As Warren Buffett once said: “It takes 20 years to build a reputation and five minutes to ruin it. If you think about that, you’ll do things differently.”
While the financial impacts of a cyber-attack are obvious – US retailer Target revealed a worse than expected fall in first-quarter profits following a data breach earlier this year and eBay’s shares slipped 0.2 per cent, compared with a 0.9 per cent rise in the Nasdaq Composite Index, on the day the online auction site revealed that customer data had been compromised and have fallen 3.5 per cent since – the reputational and other impacts are harder to quantify.
“There is a lot more to consider than just the financials when it comes to cyber security,” says Brickendon director James Baker. “Reputation accounts for a lot in the business world.”
eBay was quick to assure the market that despite the details of 145 million of its customers being compromised there had been no breach to its online payments service PayPal and that no customer account details had been divulged. Still, some customers are expected to be deterred from using the online auction site, at least for a while until the dust settles.
RBS suffered a similar fate late last year after a series of computer glitches locked hundreds of customers out of their accounts on one of the busiest shopping days of the year. Trust in the brand plummeted.
Companies are however starting to take note. A new report by law firm Schillings, found that reputation risk management is moving up the corporate agenda, with company directors dedicating more time to the issue than ever before. Of those interviewed, 17 per cent have started to treat the management of reputation risk as a separate function with formal reporting to the board, and some companies have restructured their leadership teams and reporting systems. Five FTSE 100 companies have even introduced steering groups to focus on reputation risk.
According to industry experts, firms with strong positive reputations attract better people, are perceived as providing more value and their customers tend to be more loyal and buy a broader range of products. In addition, they have higher price-to-earnings multiples, increased market value and lower costs of capital because the market believes such companies will deliver sustained earnings and future growth.
This is increasingly prevalent in an economy where three quarters of market value comes from hard-to-assess intangible assets such as brand equity, intellectual capital and goodwill. As a result, organisations are especially vulnerable to anything that damages their reputations.
So what do companies need to do to avert such attacks to their cyber systems and in turn limit the damage to their reputation. “Firms need to deploy active defences to uncover attacks proactively,” says Baker.
“There is a massive amount of information available about potential attacks, both from external intelligence sources and from an institution’s own technology environment.
“Increasingly companies will need to develop capabilities to aggregate relevant information and analyse and tune their defence systems accordingly.
“An inadequate response to a breach by all parts of the business, including public affairs and customer service functions, can be as damaging as the breach itself.”
In the end, preventing a cyber-attack is like a virtual game of cops and robbers: the aim of the game is to convince the curious burglar that if they want the 32” television screen they will have to fight a loud dog and a home security system first.
Brickendon has a specialist cybersecurity team of consultants, including qualified ethical hackers. To find out what we can do for your business, click on btcwebdev.wpengine.com