While the immediate cost of a cyberattack is the ransoms or business loss, in the long-term, these attacks can break the trust that a brand may have developed with its consumers over years. Besides existing customers, a cybersecurity breach could make potential consumers, partners and investors wary of the company’s ability to run its business safely.
The internet was never a safe place, but in the last year it has become a landmine of notorious cyber threats—and to navigate this challenge, companies need more than just investment in security.
In 2020, India alone saw a 300% increase in the number of cyberattacks. The trends across the world were pretty similar and companies in the banking, financial services, and insurance (BFSI) sectors have been hit disproportionately.
“Outside the health sector, the financial sector has the largest share of cyber events classified as Covid-19-related in recent months,” the Bank for International Settlements said in a bulletin published in January. The international financial institution, which is owned by central banks and fosters international monetary and financial cooperation, said that a survey of financial institutions had found “a substantial rise” in phishing, suspicious scanning and malicious activity; and payment firms, insurance companies and credit unions had seen the strongest increase in hacks.
Cybercrime increased mainly because businesses were vulnerable in 2020 as they tried to adapt to remote working models due to the Covid-19 pandemic. Now, as remote working becomes the norm in several industries, such threats continue to loom large.
There is definitely a case for companies to up their cybersecurity game, and for cybersecurity firms themselves to step up to the challenges of this new world, but these attacks have one serious cost that’s often overlooked: the erosion of brand value.
While the immediate cost of such attacks are the ransoms or business losses, these crimes can break the trust that a brand may have developed with its consumers over years. Besides existing customers, a breach could make potential consumers, partners and investors wary of the company’s ability to run its business safely.
Companies across sectors run this risk, but the reputational cost of such incidents is much higher for those in the banking, financial services, insurance (BFSI) and fintech businesses as they hold the most sensitive data of retail and corporate customers.
BFSI companies are also at a higher risk right now as the Covid-19 pandemic has increased the adoption of technology in payments.
A growing problem
The pandemic has provided a big push to digital commerce. As people avoid human contact given the threat of Covid-19, transactions in traditional digital modes like net banking and mobile wallets have gone up, and next generation modes such as QR codes and contactless credit cards have become mainstream.
To keep pace with the new trends, many companies in the BFSI space have either already forged partnerships with other firms to expand their contactless payment offerings or are scouting for partners who can bring newer technologies to them.
When two financial firms tie up, both may not have the same cybersecurity standards. In such a situation, a company that has not taken cybersecurity seriously or not made enough investments to protect itself, could put the other partner at risk.
In addition, customers are now shopping online more than ever before, using their credentials on all kinds of portals and apps, which adds another layer of vulnerability for banks and fintech firms.
Reputational risk versus brand risk
The best way to ensure higher safety for their customers is communication. Proper marketing can not only stop BFSI customers from falling prey to such attacks, but even if the breach takes place, effective communication can help a company defend its brand.
“In the case of a breach, a trusting relationship requires that companies are transparent and forthcoming when mistakes inevitably happen,” researchers from the University of Virginia wrote in a 2017 paper titled The Impact of Cyber Attacks On Brand Image: Why Proactive Marketing Expertise Is Needed for Managing Data Breaches.
The researchers noted that the breach of data is not the only factor that would impact a consumer’s perception about the brand. “The response and actions that the brand takes after the crisis can have important ramifications,” they said.
A company’s inability to effectively communicate with their customers, or the use of a marketing strategy that denies the responsibility of an attack could backfire for firms. “The failure to prevent a data breach is one issue; the failure to manage the aftermath effectively can create an even greater level of mistrust,” the researchers said.
So, how can a BFSI company utilise marketing as a tool to protect its brand in the event of a cyberattack?
- Be proactive: Any company that cares for its customers needs to reach out to them and tell them that their security has been compromised. This could give customers the option to change passwords or move their money to other safer avenues. While it could be disruptive for the business in the short-term, in the longer term, it proves to the customers that the company cares for them even at its own cost.
- Be transparent and upfront: While it might seem counterintuitive, it is important to inform customers of what exactly happened. Instead of keeping them in the dark and hoping no one would ever find out the truth, open and proactive communication should be used as a powerful tool to rebuild trust.
- Crisis communication to a Cohesive communication: Traditionally, crisis communication kit is used by Corporate Communication/ PR department in such cases. But instead of sounding alarm bells the communicators needs to more inclusive and cohesive by being transparent and have a balanced tone, addressing the issue.
- Follow up communication: Once the immediate crisis is averted, the customers deserve to know what transpired and how much damage was done. A follow-up communication could prove to be pacifying and calming for customers.
- Use PR and thought leaders to communicate: The IT team is for technical work, not for communications. So, talking about a breach should not be left to the CISO. The company’s leadership should come out and put their weight behind the communication. Afterall, it’s not just a tech problem, it’s a brand reputation at risk.