By Jeff Hahn, principal of Hahn, and Kenneth Holley, Principal and chairman of Silent Quadrant
With the increasing unpredictability and sophistication of cyber threats, IT and communications departments must align and build a joint cybersecurity strategy to protect client information and stakeholders from costly negative impacts.
Statista reports between 2023 and 2028, the global estimated cost of cyber crime is forecasted to increase by $5.7 trillion. By 2028, the cost of cybercrime worldwide is estimated to more than double to $13.82 trillion.
To further understand what may be causing a disconnect between IT and communications departments on prioritizing cybersecurity, Hahn and Silent Quadrant interviewed senior-level communication executives and IT professionals across the U.S.
Among the majority of participants, the findings showed the current level of cyber attack preparedness is low with unclear implementation. A majority of IT respondents had a rapid response plan in place but didn’t know how or who was responsible for communicating it. Most of the communications executives admitted never seeing a rapid response plan, or if they did, it was confusing.
In terms of prioritization, out of eight items, cybersecurity was ranked fifth overall. All participants mentioned their companies prioritized other goals over cybersecurity, such as client satisfaction and business growth. However, most participants agreed cybersecurity should be a higher priority because of its potential to affect core business operations.
For most participants, cyber attacks are handled internally until external resources are needed. When determining whether to bring in an external vendor, IT considered expertise and certifications, while communications focused on confidentiality. Smaller companies who may not have the right expertise in-house are more likely to hire an external vendor.
It’s often unclear what steps a company can take to persuade leadership on the importance of cybersecurity and effectively build and communicate a plan. Following the survey, three key solutions emerged on how to bridge the cybersecurity gap between IT and communications departments.
Build a cyber-aware culture:
Oftentimes, leadership can’t visualize how cybersecurity can impact the bottom-line or think cybersecurity insurance is enough to cover damages. Therefore, they don’t prioritize or put funding towards it. Companies can appoint a Chief Information Security Officer to oversee cybersecurity initiatives and ensure it’s integrated and communicated throughout an organization. The Hahn team undergoes quarterly cybersecurity reviews with Silent Quadrant to ensure proper security controls are in place and operating effectively. Our team acts as a human firewall by training monthly on how to recognize and respond to threats.
Build a joint cyber rapid response plan with regular updating and testing:
Cybersecurity is an ongoing investment and requires time and funds for regular updates and maintenance. However, the cost outweighs potential risks, affecting jobs, operations, reputations and client trust. Many companies believe the chances for a data breach are low or their current security measures are sufficient. Unfortunately, as we saw with the disastrous Colonial Pipeline hack, even just one attack can come with severe effects. Hahn’s information security program is built upon the Silent Quadrant Cybersecurity Framework, which exceeds National Institute of Standards and Technology standards. With the help of a cybersecurity experts and rapid response workshops, companies can build a functional plan and continually assess one’s current security posture by testing for vulnerabilities.
Build an effective method to communicate the plan:
For a cyber rapid response plan, remove any technical jargon which could be misinterpreted or lead to confusion. Make sure everyone fully understands the procedure, roles and responsibilities. Hahn, with Silent Quadrant’s support, teaches clients to make security best practices instinctual by inviting internal stakeholders –– from legal and human resources to procurement and environment, health & safety –– to the training table.
Having an aligned, companywide cyber rapid response plan will help companies respond more quickly to cyber attacks, deliver consistent communication to all stakeholders and take timely remedial actions. This is a necessary responsibility as gatekeepers of client information to provide that level of security and trust.
About the Authors
Jeff Hahn is the principal of Hahn, an Austin-based predictive marketing firm, and author of Breaking Bad News. He is a crisis communication expert with 30 years experience in communications and public relations. He can be reached on LinkedIn or by email at jeff.hahn@hahn.agency.
Kenneth Holley is the principal and chairman of Silent Quadrant, a digital protection agency. He founded Silent Quadrant in 1993, and since then, it’s delivered incomparable digital security, digital transformation, and digital risk management within the world’s most influential government affairs firms, associations, and US businesses. With a particular focus on infrastructure security and data protection, he’s assisted many clients, including foreign sovereignties, ensure brand and profile security. He can be reached on the Silent Quadrant website, LinkedIn or by email at kenneth@silentquadrant.com