Insurance professionals should be concerned about the growing phenomenon of cyber-security breaches and the impact on the businesses they represent as well as the impact on their own data.
Cyber security is an escalating concern facing companies throughout the world due to increased network failures, breaches in security and outside attacks. Regardless of the cause, businesses that maintain databases housing private customer information must review risk strategies to mitigate breaches and prepare for the very real possibility that a breach ultimately will occur.
Preparations should include three distinct areas: improved technology security, financial protection and mitigation and rebuilding trust through effective communications.
Improved technology security
In a January 2016 survey conducted by VansonBourne, an independent technology market research provider that surveyed 500 CIO respondents from the U.S., the UK, France and Germany, cyber security investments for 2016 exceeded $83 million. Still, nearly 87 percent of CIOs believe their cyber security attempts are failing to protect business interests. What is the cause? Today’s technology has increasing dependence on the use of mobile devices and storage solutions such as cloud-based software, with security measures based on keys and certificates. Through these keys and certificates, hackers gain access.
Although there are a variety of technical solutions businesses can employ to protect against a cyber threat, there are still other risk strategies that should be considered should a breach occur. Businesses throughout the world are mitigating financial loss through cyber insurance. Each policy differs in scope and coverage; however, generally first-party liabilities cover costs associated with the actual breach (forensic investigation, profit/loss and legal advice). Third-party liabilities commonly cover damages caused by the breach (legal defense, public relations initiatives and regulatory response). Even though public relations services may be covered in various formats based on the protection plan after a breach has occurred, it’s never too early for businesses to proactively formulate communications strategies in preparation of a breach.
With improved security measures and mitigated financial impact comes the need for reputation management and the ability to rebuild trust damaged through a breach. Preparing communication plans and messaging in advance, whether through internal means or in partnership with a firm will position organizations to effectively weather the storm while minimizing overall damage to the brand.
To begin your crisis communications planning, begin with these four tips:
1. Bring the team together
Begin your communications plan through the identification of a crisis team. Identify who should be at the table when a breach occurs. The crisis team should include executive representation from the CEO’s office, legal, information technology, human resources, finance, operations and communications. Bringing these decision-makers together before, during and after the crisis will create a cohesive approach to the crisis along with consistent messaging for both internal and external stakeholders. Consider including your risk manager and insurance agent or broker.
Every quality crisis communications plan is organized, comprehensive and specific to your organization. While planning, think through and identify the specific crisis your organization could face. If you’re in healthcare, consider the various HIPPA scenarios that you could experience. If you’re in the legal field, how could client privilege be compromised? As the team works through their potential concerns, they establish the protocols necessary to mitigate the process.
3. Assign tasks
Every staff member has a role to play in an emergency, whether it’s an active role in the ongoing crisis or in supporting the post-crisis efforts. Determine the tasks that you’ll be required to do regardless of the challenges you face. Business operations (payroll, for instance) must continue with as little disruption as possible. Also, employees play a significant role in your communications, whether you want them to or not. Keeping them engaged and informed is a positive step toward a consistent message. Be sure to clearly identify who will do what prior to a crisis and ensure that employees know their roles and how to execute these responsibilities well in advance of an emergency.
4. Plan your communications
This includes not only what you’ll say, but also developing stakeholder lists and the message types they should receive, their priority in receipt of messaging and how to respond to inquiries. As an example, your board of directors may receive more detailed information about the crisis than your general employees. Clearly establishing message protocols ensures that each stakeholder level receives the right information regarding the crisis.
Communications during and after a crisis can be overwhelming, especially with the advent of social media and a 24/7 news cycle that competitively feeds on the need for new and updated information. But organizations can manage their communications through detailed and careful planning, pro-active communications during an actual crisis and quickly rebuilding brand equity through positive public relations before, during and after the event.
Whether your crisis is short or has long-term impact, a post-event evaluation of the overall crisis that includes a review of corrective actions and your formal and informal communications throughout the incident is a must in quality improvement. The crisis team should take an unbiased look at every step, including those that led to the crisis and an honest identification of what was done well and what could be improved.
Planning is essential to crisis management. To mitigate damage, specifically from a cyber breach, companies should prepare for a crisis now. Begin with an evaluation of your technology security plan and protocols. For some companies, hiring hackers to attempt a breach has been considered beneficial to understanding weaknesses in the system. For others, implementing stricter security software keys and certifications is their best course of action.
Understanding that a breach is likely to happen, safeguarding against financial loss is also a positive step more and more businesses are implementing. And, a proactive approach to designing communication strategies will reduce lost customer trust and protect brand reputation. Regardless of what level you decide is acceptable, determine today to review your security, protection and crisis communications processes long before the need arises.
Michelle Irwin is a vice president for Poston Communications and brings more than 15 years of executive, inside experience managing crisis communications in the public sector. Contact her at firstname.lastname@example.org or 404-875-3400.