Visible costs of cyber attacks should send shivers up our spine, but the invisible costs have much longer ramifications and ripple effects on the well-being of our global economies and societies. With the exponential move to remote working due to the pandemic, cybercriminals have found a new playground and the path of least resistance for their malicious hacks. Cyber security is dominating world news with both state and non-state actors using cyber attacks as means to an end that varies from commercial espionage, financial theft, data stealing, scams and revengeful hactivist groups.
In a report from Accenture and the Ponemon Institute “Unlocking the Value of Improved Cybersecurity Protection,” they claim that the cost of cyberattacks is highest in the banking industry, reaching $18.3 million annually—per company! Cybercrime is costing the world economy more than $1 trillion—or just more than one percent of global GDP. This is up more than 50 percent compared to 2018, as a recent study by McAfee reveals, that put global losses at close to $600 billion.
Global internet penetration rate around the world now stands at 59.5%, although COVID-2019 has significantly impacted the reporting so the numbers are likely to be much higher. 5.22 billion people are using a mobile phone equating to over 66% of the global population glued to their screens, using mobile applications and probably low levels of cyber hygiene practices caused by insufficient awareness (Source: We are Social). The surface attack of cyber crime with around 78% of people working remotely across the globe has grown exponentially.
DAVOS 2021 compares cyber security threats as the next anticipated digital virus likely more damaging than COVID-2019.
Davos called for an intensified global network of partnerships between the private and public sector to keep the cyber virus from spreading. Building partnerships and collaborative engagement takes time and requires trust and confidence building. Time is not on our side considering the exponential rate at which cyber threats are growing at this point. Breaking down silos and coming up with sustainable solutions for long term cyber preparedness should be at the heart of a global response in our digitised century. So how do we get there?
How do organisations balance resources to focus not only on mitigation and recovery but also on preparedness and prevention?
How do small businesses compete with larger corporations and institutions who have a much higher level of cyber maturity ?
One thing that all organisations, institutions and corporations have in common is the human factor. In this area, the response options and preparedness strategy will be the same. Preparedness requires a multi-layer approach with proper stakeholder engagement management to adequately navigate the human factor. During a crisis, processes and technology are managed, but people are human beings who need to be led, inspired, and guided.
At Thrive with EQ, we focus on helping our clients exercise and develop a Stakeholder Engagement Action Plan (SEAP). Any organization should have one in place and keep it up to date to build sustainable relationships with their stakeholders based on trust and confidence-building.
Building Blocks of your SEAP
“Plans must be simple and flexible…They must be made by the people who execute them”.
— General George S. Patton
Intricate and detailed plans are not useful if those who have to be aware of their role and responsibility cannot implement them; exercising plans and understanding who does what and when is key for a plan to succeed. At the same time, a plan without a clear vision of where you want to end up is just a document that helps you fight fires. During my time at NATO, mission objectives were critical and our benchmark for achieving successful outcomes. No matter how diverse the teams, no matter their industries, backgrounds, gender, and age—we all knew where we were headed with our plans. This is at the heart of a Stakeholder Engagement Action Plan (SEAP), to help lead and guide your stakeholders throughout the crisis and disruption in the most optimal way while maintaining the human touch essential for trust and confidence building.
What are the issues?
When we face disruption and everyone is trying to extinguish fires under high levels of stress, things can easily get out of proportion. When people face the unknown, there is a gap between their mental models and their perceptions. It is a natural part of human nature to fill those gaps with stories we tell ourselves and see them as truth. So the first step is to declutter the mind, focus on the core issues, and prioritize importance. Always ask yourself when identifying the problem: “So what?” and “What’s the Impact?” Asking critical questions to scratch the surface will help you focus on the why, what requires immediate action and what can wait for later.
What are the outcomes?
What separates the human mind from any other species on this planet is our ability to imagine. We are brilliant at imagining the worst-case scenario, and worry is the first thing that comes to mind. We cannot feel fear and expect a positive outcome at the same time. When we worry, we trigger our negative emotions. We can also trigger our positive emotions and imagine what a favorable or desired outcome looks like. When you are clear on what success looks like for your stakeholders and your organization, you have a vision you can use to influence and guide others during disruption because everyone knows where they are going. The plan helps them to get there from their map of the world.
Our stakeholders have full confidence in our ability and capacity to manage any cyber threat as our people, processes and technology work together as the glue of our organisation.
Our stakeholders appreciate our regular communication with transparency and feel reassured and confident in our plan of actions, and our ability to minimize damage and mitigate risk.
What are the objectives?
When we think of objectives, we tend to focus on the business aspect alone. They need to be SMART (Specific, Measurable, Achievable, Relevant and Time-Oriented) with Key Performance Indicators (KPIs) to measure success. This is fundamental to any plan. However, in times of crisis when your stakeholders just discovered that their data has been compromised, it seems odd to start speaking about SMART objectives and KPIs to explain how you will recover and manage the situation.
