It’s easy to think about a cybersecurity breach as something that threatens other companies, particularly large companies. That’s a dangerous — and potentially costly — mindset.
According to Coveware, a ransomware recovery specialist, 25% of ransomware attacks in 2023 were against companies with fewer than 100 employees and cost an average of $740,000.
And today’s cybercriminals have a level of sophistication far beyond the image of a hacker with a penchant for mischief.
A recent article in Slate says “ransomware operators are behaving more like the major enterprises they’re robbing.” Ransomware operators used to search the internet for victims to steal proprietary data from or to lock up with encryption to extort the victim to ransom it back. Today, cybercriminals offer quick and reliable customer service to ease the victims’ pain while demanding top-dollar to solve the crisis cybercriminals themselves created.
Many of today’s cybercriminals “operate like Fortune 500 companies, with deep investments in research and development and in marketing their products and services,” according to an expert quoted in Slate. Many don’t even bother encrypting the data; doing so is difficult and expensive. Instead, they apply their resources to leveraging the threat of releasing and thus destroying the value of that data.
Ransomware is only one or the many ways cybercriminals can harm or destroy an enterprise. Cyber-burglary tools include AI-powered attacks and assaults on a company’s supply chain partners. Also threatening small businesses can be unscrupulous insiders with knowledge and access.
There’s a parallel danger to the technical invasion. All businesses depend on trust from their employees, customers, and supply chain partners. Because a lot of critical information is confidential, the threat of its exposure through a cybersecurity break can destroy that trust, further eroding the enterprise.
The attack is just the beginning. How your customers, employees, and vendors see you respond is as important as how quickly the breach itself can be repaired. Too many companies fail to see the value of a Crisis Communications Team to tell internal and external constituents what happened, how they are affected, and what you’re doing to fix the problem for everyone.
Here are five steps that will help smart CEO’s initiate a Crisis Communications Plan before a breach:
Recruit a team to manage cybersecurity threats. The team should include some key operating executives along with company experts skilled at assessing the technical vulnerabilities in the system. Cybercriminals are successful because they can find and leverage a system’s weaknesses. Smart companies identify and eliminate the vulnerabilities, often with the help of outsiders.
The team also needs experienced communicators who can manage the complexities of internal and external communications with the company’s key audiences, especially employees, customers, and vendors.
Draft worst-case scenarios. Imagine how you would describe several plausible cybersecurity breaches at your company. What would cause the most damage? This merges the study of vulnerabilities with realistic appraisals of potential damages.
Draft statements and talking points. These are statements that simulate your announcing and explaining the hypothetical breaches cited in your collection of scenarios. This is more than an abstract exercise. It is important practice in how you would efficiently and quickly explain complex situations to audiences of varying expertise. By building the case for your ability to handle this problem, you’ll be well prepared when it’s no longer an exercise.
These statements articulate the facts of the case and convey your determination to solve the problem that others have created. This exercise will demonstrate how well the team will function under the pressure of an actual breach.
Do research in advance. You need to make lists of important contacts:
Members of the media who cover your industry and business
All departmental supervisors and assistant supervisors
The company’s most important clients
Key contacts at your third-party vendors and supply chain partners
Gather key documents. These include internal documents about your software and hardware providers, the contracts you’ve signed with them, and any insurance policies covering the equipment.
These five steps will go a long way toward preparing for the inevitable before it happens.
Ready to get started on your crisis communications plan? CMC can help you enter 2024 with the right plan in place. Email Cindy Miller at Cindy@CindyMillerCommunications.com.