Cybersecurity and Risk Expert Says Brands Should Make Better Crisis Management Plans
All publicity is good publicity, right? Many aggressive CMOs may agree, but it is hard for this adage to hold given the kind of scathing publicity one major credit bureau got this past week. Their data breach quickly became a brand breach — and a crisis for the company and their entire sector. Unfortunately, the key difference between that company and your company is that their data breach is public.
Lisa Hook, CEO of Neustar, moderated this timely conversation with Rodney Joffe, Senior Vice President and Fellow, who has served on the FCC’s Communications, Security, Reliability and Interoperability Council (CSRIC). This conversation focused not only on the threats that companies face, but also on how CMOs can — and should — lead within their organization to proactively mitigate these brand breaches. As Joffe put it:
“Companies need to prepare a crisis management plan upfront. The wrong time to develop a plan is in the middle of a firefight.”
So if a company, such as a major credit bureau, that is likely sophisticated with cybersecurity and is ostensibly adept at managing sensitive data, can be so vulnerable, then what should other companies do?
First, Joffe says, CMOs need to get to know their CIO — someone whom they likely rarely interact with. The CMO and CIO should develop the crisis management plan on behalf of the company, pulling in the right people internally and, if needed, the right external consultants. They also need to ensure that the crisis management team meets at least bi-weekly. Otherwise, that team will not have the muscle memory to react in a timely fashion during a data breach.
The next step a CMO should take is to reach out to counterparts at their competitors. In most circumstances, this would be discouraged for business and legal reasons. Fortunately, the government will provide safe harbor against industry collusion when collaborating to protect consumers in this case.
Companies in the same industry likely have similar data collection, management, and usage dynamics, so there is no better outside entity to plan with. Moreover, a data breach at one company erodes consumer confidence with others in their sector. Even though data at only one credit bureau was breached, consumers are concerned about their data at all three credit bureaus. In this case, cybersecurity is not a company’s competitive advantage meant to be safeguarded, but collectively an industry’s risk that needs to be addressed. In this landscape where data breaches continuously make front-page headlines and the CMO is the foremost steward of the brand, it is incumbent upon the CMO to lead their company’s data breach crisis response plan.
What’s your plan?