September 7, 2016

Companies must start planning now to comply with tech-security regulations


This article originally appeared in PR Week.

The date 9/11 is firmly etched in the history books for all the wrong reasons. On that fateful day, four co-ordinated terrorist attacks on sites in the US killed 2996 people and injured more than 6000, changing the dynamics of risk as perceived by governments and corporates the world over.

Remarkably, just 15 years ago many of us didn’t even own a mobile phone and certainly not a smartphone. I remember being huddled around a (terrestrial) TV screen in the office watching the shocking news unfold – Facebook hadn’t yet been launched and the internet was in its relative infancy.

At the time there were only 361 million internet users, just 5.8% of the world’s population; most of us were still consuming news via traditional channels. Today, there are more than three billion – 42.7 per cent of mankind.

If such an atrocity were to happen again, the dissemination of news would be immediate and almost certainly citizen-driven rather than media-driven.

Since then, the corporate communications landscape has had to evolve almost beyond recognition. Genuine, two-way, multichannel collaboration with all internal and external stakeholders is now vital both in ‘peacetime’ and during a live crisis, if an organisation is ever to truly understand and mitigate its risks.

Ask any corporate risk committee and one would now expect to see business interruptions caused by unforeseen external threats appearing somewhere on their radar. Whether it’s airport disruption or city-centre chaos, even those not directly in the line of terrorist action can be affected and need contingency plans. Only by working collaboratively can we all gain comprehensive ‘horizon-scanning’ intelligence and get the right mitigation plans in place.

But what about the threats lurking closer to home? While technological advances have helped reduce certain risks (remember the floppy disks and CDs of data we used to carry around?), they have also brought newer, arguably larger, risks. According to a UK government survey, 90 per cent of big organisations experienced some kind of cyber-security breach last year alone – up from 81 per cent in 2014.

With areas of cyber vulnerability ranging from small-scale, internal-system fraud to high-profile, data-security breaches, there’s an urgent need for boards to become cyber-literate. They need to be asking the right questions of their colleagues and suppliers to ensure these emerging risks are mitigated.

The new cyber-security and data-privacy laws give directors a £17m reason to get their posture right. Organisations must start taking key steps now to enhance their tech security before new regulation hits in May 2018. Corporate communications professionals have a key role.

Often the facilitator of collaborative, cross-functional discussions about opportunities, why not extend this to risk? Whether it’s terrorist attacks, an internal governance-related issue or a cyber breach, we all have a part to play in building business resilience.