When it comes to cyber incidents in the maritime industry companies often focus on the operational side of things. Afterall, shipping-related cyber risks that can compromise information systems, may result in operational, safety, and security failures.
Or companies might focus on the financial implications of a breach, such as ransoms or fines and compensation. Financial costs are increasingly critical as global legislation concerning data and privacy strengthen.
But what about the other risks and consequences of cyber incidents that often get less attention? What about the impact on corporate reputation?
Being resilient in the face of a cyber incident means much more than investing in cyber security and crisis readiness protocols. Shipping companies must also consider their crisis communications and media engagement plans to ensure they’re ready to minimise incorrect attribution of responsibility and protect their reputation.
A company reputation takes time, effort, and consideration to build. Customers and the public base many of their decisions on their perception of a brand. Having a good, strong company reputation is a significant asset. However, unfortunately, it is much easier to lose a good reputation than it is to lose a bad one.
The reputational repercussions of a cyber incident tend to last longer and have a greater impact than the singular fine or short-term impact on operations. Trust is one of the key drivers of business success and when your customers don’t trust you with the things that matter, like security and data, they won’t want to do business with you, resulting in major implications for your bottom line.
The reputational impacts of a cyber incident can linger long after the financial or operational shortfalls are resolved – in some cases corporate reputations never recover.
There are many moving parts and questions when you’re in the midst of a cyber incident. Your organisation is most likely trying to protect itself from any further compromise, identify the root cause of the attack, determine the extent of damage, and much more. However, there is always a risk you are doing all these things under media and public scrutiny.
Businesses who deal with their crisis in the media spotlight, tend to experience an immediate reputational impact and, depending on the extent of the cyber incident, companies may find themselves on the front pages of newspapers. Even if your cyber incident doesn’t become the biggest headline, you still risk your company name going viral on social media.
How your organisation behaves once the crisis hits matters. A lot is riding on how you disclose and remedy a cyber incident. Customers, authorities, partners, and society are all concerned about your company’s ability to secure systems going forward. Hence, it is critical to communicate with your audiences during a cyber incident to reassure them of your capability to handle the problem.
Some businesses believe that not every cyber incident has to be disclosed, or that it can’t happen to them. Both are major problems as cyber incidents and data breaches are globally considered a regulatory issue, including by the International Maritime Organisation. Without having proper processes in place to shape your crisis response and crisis communications, your organisation cannot protect its reputation and is constantly at risk.
With the right plan and effective crisis communications, your organisation can survive the initial blowout and successfully navigate the crisis, meaning the lasting impact of the event may not be as bad as you might imagine. But remember, even though you can mitigate the reputational impact of a cyber incident, it is always better to invest in preventative measures that protect you from one in the first place. Being prepared for a cyber crisis also means your organisation reduces the risks to your reputation.