Companies are facing increasing pressure to prioritize cybersecurity to remain competitive in the modern business landscape. Today, customers are making purchasing decisions based on a company’s ability to protect their data and investments, while investors are scrutinizing cybersecurity measures just as closely as they do financial reports.
This heightened awareness of cyber risk is not just due to daily headlines of high-profile breaches; it is also a result of the COVID pandemic and the rise of cloud-based infrastructure. As such, enterprise risk posture has become a critical factor for investors, equity shareholders, acquirers, and merger candidates.
To address this growing concern, marketing teams, legal teams, and investor relations professionals need to adopt a new discipline: to integrate cyber assurance into their external and internal communications.
In a recent Forrester survey, security decision-makers ranked investors last on their list of stakeholders to receive cyber performance reporting. This contradicts the importance investors place on cybersecurity when it comes to governance issues. It highlights the need for companies to refocus their marketing strategies on cyber with a strategy of ultra-transparency.
One of the key drivers in this shift is a proposed ruling by the Securities and Exchange Commission (SEC), which would require public companies to disclose material security incidents within four days. This proposed legislation is leading to a new level of reporting that could eclipse the historical impact of the 2002 Sarbanes-Oxley Act, making it much more vital for companies to prioritize cybersecurity.
To close the gap between security posture and market confidence, companies need to integrate cyber assurance into their customer and investor communications. Here are some of the best enterprise strategies to achieve this goal:
1. Establish an investor relation cyber program – A corporate Trust Center that is featured prominently on the company’s website helps showcase risk management priorities, security policies, privacy assurance practices, and compliance information for all divisions and product lines. Compliance frameworks can be used as proof points linking security posture with operational resilience and brand trust.
2. Link security posture to performance metrics – Provide visibility to investors through presentations and regular financial reporting that validates management’s intentions and demonstrates a cyber program’s effectiveness. Investors value quantitative, objective metrics that tie cybersecurity performance and outcomes to policies, controls, governance, and procedures.
3. Convey your risk philosophy – Companies cannot eliminate risk, so they must rely on experience and intuition to inform a strategic hierarchy of vulnerabilities and philosophies that drive remediation strategies. Companies can convey a pragmatic strategy by identifying the company’s unique threat landscape, the types of attacks it’s likely to face, which factors can be controlled, what risks the company is willing to take, and how those decisions are made.
4. Incorporate the supply chain – The supply chain is a significant factor in determining a company’s overall security posture. Companies need to ensure their suppliers and partners adhere to their strict cybersecurity protocols and processes.
5. Leverage a multi-pronged communication approach – Companies should prepare PR, IR, and legal teams to move quickly with every incident. Collaboration through the Trust Center helps develop a “damage report” process that makes sense of breaches when they happen and communicates remediation strategy in real-time. Companies need to integrate Trust Center content into sales team materials, periodic financial reporting, and presentations to the board of directors.
With this circle of trust established, all stakeholders – from investors to customers – can have confidence in their relationships and within their spheres of influence. Companies can prioritize transparency and cyber integrity throughout all enterprise communications, ensuring they can achieve financial success while still maintaining the trust of their customers and investors.