USA – ILLINOIS Trends and Developments Contributed by: Jamie Singer and Meredith Griffanti, FTI Consulting, Inc.
FTI Consulting, Inc. 227 West Monroe St, Suite 900 Chicago, IL 60606 USA
Tel: +1 847 414 1377 Fax: +1 312 759 8119 Email: jamie.singer@fticonsulting.com Web: www.fticonsulting.com
So then why do some victim companies wait to engage cybersecurity crisis communications advisors far later in the incident response process, or sometimes not at all? The short and most logical answer is that cyber- security crises are simply a lot more common than they used to be – so some victim organi- sations feel more comfortable “going it alone.” These incidents have gone from being black swan events to normal course disruptions in today’s day and age. And, most companies have templates, various plans in place, and are in fact fairly well resourced when it comes to their internal communications and marketing teams, who are adept at handling the types of crises most synonymous with their respective industries. Another reason victims wait to bring in cybersecurity crisis communications advisors far later in the game is that they do not think they have “communications issue” until the first media inquiry rolls in. However, tapping into outside perspective from crisis communications specialists, who are well- versed in the cybersecurity threat landscape and know the rhythm of the incident response pro- cess, is key to maintaining stakeholder trust in the short term and protecting reputation over the long term. In-house professionals may see
Why a Communications Team Cannot Go It Alone in a Cybersecurity Crisis The case for hiring cybersecurity crisis communications specialists When an organisation becomes aware of a potential cybersecurity event, their leadership teams are often quick to engage a number of outside advisors within the first 24 hours: their outside counsel who specialises in cybersecu- rity incident response and breach notification laws; technical experts experienced in remedia- tion, recovery and forensics investigations; and ransom negotiators trained in how to effectively dialogue with various threat actor groups. The engagement of outside experts is with good rea- son. Cybersecurity incidents, especially ransom- ware attacks involving severe operational disrup- tion, are unique and nuanced events. They are whole-of-business issues and oftentimes result in class-action lawsuits, regulatory fines, down- ward pressure on share prices, eroded custom- er trust and decreased employee engagement. Cybersecurity matters bring significant, multifac- eted risk to organisations – operational, financial, legal and reputational.
173 CHAMBERS.COM
Powered by FlippingBook