+
EDITOR’S QUESTION
CHRIS MILLER,
REGIONAL DIRECTOR,
RSA SECURITY
/////////////////
T
o understand the impact that
cybersecurity can have on a
company’s reputation, we need to
take a step back and understand how the
role of cybersecurity has evolved in recent
years as a result of Digital Transformation
and the rising customer expectations that
have fuelled it.
While Digital Transformation has delivered
huge amounts of value to customers,
businesses and their employees, it has also
created new digital risks which transcend
organisational silos.
In short, they are not IT or security risks;
they are business risks. As a result, it is
impossible to manage reputations without
also managing your digital risks; the two are
intrinsically linked.
However, this is not to say that suffering
a data breach will tarnish your reputation
forever. Often, it is not the breach itself,
but the response to the breach that can
determine how the event will impact a
company’s reputation.
This is why the best way to limit reputational
damage is to thoroughly prepare for this
eventuality as part of a wide-reaching and
thorough cybersecurity strategy, which
not only looks to prevent attacks but also
www.intelligentcio.com
ensures they are managed well when they
do happen.
A key component of this preparation is
setting out a breach response plan so that
if the worst does happen there is a clear
set of procedures to follow. Key things to
consider include:
• Cross-organisational input: CISOs
should devise their response strategy
alongside the chief compliance officer
and the director of investor/public
relations, as this will build a better
“
THIS IS NOT
TO SAY THAT
SUFFERING
A DATA
BREACH WILL
TARNISH YOUR
REPUTATION
FOREVER.
picture of the wider ramifications a
breach can have on the business
• Full remediation: Security teams should
ensure they have the right capabilities
to ‘rewind the tape’ to see exactly what
happened in the wake of a breach – i.e.
what data has been impacted, what
systems have been accessed, and so on
– so that they can provide meaningful
and accurate updates to customers as
needed. This could mean access to tools
that provide this level of insight, or the
use of services from external incident
response teams
• Transparent and timely reporting:
If a security incident is reported in
vague terms, six months after it took
place, this can seem as though a
company is withholding information.
Communicating effectively with
customers, partners and shareholders
every time a security incident happens
means trust is maintained and
reputational damage is reduced
Companies are always going to face cyber-
attacks, but having a robust approach to
cybersecurity, including a well-thought-
through breach response plan can help
guard reputation, by helping them get back
to ‘business as usual’ as soon as possible. n
INTELLIGENTCIO
33