This article was originally published on Finsbury.com
Firewalls can’t protect a company’s reputation when it comes to cyber security. Face an attack and the only complete defense strategy is one that combines technology and communications. We talked with Paul El Khoury, Head of Agile Secure Development for SAP, who believes that cyber security is not just an IT-game and why you don’t need individual cyber heroes if the whole company has bought into the right culture.
As soon as a cyber incident happens, stakeholder trust is put at risk. The fear is that the company does not have the issue under control and has not handled the data entrusted to it in a responsible manner. The onus will be on the company to prove that they were good custodians of the data. That is what we call your cyber reputation.
We believe that every crisis can become a test of a company’s values, competence and leadership and its response to it will reflect its culture and capacity to be empathetic.
Leave questions unanswered, send out a poorly crafted response or get tangled up in legal issues and even minor incidents can turn into serious reputational crises. Say nothing, cover up or make false promises and very quickly you can go from being the target of an attack to the reason why it happened. The first priority for the company is to address the operational issues regarding IT security. They need to start communicating almost as quickly. This is not achieved by being too technical. Instead, throughout all phases of the crisis, a company should focus on the people affected and consider their worries, needs and fears.
For enquiries
Asia
Ben Richardson
Partner, Head of Asia
Germany
Dirk von Manikowsky
Partner, Dusseldorf
dvonmanikowsky@heringschuppener.com
United Kingdom
Jenny Davey
Partner, London
United States of America
Jeff McAndrews
Partner, Los Angeles