Insurance professionals should be concerned about the growingphenomenon of cyber-security breaches and the impact on thebusinesses they represent as well as the impact on their owndata.

Cyber security is an escalating concern facing companiesthroughout the world due to increased network failures, breaches insecurity and outside attacks. Regardless of the cause, businessesthat maintain databases housing private customer information mustreview risk strategies to mitigate breaches and prepare for thevery real possibility that a breach ultimately will occur.

Preparations should include three distinct areas: improvedtechnology security, financial protection and mitigation andrebuilding trust through effective communications.

Improved technology security

In a January 2016 survey conducted by VansonBourne, anindependent technology market research provider that surveyed 500CIO respondents from the U.S., the UK, France and Germany, cybersecurity investments for 2016 exceeded $83 million. Still, nearly87 percent of CIOs believe their cyber security attempts arefailing to protect business interests. What is the cause? Today'stechnology has increasing dependence on the use of mobile devicesand storage solutions such as cloud-based software, with securitymeasures based on keys and certificates. Through these keys andcertificates, hackers gain access.

Related: 10 ways small businesses can fight cybercrime

Financial protection

Although there are a variety of technical solutions businessescan employ to protect against a cyber threat, there are still otherrisk strategies that should be considered should a breach occur.Businesses throughout the world are mitigating financial lossthrough cyber insurance. Each policy differs in scope and coverage;however, generally first-party liabilities cover costs associatedwith the actual breach (forensic investigation, profit/loss andlegal advice). Third-party liabilities commonly cover damagescaused by the breach (legal defense, public relations initiativesand regulatory response). Even though public relations services maybe covered in various formats based on the protection plan after abreach has occurred, it's never too early for businesses toproactively formulate communications strategies in preparation of abreach.

Rebuilding trust

With improved security measures and mitigated financial impactcomes the need for reputation management and the ability to rebuildtrust damaged through a breach. Preparing communication plans andmessaging in advance, whether through internal means or inpartnership with a firm will position organizations to effectivelyweather the storm while minimizing overall damage to the brand.

To begin your crisis communications planning, begin with thesefour tips:

1. Bring the teamtogether

Begin your communications plan through the identification of acrisis team. Identify who should be at the table when a breachoccurs. The crisis team should include executive representationfrom the CEO's office, legal, information technology, humanresources, finance, operations and communications. Bringing thesedecision-makers together before, during and after the crisis willcreate a cohesive approach to the crisis along with consistentmessaging for both internal and external stakeholders. Considerincluding your risk manager and insurance agent or broker.

2. Brainstorm

Every quality crisis communications plan is organized,comprehensive and specific to your organization. While planning,think through and identify the specific crisis your organizationcould face. If you're in healthcare, consider the various HIPPAscenarios that you could experience. If you're in the legal field,how could client privilege be compromised? As the team worksthrough their potential concerns, they establish the protocolsnecessary to mitigate the process.

3. Assign tasks

Every staff member has a role to play in an emergency, whetherit's an active role in the ongoing crisis or in supporting thepost-crisis efforts. Determine the tasks that you'll be required todo regardless of the challenges you face. Business operations(payroll, for instance) must continue with as little disruption aspossible. Also, employees play a significant role in yourcommunications, whether you want them to or not. Keeping themengaged and informed is a positive step toward a consistentmessage. Be sure to clearly identify who will do what prior to acrisis and ensure that employees know their roles and how toexecute these responsibilities well in advance of an emergency.

4. Plan your communications

This includes not only what you'll say, but also developingstakeholder lists and the message types they should receive, theirpriority in receipt of messaging and how to respond to inquiries.As an example, your board of directors may receive more detailedinformation about the crisis than your general employees. Clearlyestablishing message protocols ensures that each stakeholder levelreceives the right information regarding the crisis.

Communications during and after a crisis can be overwhelming,especially with the advent of social media and a 24/7 news cyclethat competitively feeds on the need for new and updatedinformation. But organizations can manage their communicationsthrough detailed and careful planning, pro-active communicationsduring an actual crisis and quickly rebuilding brand equity throughpositive public relations before, during and after the event.

Post-event evaluation

Whether your crisis is short or has long-term impact, apost-event evaluation of the overall crisis that includes a reviewof corrective actions and your formal and informal communicationsthroughout the incident is a must in quality improvement. Thecrisis team should take an unbiased look at every step, includingthose that led to the crisis and an honest identification of whatwas done well and what could be improved.

Planning is essential to crisis management. To mitigate damage,specifically from a cyber breach, companies should prepare for acrisis now. Begin with an evaluation of your technology securityplan and protocols. For some companies, hiring hackers to attempt abreach has been considered beneficial to understanding weaknessesin the system. For others, implementing stricter security softwarekeys and certifications is their best course of action.

Understanding that a breach is likely to happen, safeguardingagainst financial loss is also a positive step more and morebusinesses are implementing. And, a proactive approach to designingcommunication strategies will reduce lost customer trust andprotect brand reputation. Regardless of what level you decide isacceptable, determine today to review your security, protection andcrisis communications processes long before the need arises.

Michelle Irwin is a vice president for Poston Communicationsand brings more than 15 years of executive, inside experiencemanaging crisis communications in the public sector. Contact her at[email protected] or404-875-3400.

Related: 6 categories of questions you'll be asked whenapplying for cyber coverage

Save

Save

Save

Save

Save

Save