SOX risk assessment

Cybercrime, Brand Damage Among Top Risks for Technology, Media and Communications Companies, Executives Say

Gordon Tucker, Managing Director Global Leader, Technology, Media and Telecommunications Industry Practice

If improving brand protection isn’t a top-line agenda item in the cybersecurity discussions happening at the highest levels in your organization, it needs to be. In today’s era of lightning-quick social media sharing, brand protection has become even more important — and far more challenging — for technology, media and communications (TMC) companies. Two factors play a role:

  • Expanding use of social media and mobile applications by customers and employees: It is all too easy for outsiders to acquire and misrepresent personal and proprietary information.
  • The relentless tide of cyberthreats: The Identity Theft Resource Center (ITRC) reports that the number of U.S. data breaches reached an all-time high in 2016. Several leading TMC companies were among the businesses hit with high-profile, far-reaching, costly and reputation-damaging breaches last year.

In the face of these realities, including growing public disclosures of data leaks and breaches, many TMC companies are beginning to re-evaluate how they interact with other organizations and how they safeguard against breaches. Most C-level executives in this industry group also now realize that they themselves could be targets for hackers and other malicious actors seeking to gain access to personal records and other sensitive data.

There is no doubt that TMC executives, in general, are thinking a lot more about brand protection these days. In the latest Executive Perspectives on Top Risks Survey from Protiviti and North Carolina State University’s ERM Initiative, TMC executives ranked the following risks among the top five for their industry group in 2017:

  • Social media, mobile applications and other internet-based applications may significantly impact our brand, customer relationships, regulatory compliance processes and/or how we do business, and
  • Our organization many not be sufficiently prepared to manage cyberthreats that have the potential to significantly disrupt core operations and/or damage our brand.

On the cyber-risk front, it is important for TMC companies to recognize that the customer and financial data they handle are not the only targets for hackers. An organization’s intellectual property (IP) can be even more valuable to some threat actors, including nation states. The loss or theft of IP not only could undermine a company’s ability to compete but damage its brand and reputation in unanticipated ways.

Without question, loss or theft of any type of high-value data can have lasting, negative effects on an organization from both operational and brand perspectives. Everything negative that happens to a company and becomes public can damage its brand – and cyber breaches and loss of IP are some of the fastest ways for this damage to occur. Given these considerations, management and the board must work together to manage the brand and make brand protection one of the company’s top priorities.

To engage in effective dialogue on this topic, a recent issue of Protiviti’s Board Perspectives: Risk Oversight offers some guidance: Executives should take the lead in deciding what type of interaction they would like from the board and define how they want to involve the board in the brand protection process. And if the executives haven’t done this yet, then the board should waste no time in asking for their input.

Learn about Protiviti’s Cybersecurity services and read additional posts related to Technology, Media and Communications on the The Protiviti View.

Add comment