Currently, the vast majority of our crisis exercises and simulations involve cyber-crime. A few years ago bird flu was the threat of choice, these days chickens don’t feature.
So it was interesting to attend an Ipsos MORI event looking at Cyber-crime and Corporate Reputation.
Pollsters may be a little out of fashion having failed to predict the outcome of the last general election and scoring pretty badly on the result of the EU referendum, but these findings on cyber-crime certainly bear looking at. As the title of the event suggests they were principally concerned with cyber-crime’s effect on corporate reputation and how companies should respond.
Their insights were based on findings from three groups: Senior corporate communicators, MPs and business and finance journalists and the general public.
The first two groups were asked what represented the greatest threat to corporate reputation.
The communicators found that a cyber security breach (42%) tied in first place with poor quality products and services as the major reputational threat companies now face. Tellingly, one of the respondents wrote: “When the IT guy calls me there is a good chance he will tell me something that I really don’t understand.” To support this comment another poll suggested that senior management had little understanding of the risks posed by cyber-crime.
MPs ranked poor quality products and services just ahead of a cyber security breach as the major threat; the journalists had poor customer service on 48% and cyber on 47%.
An MP made a salient point about how quickly the effects of a cyber-attack can be felt: “Poor service, poor products or false claims can have an effect over a period of time. If you have a cyber security breach, your reputation can be in tatters the next day.”
The public were asked their views on how companies deal with a cyber-crime. Trust was a key issue, with 47% of those polled having confidence in large organisations to keep their customer data safe.
Drilling down a little deeper it becomes more interesting, not to say confusing. When asked if they might boycott a company after a hack, 56% said they might.
However, they were then asked if they had ever stopped using a company for a variety of reasons which included: providing poor service, unfair fees and hidden charges, treating workers unfairly, losing customer data etc. Only 12% of respondents highlighted a cyber breach as a reason for moving their custom elsewhere.
During a discussion on the best way for business to safeguard against cyber-crime, preparedness came top. This was seen to include business continuity and crisis management plans and plan testing simulations. Coordination and collaboration across industry were also promoted as a way towards hampering attacks though how likely businesses are to share sensitive cyber intelligence with their competitors remains a moot point.
As Ipsos MORI’s poll results indicate, a cyber-attack can cause a severe dent in a company’s corporate reputation which is then often reflected in its balance sheet. Of course it must be borne in mind that a loss of reputation is not always a by-product of a cyber-attack; it might be the very reason for the attack in the first place.