InfluenceChronicles.com -- With cybercrime against U.S. corporations increasing beyond already epidemic levels, its victims remain largely ambivalent about when, why and how to communicate about it.
According to the advocacy group Privacy Rights Clearinghouse, U.S. companies have been hit with more than 2,600 significant network hacks and breaches since 2010. Yet the Wall Street Journal reports that in that same period, barely one percent of all publicly traded corporations disclosed any cyber-crimes in their Securities Exchange Commission filings – an apparently glaring contradiction in this era of hyper-transparency.
For some of these companies it’s also a precarious position. Consider the potential fallout should a company be forced by events or law to disclose a significant data breach, which in turn unveils previous incidents that were kept hidden from investors and customers.
So why are so few companies not communicating beyond what's required by current disclosure regulations? Here’s one reason: As a reputation risk management problem, a network hack or data breach constitutes a uniquely complex corporate PR crisis:
It’s no wonder that senior execs are more concerned with managing cyber threats than with almost any other risk to their companies’ reputations.
And it’s why many tried-and-true rules for crisis communications no longer apply.