Every day we are reminded by media headlines that cyber-attacks are a pressing enterprise issue and assaults by organised and novice criminals are becoming increasingly common and diverse in nature.  For senior executives and Boards, the greatest danger of cyber-attacks is damage to the brand and reputation of the company and the catastrophic fallout with customers.

The most valuable asset a company presides over and must protect are its customers.  The loss of customer trust is the single biggest concern of C-suite leaders around the world because trust drives revenue and growth and gives permission to a company to operate.  In fact, according to The Economist Intelligence Unit (EIU) the most important asset a company needs to protect from cyber-attacks is its reputation with customers, by a significant margin.

Reputation is a fragile asset that can take decades to build and can be annihilated overnight impacting several key stakeholders including: customers, suppliers, employees, investors and leadership.  An attack can also invite costly shareholder and customer lawsuits.  As a consequence of such a crisis, sales sag, profits plunge and share prices can sink.

What we do know is that there exists a very active, organised and liquid criminal market for customer information and defending valuable customer data should be a priority that demands resources, and a common sense of purpose and urgency from the company’s leadership.  But leaders need to do much more than acknowledge the size of the threat.  They need to close the gap between the priorities of the C-suite and those security experts trying to raise awareness, protect the company and employ robust safeguards.

Every company, large or small, must plan for an attack because it is crucial to minimise reputational and operational damage early.

Simple practices to manage an attack and preserve brand and reputation include:

  • Let qualified experts do their job and give them the resources they require. Don’t take short cuts.
  • Have a flexible defence system that allows IT teams to immediately identify, mitigate and contain an attack. Support and trust them.
  • Have a crisis management plan in place and test it.
  • Get out early and disclose the full extent of the breach to your customers and shareholders. The first 24 hours are critical.
  • Don’t just talk about the problem, talk about the solution.
  • Conduct a thorough forensic analysis of the breach and put your response and measures in place immediately. Don’t look back.  Look forward.

The trust and confidence of customers and shareholders is an asset at huge risk and the most difficult to recover.  Managing it successfully requires the full attention of an entire business and demands hindsight, insight and foresight in equal measure.