In the wake of the SEC‘s adoption of new cybersecurity rules, PR, communications, and marketing professionals play a crucial role in helping businesses navigate the evolving landscape and maintain trust with stakeholders. Here’s what they should do to address cybersecurity concerns effectively:
#1 – Craft Clear and Transparent Cybersecurity Messaging:
“Whether a company loses a factory in a fire — or millions of files in a cybersecurity incident — it may be material to investors,” said SEC Chair Gary Gensler. “Currently, many public companies provide cybersecurity disclosure to investors. I think companies and investors alike, however, would benefit if this disclosure were made in a more consistent, comparable, and decision-useful way. Through helping to ensure that companies disclose material cybersecurity information, today’s rules will benefit investors, companies, and the markets connecting them.”
As a proactive measure, PR and communications teams must work closely with the cybersecurity and legal departments to craft clear and transparent messaging about the organization’s cybersecurity practices. This messaging should outline the measures taken to protect sensitive data and the company’s commitment to safeguarding stakeholders’ interests. Emphasize the implementation of strong cybersecurity measures, employee training, and proactive risk management to reassure investors, customers, and partners.
#2 – Prepare for Incident Response Communications:
Despite robust cybersecurity measures, incidents may still occur. PR and communications professionals should collaborate with the cybersecurity team to develop a comprehensive incident response communication plan, in advance. This plan should outline how the company will respond to a cybersecurity incident, whom to contact within the organization, and how to communicate with stakeholders, including customers, partners, and the media. Quick and transparent communication during such incidents can mitigate reputational damage and instill confidence in the company’s ability to handle crises effectively within the required timeframe:
“In most cases such reports will be due four business days after the company decides that an incident is material. The company will be able to delay making the disclosure if the US Attorney General determines that revealing the incident would pose a substantial risk to national security or public safety.” wrote Ben Maiden, IR Magazine.
#3 – Educate Employees on Communicating Cybersecurity:
Employees are not only the first line of defense against cyber threats but also potential sources of cybersecurity incidents through unintentional actions. PR and communications professionals should work with HR and cybersecurity teams to provide regular training on secure communication practices. Employees should be aware of the risks associated with sharing sensitive information and the importance of following established communication protocols.
#4 – Highlight Cybersecurity Initiatives in Marketing Efforts:
Marketing professionals can leverage the company’s strong cybersecurity practices as a competitive advantage. Highlighting robust security measures in marketing materials, websites, and social media platforms can reassure customers and potential clients that their data is safe with the company. Demonstrating a commitment to cybersecurity can also be a selling point in industries where data protection is a significant concern.
#5 – Collaborate with External Experts:
PR, communications, and marketing professionals should establish relationships with external cybersecurity experts, trusted strategic partners and industry influencers. These experts can provide valuable insights and help in crafting persuasive messaging around the company’s cybersecurity initiatives. In times of crisis, having these connections can be invaluable for providing accurate and up-to-date information to the public and the media.
#6 – Stay Updated on Cybersecurity Trends and News:
In the rapidly evolving cybersecurity landscape, staying informed about the latest threats, best practices, and regulatory changes is essential. PR, communications, and marketing professionals should stay updated on cybersecurity trends and news to proactively address potential concerns raised by stakeholders. Regularly communicating the company’s efforts to adapt to new cybersecurity challenges will demonstrate a commitment to continuous improvement.
PR, communications, and marketing professionals are instrumental in shaping how the public perceives a company’s cybersecurity efforts. By crafting transparent and reassuring messages, preparing for incident response, educating employees, highlighting cybersecurity initiatives in marketing efforts, collaborating with external experts, and staying informed on cybersecurity trends, these professionals can help businesses build trust and maintain strong relationships with their stakeholders. The combined efforts of all departments, along with proactive cybersecurity practices, will ensure that businesses not only comply with the SEC’s new rules but also foster a secure and resilient environment for everyone involved.
Never Miss a Chance to Get Ahead
Every leader needs a trusted team of strategic advisors as they navigate challenges in a rapidly changing world. Experience firsthand how the right team can make an impact on your brand and business performance – to request a consultation today, Contact Us.