The digital age has brought an entirely new set of challenges in developing a crisis management plan. Historically, a crisis management plan was needed in the event of a natural disaster, rumors or organizational misdeeds. However, with the increasing reliance on the Internet and emergence of the Cloud, companies are finding the need to prepare themselves for a new type of threat: cyber attacks.
THE CYBER CRISIS
Businesses rely heavily on computer systems and technology in order to store, organize and transfer their data. The hyperconnectivity on which data is transferred is making it easier for this data to be accessible to almost anyone. In response, more companies are investing in cyber security. Cyber security is simply the protection over computer data and other private information from unauthorized access. Cyber security is critical in preventing private information and data from being stolen.
Cyber attacks happen every day. In less than a year, several of the worlds most trusted brands have become victims of a data breach. According to a recent report by Symantec, cyber attacks against large brands surged by 40 percent in 2014. These brands include Target, Home Depot, JP Morgan Chase, Neiman Marcus, Staples, Healthcare.gov, and the list continues to grow.
Cyber attacks are leaving brands and reputations exposed. With the emergence of cloud technology and digital transfers, company crisis management plans now need to address the threat and list procedures for surviving a cyber security incident or data breach.
Too many companies make the mistake of waiting until a crisis occurs to plan a reaction; a crisis management plan is designed to identify potential threats, assess the likely impact to business, and define the appropriate response or control measures. The plan needs to
- Predict anything that could potentially impact business;
- Define preventative measures to minimize risk;
- Describe a course of action in case the prevention doesn’t work
- Determine what position to take on the issue; and
- Detail actions to take when a crisis hits.
It is vital that employees are kept up to date with any policy changes or software updates. Training employees on Internet safety and informing them of any dangers or threats is also an important piece of an effective crisis communication plan. Also, a crisis communication plan needs to identify key stakeholders and the proper way to address each of them in a quick and responsible way in the event of a crisis.
CRISIS SCENARIO PLANNING
A recent survey by Kaspersky Lab and B2B International reveals 94 percent of companies are dealing with cyber security issues. Target recently experienced the theft of more than 40 million debit and credit card records. According to Newsweek, the attack ultimately cost Senior Technology Officer Beth Jacob, and CEO and Chairman of the Board Greg Steinhafel their jobs.
Newsweek also reported the attack cost Target $148 million. This does not include profits lost due to a fall in customer confidence, resulting from the experience.
Target’s initial response to the massive data breach was mismanaged, causing significant reputation damage. The company has rebounded, but the damage could have been mitigated if Target had a pre-determined crisis communication plan in place that detailed how to successfully communicate to the press, customers, government and key stakeholders.
Bernstein Crisis Management states that significant damage can be done to a company’s reputation and credibility if they are not effectively prepared in what is communicated to the public and/or key stakeholders.
In this case, Target initially underestimated the gravity of the situation, apologizing for the inconvenience of the massive attack and completing dismissing customers’ dismay. Press releases were soon replaced with language that addressed customers’ stress, but it would have been less damaging if Target prepared for such scenarios and analyzed pre-drafted messages.
Although we will never be able to completely prevent cyber attacks and security breaches from happening, we can take steps to mitigate the effects of data breaches and other cyber threats by having a crisis management plan.