What is the risk?

We have seen a significant increase in sophisticated cyber-attacks from the last quarter of 2022. These include attacks this week on Royal Mail and the Guardian that prompted the Financial Times front page headline: “Attacks on Royal Mail and Guardian stoke fears over surge in cyber crime”.

For the Royal Mail this resulted in a large-scale system closure. At the Guardian, sensitive and confidential details, including financial and personal data of employees and customers have been taken. This data can be used to facilitate fraud or sold on the dark web. We have also seen a resurgence in ransomware attacks that significantly impact company operations.

Our Crisis & Risk team have worked in recent weeks on cyber-attacks that potentially mirror the assault on the Guardian where it is believed an employee password authentication process was replicated and breached in a phishing attack. These attacks target employees, who allow the criminals access to company systems by accepting requests for access and authentication that are sophisticated and seem authentic. Another recent attack led to a company’s confidential data being removed from their servers, including commercially sensitive details on clients and suppliers. This was then ransomed back to the company and the criminals provided notice of the breach to selected stakeholders.

Why is this a reputational risk?

Data breaches, where customer or stakeholder data has been compromised, have attracted low and diminishing levels of media interest in recent years. However, in recent weeks the impact, such as the damage to overseas mail, and scale of attacks, including the increased number and amount of data lost, has generated significant media interest and prolonged scrutiny from journalists.

Reputational risks originate from:

• Leaks: Reporting around the attacks has included disgruntled employee commentary and leaks of internally communicated actions or impacts
• Employees: Cyber-risk is now a duty of care issue as attackers also seek to acquire personal and financial information about employees
• Customers and data subjects: Trust in your business can be damaged by concerns of fraud and poor security
• Operations: Disruption or closure of operations impacts customers lives or client and supplier businesses
• Systems: Scrutiny of the systems you have in place or lack of it.
• Confidential data: Commercially sensitive information or inappropriate internal messaging and actions become exposed.

Media interest has also focused on claims the increase in attacks is linked to geo-political issues and state actors including Russia and China. Whatever the reality of those claims, businesses risk significant damage to operations, stakeholder trust and wider reputation in the event of a significant and sophisticated attack.

What should you be doing now?

In light of the increased reputational threat, we would urge organisations to:

• Review crisis protocols and your cyber crisis response team to ensure you have the right people in place and fully trained.
• Ensure your IT team are reporting potential attacks to legal, communications and HR teams.
• Draft or review and update your cyber response playbooks, including draft communications to every stakeholder, not just a media holding statement.
• Identify and understand how customers will contact you, and how that contact will be managed, to avoid further criticism from stakeholders in a breach.
• Ensure all materials are accessible should you lose access to your server. Alternatives to regular email communication should also be secured.

Critically you must remind staff of the rising threat of phishing and other attacks.

Contact Us

Should you wish to learn more about this risk or would like support, please contact crisis@mhpgroup.com or call Barnaby Fry, Head of Crisis & Risk on 020 3128 8761

By Barnaby Fry