Mar 25, 2014 // Dan Yelin
The rise of cyber-attacks on companies has been on the rise over the past couple of years. Initially, the attacks were more prevalent with tech-centric companies like Evernote, Facebook, Twitter, LinkedIn, but as more traditional companies (e.g. Target) have moved to the internet to provide their customers with additional market reach, they’ve also been targeted by cyber-attacks, often leading to disastrous outcomes for either the company, their customers or both.
In a report by The Economist regarding cyber incident response, companies are not trying to avoid breaches at all costs, but are considering them inevitable and looking towards mitigation plans. In fact, the results of the surveyed companies and C-level executives were focused on PR and preparedness:
1) 2/3rds of C-level executives think that effective responses to such incidents can improve their corporate reputations
**2) 60% of companies surveyed now have formal response strategies** in place for a cyber-attack
3) and unsurprisingly, 73% companies felt “somewhat prepared“ where as 17% felt “fully prepared” to address a cyber-attack
Additionally, the report reveals that 57% of companies who are victim to a cyber-attack or breach do not voluntarily report them. Even beyond the lack of voluntary announcement of a breach, hacker’s aren’t the sole source. Other common causes include:
1) major systems outages (29% of companies experienced them)
2) unintentional loss of sensitive data by an employee (27%)
Beyond the numbers and statistics of the source of cyber-attacks and the actual preparedness of a company, the pertinent issue that always makes things worse is bad presentation of this information or lack of detail/specifics. The report notes:
“For now, arrangements with a public relations agency or crisis management firm are less common, underlining the defensive focus of current planning.”
As cyber-attacks on companies rise, the demand for a company to clearly articulate the details of the breach, impact, and remediation plans is a critical part of conveying a clear resolution plan to the public, an opportunity for the company to improve their image.
At the end of the day, it has become increasingly difficult (and expensive) to avoid all types cyber-attacks, but having a clear plan, both internally and externally, is becoming status quo.
