Government, media and public reaction to Yahoo's massive data breach could do for cyber-privacy what The Jungle did for the meat-packing industry.
Congresspeople are again calling for a notification standard requiring consumers to be told about a data breach "in a more timely manner," a phrase that means nothing until lobbyists and activists representing a dozen different agendas fight it out. But there will be some form of federal regulation, where none exists currently.
Read on below about the four considerations that make cybercrime a uniquely complicated corporate PR crisis:
Bad News Handbook -- With cybercrime against U.S. corporations increasing beyond already epidemic levels, its victims remain largely ambivalent about when, why and how to communicate about it.
According to the advocacy group Privacy Rights Clearinghouse, U.S. companies have been hit with more than 2,600 significant network hacks and breaches since 2010. Yet the Wall Street Journal reports that in that same period, barely one percent of all publicly traded corporations disclosed any cyber-crimes in their Securities Exchange Commission filings – an apparently glaring contradiction in this era of hyper-transparency.
For some of these companies it’s also a precarious position. Consider the potential fallout should a company be forced by events or law to disclose a significant data breach, which in turn unveils previous incidents that were kept hidden from investors and customers.
So why are so few companies not communicating beyond what's required by current disclosure regulations? Here’s one reason: As a reputation risk management problem, a network hack or data breach constitutes a uniquely complex corporate PR crisis:
It’s no wonder that senior execs are more concerned with managing cyber threats than with almost any other risk to their companies’ reputations.
And it’s why many tried-and-true rules for crisis communications no longer apply.
Influence Chronicles Blog
Field notes on the forces and sources of public truth.
Influence Chronicles blog and executive e-letter are published by SilversJacobson, a corporate reputation and crisis management firm based in Denver and Washington, D.C. Call anytime at (720) 645-1164.
To submit ideas, articles or other material for future posts, please send with name and phone number to input(at)influencechronicles.com. And it's more likely that we'll consider submitted posts if they have something to do with what our blog is about. Just sayin'.