The optics of a cybersecurity breach

How to address a B2B cybersecurity crisis ethically

As B2B public relations experts, we’ve managed our fair share of crisis situations for our clients. We advise all of our PR partners that it’s not a matter of if, but when, a crisis will occur for your business. This means you have to be prepared by developing a crisis communications plan before a crisis occurs. If not, you could be in for a world of trouble.

No company is safe from a cybersecurity breach

worried man at computer

Not all crises are equal, and the ramifications from a cybersecurity breach, especially, can be longstanding and damaging as losing customer trust and investor confidence can take months and even years to regain (if at all). It’s important that as a business you’re prepared to ethically deal with a cybersecurity breach quickly and efficiently.

Many businesses wrongly assume they aren’t the target of a threat actor because they are “too small” or “don’t have anything of value for a hacker,” but the reality couldn’t be further from the truth. According to The Economist, information is now more valuable than oil, and your average cybercriminal is looking for an easy payday, so the owners of companies that tend to think they aren’t worthy of being hacked are often the ones that take less precautionary steps to ensure their information is secure.

To pay the ransom, or not to pay the ransom?

Often times when data is obtained through illegal methods, the goal is to ransom that data for payment. This can be done through a variety of methods, with one of the most common being malicious software called ransomware. Ransomware is designed to encrypt and deny access to data until a ransom is paid. While most cybersecurity professionals will tell you never to pay the ransom, as there isn’t ever a guarantee that you will get your data back or that it won’t be used against you for further extortion, some companies stubbornly think they can pay the ransom and sweep the whole incident under the rug without the public knowing.

Rideshare darling Uber, for example, allegedly paid $100,000 to hackers and had them sign NDAs after collecting data on 57 million users back in 2016. This type of hush-hush exchange between a company and hackers is the exact type of thing we advise our clients to avoid.

From an optics standpoint, this is a lose-lose situation if true, because not only did Uber allegedly get hacked and not say anything to their customers about it, they worked with the hackers to cover it up! If Uber had admitted to the hack sooner and discussed how they would address the hack and better protect their customer data in the future, they could have saved a lot of face with customers and potential investors.

From an ethical standpoint, the main piece of advice we give all our partners in the event of a crisis is: Tell it all, tell it fast, and tell the truth. If you do this, you have done all you can do to minimize the situation and will avoid the backlash of a cover-up, which can become its own crisis if exposed.

Want to learn more about how to protect your brand in the event of a crisis? Contact Ripley PR today.

Joel Davis, Content Supervisor

This post was written by

Leave a Reply

You must be logged in to post a comment.

facebook facebook facebook facebook facebook
Public Relations