Skip to main content

Communications in cyber security: Why firewalls can’t protect your reputation

This article was originally published on

Firewalls can’t protect a company’s reputation when it comes to cyber security. Face an attack and the only complete defense strategy is one that combines technology and communications. We talked with Paul El Khoury, Head of Agile Secure Development for SAP, who believes that cyber security is not just an IT-game and why you don’t need individual cyber heroes if the whole company has bought into the right culture.

As soon as a cyber incident happens, stakeholder trust is put at risk. The fear is that the company does not have the issue under control and has not handled the data entrusted to it in a responsible manner. The onus will be on the company to prove that they were good custodians of the data. That is what we call your cyber reputation.

We believe that every crisis can become a test of a company’s values, competence and leadership and its response to it will reflect its culture and capacity to be empathetic.

Leave questions unanswered, send out a poorly crafted response or get tangled up in legal issues and even minor incidents can turn into serious reputational crises. Say nothing, cover up or make false promises and very quickly you can go from being the target of an attack to the reason why it happened. The first priority for the company is to address the operational issues regarding IT security. They need to start communicating almost as quickly. This is not achieved by being too technical. Instead, throughout all phases of the crisis, a company should focus on the people affected and consider their worries, needs and fears.

For enquiries


Ben Richardson

Partner, Head of Asia


Dirk von Manikowsky

Partner, Dusseldorf

United Kingdom

Jenny Davey

Partner, London

United States of America

Jeff McAndrews

Partner, Los Angeles