Sarah Woodhouse, Director of AMBITIOUS, explains how businesses must communicate a cyber breach in order to remain trustworthy and minimise damage.
A cyber breach occurs roughly once every 39 seconds.
With businesses as targets for their data, it’s not a case of if but when an attack will happen, and brands have historically struggled with the need to communicate during these kinds of crises.
Take Uber as an example, which was hit by a cyber breach in 2016 and kept quiet from customers for over a year. Accusing them of trying to cover up, customers and regulators lost trust in the brand over the incident.
With cyber breaches hitting big brands and critical infrastructure sectors such as governments, hospitals, energy and water, incidents can be extremely high-profile.
However, it’s not only large organisations that are the target; attacks remain a common threat for businesses of all sizes. In the Government’s Cyber Security Breaches Survey 2023, 59% of medium-sized businesses said that they were the victim of a breach or attack.
The survey noted that smaller companies reported fewer attacks but reflected that this could be due to less prioritisation and reporting rather than being targeted less. In fact, for B2B businesses, the threat increases with the proliferation of supply chain attacks, which see cyber attackers target third-party tools and providers, compromising numerous systems within a supply chain.
B2B businesses have a duty to go public to reassure their audiences by allaying concerns and protecting the image of the company.
If you don’t go public with it, there is a chance your ‘attackers’ will. In late 2023, the ransomware gang BlackCat filed a complaint with the US financial regulator, the Securities and Exchange Commission (SEC), against one of its victims for failing to report a cyber breach.
Awareness and understanding that cyber-attacks happen is high; therefore, organisations should focus on managing and preserving their reputations after an attack has occurred.