assessments and constantly monitor for threats.

Richmond notes that all plans should be treated as confidential information. Announcing your air-tight cyber structure could be an open invitation for cyber criminals to pounce. “Be careful not to overcommunicate about your cyber success," she says. " That’s like a subliminal advertisement to be hacked.”

The lesson here is not to put your head in the sand when it comes to cyber risk and hacking. Think ahead with your client to develop a “what if” strategy with potential cyber breach disasters built in, so if it happens, you'll be prepared and it can be tackled efficiently and almost if it were just a drill.