Some of you reading this may laugh as no one would do this. Trust me—I have seen it many times in my 18-year career in crisis management.
The secret lies in making objectives relatable to people. Understand how your goals are going to REASSURE and build CONFIDENCE in your stakeholders that you have things under control, that you have a plan, and that you can recover with minimum loss and damage to them. It would be best if you only made these statements when you can back them up. That’s why exercising people, processes, and technology will help you identify your gaps and the areas that require enhanced maturity.
When a cyber breach is detected, our early warning system kicks into gear and an automatic process of risk assessment takes place.
A breach with low level impact is handled by our CISO and reported at our weekly Executive Board Meeting under Cyber Security updates.
Medium risk is proactively flagged to all management teams with clear guidance and actions to take to ensure mitigation measures and minimise damage.
High risk is flagged to the CEO and all management teams within 2 hours of detection. The crisis management plan which has been thoroughly exercised across people, processes and technology is followed. Every team knows what to do and how to do it based on previous simulations.
Who are your stakeholders?
You probably have a CRM database or a process for managing your relations. But do you know who your stakeholders are?
Do you know whether they have high interests in your organization and how you process and lead people?
Or do they have significant influence but no interest whatsoever in your day-to-day operations?
How will they react or respond when a cyber breach occurs?
Do they have low impulse control levels and thus are prone to making snap decisions that could have catastrophic consequences for you and your organization?
Understanding the interpersonal relations dynamics and the intent behind behaviors during times of stress is critical to managing your stakeholders’ relations. When we face high pressure from our external environment, our brain tends to go into survival mode. Our mental energy is used solely to ensure we survive as we activate our defense mechanisms. Hence, some people revert to raising their voice, communicating with anger and fear, and creating a breeding ground for non-constructive collaboration—our thinking capacity in survival mode is diminished as our emotions tend to bring out the worst in us.
Understanding how to leverage and maximize emotional intelligence within yourself and others can help you focus on the bigger picture and make decisions using your rational part of the brain, limiting any emotions that cloud our judgment. Any information related to your stakeholders should remain strictly confidential and only for the eyes of a few. The risk otherwise is that someone else can use it with malicious intent. It should be treated the same way as you store, manage and protect your customer’s data with restricted access across the organization.
What are your lines to take?
The art of communication lies not in the message but in our ability to tell a story that resonates with people’s minds and hearts. When we communicate, we tend to believe that our job is done once we have uttered the words. In reality, everyone has their own map of the world illustrated with experiences from their past, their unconscious bias, and their mental models of how they perceive the world. This varies in time and is influenced by their external environment.
Be clear on the core of your message that you want to convey, and write your statement as different stories that will resonate with your respective stakeholders. Crisis communication aims to manage people’s perceptions. And this is key for any successful communication campaign. You have to put in the work beforehand to ensure your messages convey feelings of trust and confidence in your ability to manage the crisis and minimize damage to your stakeholders. Use facts, statistics, and data to support your storytelling and speak to people’s hearts. The alternative will result in a loss of connection, trust, and in the rise of suspicion and conflict.
Who are your communicators?
It may seem obvious to have your communications manager or your media and engagement team interact with your stakeholders. In reality, rapport is built when people feel comfortable. And people feel comfortable with like-minded people. It is not the time to experiment with new ways of communications during a crisis because your successful outcomes will be delayed. Identify the people in your organization who have the right rapport with your respective stakeholders. They may be someone who is not in a senior leadership or management position but is excellent with communications and relationship building. Use that to the advantage for the greater good—there is no time for ego and power plays when you are navigating a crisis.
It is unnecessary to emphasize the importance of risk management at all times. You will never avoid a cyber attack, but you can use risk mitigation measures to ensure that residual risk is minimal. The same process can be applied to your stakeholders. You have to understand and be aware of which stakeholder poses the most significant risk for which area in your business operations.
Which stakeholder group represents an opportunity to help you mitigate the damage?
Understanding your stakeholders from a risk management perspective will yield great results for both the short and long term. You need to have a clear view of the current situation and relationship dynamics. This will help you to navigate and sustain confidence and trust with your stakeholders when disruptive events occur.
Building trust and rapport with your stakeholders can only be done through understanding the power of relations and influence, which needs to be part of a longer term strategy. Your relationships with your stakeholders will be tested and tried during cyber breaches, but it is your organisational readiness and resilience posture that will ensure their trust and confidence is unbreakable.Having a solid stakeholder engagement strategy in place that meets the needs and the environment of your organisation will reduce the pain of loosing your stakeholders and the cost of loss of confidence. In times of cyber disruption, this should never be underestimated. In an era where technology is automating much of human cognitive ability, the social skills that are unique to our humanity will make or break your organisation in times of crisis.
If you want to learn more about how Nadja can help you develop your stakeholder engagement action plan and lead change with minimal pain, book your discovery call and let’s chat!