Understanding risk and protecting corporate reputation in the age of the ‘hacker pack’

Friday, 13 May 2016, 10:27 | Category : General
Tags :

Last night we co-hosted an event for the PRCA’s Independent Consultants Group that we chair, held at the fantastic offices of Allison & Partners in Kings Cross. The theme was “Cyber Security: Understanding Risks and safeguarding Reputation”, and we were lucky to have guest speakers from security firm Cipros International and law firm Schillings to talk our attendees through the cyber security minefield. With 144% increase in successful cyber attacks from 2014 – 2015, and high profile recent cases such as Ashley Madison and the Panama Papers, this is something that every PR consultant needs to prepare for.


Indeed, according to Dave Moodie of Cipros data breaches are frighteningly commonplace. Some 90% of large and 74% of small organisations have suffered a targeted information breach. These are only the ones who know they have been targeted. No doubt then that is that this is a business critical issue that affects all organisations – public or private sector, large or small. And it’s only going to get worse.


With that in mind Dave urged all PR consultants to emphasise the need for their clients (and colleagues) to understand the issue right the way across the organisation. He also pointed out that very few breaches are particularly sophisticated. In fact the overwhelming majority are caused by internal human error or facilitation.

Looking at the issue from the legal perspective, Magnus Boyd from Schillings pointed out that the new General Data Protection Regulation legislation coming into effect in two years’ time will force all organisations to put in place certain measures to ensure that customer data is as safe as possible (although only by degrees; it seems to be accepted that where a hacker has a will, s/he will find a way). Failure to comply with the legislation will incur a fine of $20m, or 4% of turnover, whichever is the greater. Governments are taking this seriously too.

Magnus also took us through the potential impact of a data breach on corporate reputation, which can range from loss of trust through to a share price crash, depending on the severity of the issue and also how it is dealt with. Given that hackers are now so sophisticated that they even time their ‘data dumps’ with the rhythm of the international news cycle, it’s imperative to act fast and with authority. 2016 has seen several recent major data breach examples such as Target and Talk Talk; both these situations were mismanaged in terms of management’s communication with the public, with business leaders making ill judged statements not based on facts.

Whilst both speakers were able to point to numerous companies that had endured comms failures during cyber attacks, neither could point to any companies that had handled an attack with particular aplomb.

And whilst there is no template formula, what was clear is that most comms mistakes appear to have been made in the first 24 hours as companies scramble to make sense of the situation. Advice here was to be as quick and open as possible to acknowledge the situation, use appropriate conciliatory language and publicly commit to taking full responsibility for restoring the status quo.


With hackers now working in ‘packs’, with the intention of selling on customer data in high volumes, this is an issue that the corporate world and public sector will be fighting for the rest of the decade and beyond. From a reputation point of view, it is advisable to be as honest and open as possible to deflect criticism and allow stakeholders to keep the faith. Keep “Talk Talking”, and never say ‘no comment’.

– Nicky


Share this: Share this page via EmailShare this page via Stumble UponShare this page via Digg thisShare this page via FacebookShare this page via Twitter

Leave a Reply

Your email address will not be published. Required fields are marked *