Talking globally means talking locally
Crisis communications have never been a more important part of any strategy.
The introduction of mandatory reporting of data breaches has been discussed at length over the last few months. Many of our Australian IT security clients have been discussing how businesses can both prepare for the legislation, and respond in the event of a notifiable data breach.
What’s surprising, however, is the lack of discussion amongst PR leaders.
Time to step up
This is a unique opportunity for communicators to show leadership and demonstrate the true value of crisis communications.
The damage done by a data breach will be more about the damage to reputation and trust, rather than about fines levied (although they could be up to $1.8 million).
In the US, companies such as Chipotle and Target have seen share prices directly affected by high-profile data breaches. More recently Uber’s high-profile ransomware data breach brought this issue closer to home.
For anyone who might be tempted to play down the risks, know that 90% of a cyber-attack’s impact is felt up to two years later.
The legislation will soon become a reality for many Australian businesses, but there are doubts about preparedness.
Breaches do happen
We should assume that breaches will happen. For most organisations, it takes more than 200 days to even realise they have been breached.
All IT professionals know that you can work towards minimising risk, but never eliminate the chances of a data breach altogether. With cyber-security, businesses need to plan for the worst, and hope for the best. Happily, this is also the basis of any good crisis communications plan.
While data protection and IT security are at the core, any risk-limiting strategy also needs a solid crisis communications plan. When the worst happens we must respond effectively, and quickly, to mitigate the risk.
Communications should lead the way
We need to be prepared for the reality of inevitable data breaches with both a crisis response plan; for example, is the response to ransomware to pay up? And a crisis communications plan.
Clearly there will be overlap. But the PR community should drive and own the crisis communications plan; with the clear objective of limiting the impact of a crisis on the business.
This gives communicators a unique opportunity to sit alongside the C-suite, and develop a strategic plan to protect the organisation’s most vital asset: its brand. Communicators already know how to maintain authenticity and trust with multiple stakeholders and publics, even in times of crisis.
Your organisation will be exposed without a plan that can be adapted and executed at speed. You can expect to learn some hard lessons when the crisis hits.
As an industry, we’ve spent the past few months talking up what IT must do when a breach happens. It’s time for us to practice what we preach.