‘Reputation, reputation, reputation! O, I have lost my reputation! I have lost the immortal part of myself, and what remains is bestial.’ So says Shakespeare’s Othello and not many were more jealous or proud of guarding their reputation than the warrior Moor was – or more devastated and damaged by its loss.
Today, most enterprises are just as precious about their reputations. Lose that through poor practices and unsound judgment, they realise, and they may never win back the trust they have striven for so tirelessly from both their customers and the industry. And when trust is lost, reputation is undone. How badly? According to Edelman’s 2014 Trust Barometer, 53% of people surveyed in the UK refused to buy products from distrusted companies, while 56% of them would criticise the company to a friend, with 30% sharing negative opinions online.
As cyber-attacks continue to evolve, and data breaches become all too common, the knock-on cost to businesses is growing. Add social media into the mix and a relatively simple mishap can have a far-reaching impact on the reputation of an organisation or brand. All of which should serve as a warning to organisations everywhere that they need to take every possible action to minimise the risks that today’s threat landscape relentlessly presents to corporate reputation.
So, whether enterprises are rationalising storage or moving to the cloud, identifying and protecting core information (either company IP or customer data), or undertaking compliance projects on stored data, reputational risk must be considered.
Underlying that risk is a powerful information agenda. People want to feel they have the right visibility and control to protect their company’s key information. We, at Symantec, operate at the heart of that proposition. We are the only people that serve a company from the birth to death of information. We are there at every stage. Moreover, our constant monitoring of the threat landscape means we know where the greatest risk for businesses is concentrated at any time.
Reducing the level of reputational risk is fundamental to business practice, because information is today’s currency – the lifeblood of an organisation – and, being such a highly valuable commodity, there are ever more incidents targeting that information. Therefore understanding exactly what information an organisation needs to protect has never been more critical.
While the hyper-connected world brings numerous benefits, it also presents significant business and success risks to an organisation’s reputation. With both external and insider threats increasing, the business and its board need to understand today’s cyber risks, in order to prioritise, manage and balance these. Enterprises must recognise it is not only IT failures, threats to data security and cyber-attacks that must be taken into account, along with their immediate financial impact, but also the longer-term risk to reputation. Most worrying is the apparent lack of awareness of the scale of the damage that can be done by a successful attack.
It needs to change – and quickly; because, while cyber risk has traditionally been a problem owned by IT experts, that is no longer the case. With far harsher EU-wide regulatory penalties now receiving support from the European Parliament – and the general public much more privacy-aware – companies and the board need to anticipate and prepare for an increasingly tougher environment in the coming years and with this the potential for ever-increasing reputational damage.
Enterprises need to put the right measures in place to shore up their defences. They need to enable cross-team working to ensure the potential financial reputational impact from cyber risk and IT incidents is delivered to the board in a consistent and transparent manner. Most importantly, risk planning needs to adopt a collaborative approach across teams, so the impact of cyber risk is clearly recognised and understood – not just on the bottom line, but equally on a company’s reputation.