Posted by CN - February 26, 2017 - Crisis Preparedness, News & Analysis, Risk Management
Late last week, internet service provider Cloudflare disclosed that a software bug allowed its system to embed bits of sensitive customer data in as many as 120,000 web pages it served per day for the past five months.
Even though the resulting damage likely will be minimal, the story serves as a reminder about the breadth of risks companies must manage.
You’re Accountable For Your Cyber Supply Chain
A company’s cyber supply chain can harbor just as much brand risk as supply chains in the brick and mortar world. In the 1990s, apparel firms learned that consumers held them accountable for their global supply chains, which were very complex and in some cases involved some unsavory subcontractors several levels down in the chain. Among other things, the melamine crises of the last decade proved the same is true in the consumer products industry.
In the constant battle to maintain security of information and cyber systems, companies will be held accountable for the integrity and security of their suppliers’ systems. Cloudflare is getting the news coverage now, but if anything really bad happened as a result of this situation, it would be the company’s clients – such as Uber, Cisco, Nasdaq, OkCupid, and Salesforce – whose brands could sustain the damage.
Teams responsible for cyber security and brand protection at major companies need to include this in their risk identification and mitigation calculus, as well as their crisis preparedness plans.
Putting It All In Context
Cloudflare handles about 10 percent of all internet traffic – billions of page requests every day. According to the company, the bug affected only one in every 3.3 million page requests. And when it did happen, the embedded private information would most likely have gone unnoticed or been unintelligible to the recipient.
Furthermore, the company responded immediately, issuing a preliminary fix within an hour and providing a permanent patch within seven hours, according to Wired.
Still, a number of Cloudflare’s corporate clients will have to make determinations about whether to notify their customers.
Posted by CN - October 1, 2010 - Crisis Management, Crisis Preparedness, Issues Management, Litigation Communications, News & Analysis, Public Affairs, Quick Thoughts, Risk Management, Theory & Practice
Today’s CEOs face an unprecedented set of threats that go way beyond the cutthroat competition and organizational challenges normally in the purview of corporate leaders.
- Underlying operating risks can explode into catastrophes with little or no warning.
- Political interest groups and activists attack high-profile brands to drive attention to their causes.
- News reports and scientific studies identify new health risks every day.
- Issues like global warming are changing the way consumers, governments, companies, special interests, and markets behave and interact.
- Governments are dramatically reshaping the business environment, creating political risks and operating pitfalls for companies.
- The public constantly questions whether companies are prepared for disaster.
- Minute-by-minute media reports feed the public’s insatiable appetite for stories of scandal, tragedy, incompetence, greed, and conspiracy.
- Shareholders can turn instantly on companies that don’t create wealth each quarter.
As they face these circumstances, how companies interact with their stakeholders makes all the difference. When successful, they can reassure people and build loyalty, even in bad situations. When they fail, they may alienate customers, employees, or business partners enough that the business can’t survive. After all, companies can’t exist if their customers, employees, and other stakeholders won’t do business with them. And government regulations, whether appropriate or not, can stifle a company’s ability to turn a profit.
Risks, Crises, Contentious Issues, and What Companies Can Do About Them
To minimize the impact of risks, crises, and social issues, corporate leaders need to several things:
- Assign a senior executive formal responsibility for:
- Coordinating all the protective functions within the company
- Building and maintaining a comprehensive corporate perspective about the full spectrum of threats that could affect the business
- Establish a system for listening to stakeholders and anticipating issues and potential crisis scenarios
- Determine and make the appropriate investments in preparedness
- Ensure all employees take responsibility for safety and protecting the company
- Identify opportunities to shape social issues either to the company’s benefit or to minimize the issues’ potential impact
- Retain external crisis management and issues management advisers to provide unvarnished counsel to management
With these ideas in mind, The Crisis Adviser offers an opportunity to delve into these ideas more thoroughly. The Advisory section will include thoughts on current events in the News & Analysis posts, as well as more theoretical posts in the category Theory & Practice. I hope you find it thought provoking and helpful. And if you have any thoughts or questions, feel free to contact me or post your thoughts on the site.
