The financial services sector has been bombarded with a myriad of issues to deal with in recent years. Now however an even greater and far more sinister threat to business stability and reputation is stalking the industry from the shadows: cyber-crime. Whilst historically it has been the mega banks and larger consumer facing institutions who have suffered most, the cyber-criminals have picked over the bones of the “big beasties”, and are increasingly turning their attention to smaller, more vulnerable prey – so beware, your business may be their next meal!
In an industry based largely on trust where it takes years to build a well-respected quality brand and minutes for it to be destroyed, the financial services sector is vulnerable to this quiet and often invisible predator. Most businesses have crisis contingency plans in place to counter those threats that you can actually see, but cyber-criminals are sophisticated animals and operate in the anonymous murky darkness – it may be hours, days or even weeks before you even realise that your system has been violated. Added to this, in many cases the UK authorities are powerless and unable to fight back as these cyber-gangs frequently operate in jurisdictions outside the UK.
Whilst the financial services sector continues to grapple with the challenges of ever evolving (and increasing) regulation, a 2015 Linedata survey, found that cybercrime presents the biggest threat to the asset management industry over the next five years. In addition to the obvious financial consequences, these events can be disastrous for businesses where trust and reputation are a vital element of their continued success. The financial services industry has a duty of care to protect sensitive information and not leave their clients’ data or hard earned cash exposed. It seems this has not gone unnoticed. In a recent survey of 20 leading UK wealth management firms by Compeer and specialist cyber insurance broker Lark, some 90 percent rated the threat of cybercrime as either high or very high and clients were at the forefront of the wealth management industry’s current investment in technology.
Whilst in communications terms one can plan for the unexpected, there is an inevitability that most businesses, however vigilant, will experience some form of cyber-attack or data breach. So how best to deal with it and minimise reputational risk?
You certainly can’t play the victim card as you have a duty of care to protect your clients and defend them against these stealthy and faceless criminals. There are numerous factors to consider: financial losses, client data, resultant regulatory breaches. It is important to ascertain as quickly as possible what exactly has happened and how your various stakeholders have been impacted before necessarily rushing to make an external statement. Until you are fully appraised of the facts and of the extent and indeed veracity of the breech, any action should be tempered with extreme caution. At Quill, we recently advised a client who was being held to ransom by alleged cyber criminals when, in fact it transpired that no data had actually been accessed.
It is as important to deal with internal communications as well as external and all messages should be consistent with and complementary to top-line corporate messaging. Being prepared and having a robust “what if” plan in place which can be quickly implemented should the worst happen will help minimise financial loss and, most importantly, minimise long-term reputational damage.
If it does happen to you, remember these cyber criminals are indiscriminate, however vigilant you may be. It isn’t personal and sadly you aren’t the only tasty morsel on their lunch menu.