“It’s like watching a slow-motion governance train wreck.” Peter Coroneos, co-author
According to the authors of the just published Cyber Breach Communication Playbook, 14 recent major cyber breaches affecting Australian and international organisations just managed to avoid a fail average in the way they handled post breach communication.
They found that consequences of the mishandling ranged from senior executive resignations, parliamentary inquiries, loss of customers, significant share price, revenue and business valuation reductions, litigation, damages and compensation orders and general lingering brand damage from a distrustful public.
“Systemic failures are adding to fears that information is not longer safe even in the hands of major brands or government databases”, said Peter Coroneos, cyber industry leader and book co-author. “It borders on inexcusable that organisations should run for cover after a breach. Even if you’re not the direct cause, finger pointing and blame shifting are not winning strategies.”
“Our sense is that a culture of denial still persists, particularly where a major breach hasn’t yet occurred. Every new poorly-handled breach inflames end user demands for greater accountability and more laws. But we shouldn’t have to have to wait for laws to dictate our trust processes. Businesses who rely on the internet have a collective interest in moving to best practice. Trust is fragile and ephemeral — it shouldn’t be taken for granted,” Coroneos said.
Of the 14 cases assessed, the score spread was as follows
C (1 case) C – (3 cases) D (3 cases) D – (3 cases) F (4 cases)
7% 21% 21% 21% 28%
Playbook co-author and brand management expert, Michael Parker. “It was our rising sense of dismay in seeing how badly large and well resourced companies were handling their stakeholder communication that prompted us to write the book. Our message to organisations is this: Move to a more transparent and honest posture. Cyber breaches are a fact of life, the quicker we can move entities to a state of readiness, the better they’ll survive the court of popular opinion.”
Parker concluded: “Most of the cases involved easily preventable breaches. Along with technology and training, you need a parallel investment in communication readiness. Our cases show it might save executive careers.”