Statista reports that between 2023 and 2028, the global estimated cost of cybercrime is forecasted to increase by $5.7 trillion. By 2028, the cost of cybercrime worldwide is estimated to more than double to $13.82 trillion. At the same time, IT departments and their corporate communications counterparts, particularly in large organizations, seem to be less prepared than ever to combat cyber attacks.
Hahn has integrated cybersecurity into our rapid response planning and consulting through our partnership with Silent Quadrant, a digital protection agency. Our firms are experts in cybersecurity and crisis communication, and compared to our in-house counterparts, we are substantially more in sync in prioritizing cyber rapid response planning. As a predictive marketing communications firm in charge of sales data for major clients, we know it’s our duty to protect and secure sensitive and confidential information. We invested in and completed a series of security and compliance certifications and now stand ready to finish Service Organization Control Type 2 (SOC 2) certification. Our clients appreciate this level of commitment, leading to increased trust.
With the increasing unpredictability and sophistication of cyber threats, we wondered why corporate organizations weren’t feeling the same sense of urgency as us to align on a plan. As consultants should do, we asked. Hahn and Silent Quadrant interviewed senior-level communication executives and IT professionals from across the U.S. and took several important findings away from the conversations.
Current Level of Cyber Attack Preparedness is Low with Unclear Implementation
When asked about having a rapid response plan, a majority of IT respondents mentioned they had a plan in place and some even did tabletop exercises to test it. When asked about how they would communicate to internal stakeholders about this plan, most were unsure and said it was not their responsibility.
On the other hand, the majority of communications executives admitted they had never seen a cybersecurity rapid response plan, or if they did, it was confusing. They also agreed external communications is a part of their job, but most didn’t think they would need specific preparation until a crisis occurred.
Cybersecurity is Ranked Lower Overall in Priority but Has Higher Negative Impacts
All participants mentioned their companies prioritized other goals over cybersecurity. Below was the ranking breakdown, with No.1 being the highest priority:
- Client satisfaction
- Business growth
- Employee and stakeholder satisfaction
- Operational efficiency
- Brand reputation
- Environmental sustainability
However, most participants agreed cybersecurity should be a higher priority because of its potential to affect core business operations.
Most Cyber Attacks are Handled Internally Until External Resources are Needed
Most participants expect to handle a cyber attack and crisis communications internally. If they choose to hire an external vendor, IT would consider their expertise and certifications, while communications focused on confidentiality. Both groups agreed they would evaluate the external vendor’s recommendations, reputation and any ready-to-use playbook with examples of specific crisis work. Smaller companies who may not already have an in-house IT or communications professional are more likely to hire an external vendor to quickly assist.
Solution | Bridge the Cybersecurity Gap with Three Steps
It’s often unclear what steps a company can take to persuade leadership on the importance of cybersecurity and effectively build and communicate a plan. Following the survey, three key solutions emerged:
Build a cyber-aware culture:
Oftentimes, leadership can’t visualize how cybersecurity can impact the bottom-line or think cybersecurity insurance is enough to cover damages. Therefore, they don’t prioritize or put funding towards it. Companies can appoint a Chief Information Security Officer to oversee cybersecurity initiatives and ensure it’s integrated and communicated throughout an organization. The Hahn team undergoes quarterly cybersecurity reviews with Silent Quadrant to ensure proper security controls are in place and operating effectively. Our team acts as a human firewall by training monthly on how to recognize and respond to threats.
Build a joint cyber rapid response plan with regular updating and testing:
Cybersecurity is an ongoing investment and requires time and funds for regular updates and maintenance. However, the cost outweighs potential risks, affecting jobs, operations, reputations and client trust. Many companies believe the chances for a data breach are low or their current security measures are sufficient. Unfortunately, as we saw with the disastrous Colonial Pipeline hack, even just one attack can come with severe effects. Hahn’s information security program is built upon the Silent Quadrant Cybersecurity Framework, which exceeds National Institute of Standards and Technology standards. With the help of a cybersecurity expert and rapid response workshops, companies can build a functional plan and continually assess one’s current security posture by testing for vulnerabilities.
Build an effective method to communicate the plan:
For a cyber rapid response plan, remove any technical jargon which could be misinterpreted or lead to confusion. Make sure everyone fully understands the procedure, roles and responsibilities. Hahn, with Silent Quadrant’s support, teaches clients to make security best practices instinctual by inviting internal stakeholders –– from legal and human resources to procurement and environment, health & safety –– to the training table.
Make the Cybersecurity Connection with Experts
Having an aligned, companywide cyber rapid response plan will help companies respond more quickly to cyber attacks, deliver consistent communication to internal and external stakeholders and take timely remedial actions.
If you’re interested in learning more about how to create a cyber-aware culture and build a cyber rapid response plan, register for our new Cybersecurity Rapid Response Workshop.