United Kingdom

Reputational damage and cyber risk go hand in hand

Aon report reveals 2019’s biggest cyber threats to business

Aon’s James Trainor – former FBI Assistant Director of the Cyber Division in Washington DC – explains how cyber risk has become much more than just an operational threat to businesses and can now have a real and lasting impact on a company’s reputation.

Aon’s 2019 Global Risk Management Survey rates damage to reputation/brand and cyber as the number one and number three risks respectively for UK businesses. These findings come as no surprise to me based on my years working in the cyber field and how a company’s brand and reputation is inextricably linked to how it manages and mitigates its cyber risk.

Just take a look at some of the major data breaches over the last three to five years. Not only do companies suffer significant financial losses to remediate those events such as regulatory fines and liability expenses, but companies also suffer reputational brand harm that could impact their stock value and their ongoing ability to keep and attract customers.

 

Stock slides

Take banking group Capital One for example, which recently suffered a data breach involving 100 million customers in the US and Canada and issued a statement confirming the likely costs to its business of dealing with the incident would be around US$100-US$150 million to pay for “customer notifications, credit monitoring, technology costs, and legal support.”

Just as damaging however was the immediate reputational damage which can be seen through the hit on the share price. In the immediate aftermath of the news of the breach, the company’s share price had slid by 6%, with one analyst reported as saying: “This headline is not a good one for Capital One. We worry about longer term reputational damage and also the potential for political and regulatory actions, including penalties.” 1

The longer-term impact on reputation can’t be ignored either. According to Aon and Pentland Analytics’ report Reputation risk in the cyber age, the impact of cyber attack on shareholder value can be substantial and sustained with some companies in the report showing a fall of 25% in their market value over the year following an attack.

Customers leave

Of course, it’s not just shareholder value that is a marker of how reputation and brand have been hit. What do the customers think? One of the UK’s highest profile cyber attacks in recent years was on telecommunications firm TalkTalk which revealed that the personal details of over 150,000 customers had been hacked. In addition to the immediate cost of dealing with the incident, the company lost over 100,000 customers (as well as over a third of its company value)2. That is some reputational damage to repair and for many businesses that damage can be terminal.

Be proactive

For businesses of all sizes, managing their cyber risk is critical which means continually assessing their cyber risk profile and proactively managing their defences. But it’s also vital that they take steps to mitigate the impact that a cyber attack could have on their reputation and brand which demands a proactive approach involving an effective and instant crisis communications response.

Creating perceptions of honesty and transparency are essential if the business is going to hold on to its customers and avoid a short-term reputational hit becoming a long-term reputational disaster.

1 https://www.cnbc.com/2019/07/30/capital-one-shares-dive-after-data-breach-affecting-100-million.html

2 https://www.aon.com/getmedia/2882e8b3-2aa0-4726-9efa-005af9176496/Aon-Pentland-Analytics-Reputation-Report-2018-07-18.pdf?utm_source=aoncom&utm_medium=storypage&utm_campaign=reprisk2018