There’s no question the level of trust and confidence customers have in a brand directly impacts profitability. The reputation of a business is essential to survival.
Your brand or brands owned by other business partners, can suffer from the consequences of reputational damage, resulting from a data breach in your organisation.
Reputational damage after a breach can have a range of impacts, from a loss of business and reduced share price, to increased regulatory costs and negative impacts on the personal branding of senior executives.
Equifax, a company with global business, reported a major cyber security incident in 2017. The incident affected 143 million Americans.
As Equifax are a credit bureau, they collect and hold highly sensitive data. The breach is thought to have revealed the names, Social Security numbers, birth dates and addresses of almost half the US population.
CEO Richard F. Smith apologised to customers and said, “This is clearly a disappointing event for our company and one that strikes at the heart of who we are and what we do.”
At the time of writing, it looks like Equifax may be required to pay compensation to consumers. The share price dropped 33% in 14 days after the breach. Equifax also faces state and federal enquiries and class action lawsuits. In addition, the CEO and CSO were forced to step down.
The incident is an example of reputational damage so serious it would make most senior executives uncomfortable.
From February 22 under the Notifiable Data Breaches scheme, eligible Australian businesses will be obligated to report breaches involving personal data, or risk serious fines. We can expect to see a lot more media about breaches occurring in Australia in the future. In addition to being reported on traditional news channels, word of this type of incident can spread wide and far across social media in minutes.
It’s worth noting that the OAIC will not just be investigating what the breach was, but the way in which businesses responded.
Unfortunately, there is no certain way to predict if and when a data breach may occur, but there are steps you can take to get ahead of the curve.
You can minimise your risk through a proactive approach to information security documents, starting with having your framework, policies and procedures carefully planned and implemented. There’s no point having an out of date 45-page Incident Management Procedure causing further confusion when you’ve been hacked. Your leadership team and workforce need to be competent and confident to handle a crisis in real time.
When you’re able to minimise the fallout of a data breach, you’re already on the front foot to restoring credibility, trust and confidence in your brand. In the event of a cyber security incident, decisions need to be made quickly and calmly by the right people at the right level. Having a precise, clearly defined procedure in place is critical.
Business leaders and IT Managers need to ask themselves the following:
- Is our IT security documentation up to date?
- Is there an effective Incident Management Procedure in place?
- Have all of our relevant security documents been implemented thoroughly, i.e. has there been an awareness campaign and ongoing promotion?
- Who is making the decisions in the event of a breach and do those individuals know their responsibilities?
All good business is based on an element of trust, and a loss of faith can be so serious that many organisations would not be viable if it occurred. It’s impossible to completely avoid all information security risks, but it is possible to manage the risk. Take action, today.