In May we saw what could be the largest global cyber attack observed in history so far. Holding world-wide targets’ data under lockdown, the WannaCrypt (also referred to as “WannaCry”) ransomware affected private businesses with large consumer bases. Others who fell victim to the attack included public institutions and government bodies in possession of critical citizen information.
While the exact number of organisations affected remains uncertain, the discussions WannaCry triggered multiply daily, raising timely questions about trust and cyber security.
The reality is that similar large-scale global attacks, executed by highly sophisticated cyber crime groups, are likely to now occur more frequently with potentially a much bigger scope. One theory suggests that showcasing their ability to create chaos was one of the key motivations for the hackers behind WannaCry. However, under different circumstances they might have had an entirely different agenda.
Acquiring personally identifiable information (PII) such as name, address, contact and financial details is often the ultimate “prize” for cyber criminals, when it comes to targeting organisations that collect and store this type of data. Last year we saw 15 mega breaches that exposed 1.1 billion identities, according to Symantec’s (client) Internet Security Threats Report 2017. The number of identities exposed increased by over 500m in just 12 months.
With the EU General Data Protection Regulation (GDPR) coming into action on the 25th of May 2018 (one year from now), businesses need to quickly take action to ensure they are building and implementing a cyber security strategy that will not only guarantee compliance but also help them create and retain customer trust.
Research shows that entrusting an organisation to keep their data safe and secure is of highest importance for consumers, choosing what organisations they shop with or use. With that in mind, having a communications strategy to tackle data breaches or cyber attacks is just as important as having the right tools in place to protect from cyber threats.
As part of their cyber threat crisis communications plans, organisations should be mindful of the “trust in crisis” phenomenon, revealed by the annual Edelman Trust Barometer earlier this year. This means that several key considerations should be made, with customers being positioned at the very top of the organisational stakeholder list:
- Evaluate who’s the best spokesperson to address your stakeholders; CEOs were rated among those least trusted
- Identify and choose an outspoken spokesperson who customers can identify with but do not disregard the opportunity to partner with technical or academic experts, which could give you more credibility
- Evaluate what are the right communication channels to reach your stakeholders. Media in 2016 was just as distrusted as the government
- Take advantage and do not disregard the impact search engines can have on getting your message across – 59% of Britons are more likely to believe information obtained via search engines rather than editorial content
- Leaked information is much more trusted than official company statements so ensure your messaging does not expose you to further reputational damage
Taking these simple steps towards data security compliance and crisis-preparedness, you will be one step ahead of hackers, who give no notice when they decide they want to obtain your data and most likely have the tools to do so.