Data breaches like Uber’s might finally give communicators seat at the table

Data breaches were once solely a problem for the IT department, but as reputation increasingly becomes a make or break factor for brands, Text100 APAC's Karen Wells argues it's time to give comms professionals a seat at the table.

The introduction of mandatory reporting of data breaches under the government’s Notifiable Data Breaches has been discussed at length in IT circles over the last few months. Many of our IT security clients have been discussing how businesses can both prepare for the legislation, and respond in the event of a notifiable data breach.

What’s surprising, however, is the lack of discussion amongst PR leaders. This legislation presents a unique opportunity for communications leaders to step up and show leadership within their organisations, and demonstrate the true business value of a strategic approach to crisis communications.

The true impact of a notifiable data breach will be less about fines levied (although they could be up to $1.8 million), and much more about the damage to reputation and trust. In the US this has already played out for several companies like Chipotle and Target, whose high-profile data breaches directly impacted share prices as a result.

For anyone who might be tempted to play down the risks, know that 90% of a cyber-attack’s bottom-line impact is felt up to two years after an attack. More recently Uber’s high-profile ransomware data breach brought this issue closer to home: its effect on thousands of Australians prompted Timothy Pilgrim, Australia’s Privacy commissioner, to remind the community of the introduction of the Notifiable Data Breaches Scheme early next year.

The legislation will soon become a reality for most Australian businesses, with any organisation with an annual turnover of more than $3million per annum subject to compliance. Are they prepared for this? I fear the answer may, for most of them, still be no.

Breaches do and will happen (all the time)

As communicators, we should assume that breaches will inevitably happen. For most organisations, it’ll take more than 200 days to even realise they have been breached. And all IT professionals know that while you can work towards mitigating risk, you can never eliminate the chances of a data breach altogether. With cyber-security, businesses need to plan for the worst, and hope for the best – which is also the basis of any good crisis communications plan.

Whilst the answer to this challenge certainly starts with data protection and IT security, any risk mitigation strategies also need to be wrapped up in a robust crisis communications plan. When the worst happens, businesses need to respond effectively, and work at speed to mitigate the risk to their brands.

Communications can and should lead the way

To be prepared for the reality of inevitable data breaches, but also a regime of mandatory reporting, businesses will need both a crisis response plan – for example, is the response to ransomware to pay up? – and a crisis communications plan. Clearly there will be overlap, but it’s the crisis communications plan, developed with the clear objective of mitigating the reputational impact of a crisis on the business, that the PR community should drive and own.

This gives communicators a unique opportunity to sit alongside the C-suite, and develop a strategic plan to protect the organisation’s most vital asset: its brand. Communicators already know how to maintain authenticity and trust with multiple stakeholders and publics, even in times of crisis.

Without this kind of plan in place, one which can be adapted and executed at speed in even the most chaotic situation, an organisation is truly exposed, and will undoubtedly learn some hard lessons when the inevitable crisis finally hits. As an industry, PR has spent the past few months talking up what IT must do to stand in the gap when a breach happens. It’s time for us to also practice what we’ve preached.

Karen Wells is VP consulting and services at Text100 APAC.


Get the latest media and marketing industry news (and views) direct to your inbox.

Sign up to the free Mumbrella newsletter now.



Sign up to our free daily update to get the latest in media and marketing.