Preparing for Cyber Security and Data Breaches

« Back

Failing to plan is planning to fail.
We attended a NIRI-hosted panel on cyber security and data breach in San Francisco, and we have been contemplating the implications for our client companies. The panel was hosted by Brandie Claborn, VP of Global Corporate Communications at Intel Security and included Mike Piazza – Partner at DLA Piper, Heather Wilson – EVP and Managing Director at MWW Group, and Ernest Hilbert – VP of Cyber Security Services at Gavin de Becker and Associates and former FBI agent specializing in cyber and white-collar crime.

It is surprising how often companies are hacked.  Despite this, the panelists agreed that receiving financial support to establish cyber security breach prevention programs can be challenging. Companies that preemptively establish cybersecurity response protocols are better prepared to protect their brand, reputation, and shareholder value during a breach.

What systems does your organization have in place in case of a corporate data breach?

212 – A key number.
According to Mr. Hilbert, 212 is the average number of days that hackers access a company’s files before being detected; however, he notes that in some cases this period can last up to five years.  Unbeknownst to the company, intruders lurk in confidential files, targeting personal identification and email chains between R&D staff and members of the C-suite, in search of conniving ways to capitalize on cyber infrastructure weakness. As expected, smaller enterprises such as micro-cap medical technology and development stage biotechnology companies are especially vulnerable to cyber-crime attributed to the inherent risks of having less sophisticated cybersecurity systems in place.  Strikingly, results from a BBR services study revealed that 56% of data breaches occurring domestically take place within the healthcare industry.[1] Nevertheless, crime does not discriminate; Mr. Hilbert also notes that most data breaches originate internally with reconnaissance activities of federal agents greatly focused on employee social media accounts.

Cybersecurity Breach Impact – more at stake than meets the eye.
The room generally agreed that cybersecurity breaches are commonly perceived as mainly a public relations matter; however, examination of historical instances suggests repercussions that are often underestimated.  Recall that Target Corp’s (NYSE: TGT) profit fell 46% in the fourth quarter of 2013 and 34% for the full year after the company announced the compromise of financial information for millions of its customers.[2]  On the healthcare front, Abbott Laboratories (NYSE: ABT) shares dipped 1.9% after receiving a warning letter from FDA pointing to the risk of hacking and external manipulation of certain defibrillators and pacemakers.[3]  Beyond a dwindling market capitalization, responding to cybersecurity breaches can be a costly endeavor.  For example, compromising a company’s brand can put pressure on sales while tightening bottom-line income from added expenses associated with hiring legal counsel and additional IT services. These factors can bring volatility to the stock as investors become cautious of the management team’s ability to execute an appropriate response to compromised confidential corporate files.  No matter how you frame it, preparing for a cybersecurity breach is more than likely the wisest choice.

So, what can be done today and how does this relate to Investor Relations?
Our takeaway from the cybersecurity KOL panel was that it is of utmost importance for investor relations professionals to advocate for the preparation of cybersecurity and data breaches by establishing a response protocol. Companies are encouraged to reach out to their local government law enforcement agency to establish a continuing relationship before a potential data breach.  When it comes to public communication, avoid making premature statements that are incriminating in nature, as it can often lead to class action lawsuits.

Recently, Apple Inc. (Nasdaq: AAPL) was targeted by a group of hackers that threatened to wipe out Apple devices unless the company paid them $75,000 to $100,000 worth of merchandise.  Prudently, Apple’s management team avoided releasing any statements and focused on their response protocol, which found that the data leak did not originate from any weakness in Apple’s cybersecurity systems.[4]  AAPL shares fell roughly 1% on the close during announcement of the breach.  Following a statement made by the company that the investigation did not reveal a breach of its iCloud system, AAPL shares quickly recovered to normal levels the next day.  A look at Apple’s investor relations strategy in response to the hackers suggests that a well-planned, data-breach protocol is an effective way to mitigate damage to a company’s brand name.  Hence, failing to plan is the biggest mistake companies can make when it comes to managing cybersecurity threats.

Conclusion – plan ahead.
Our professionals have worked with dozens of companies to create crisis communications plans for when things go awry. We can help you develop a multi-pronged plan to address overall crisis communications or one specific to a cyber breach. This includes defining who in your organization needs to be involved immediately, in order to quickly determine an investigation timeline and a process for communication development.

Knowing in advance what protective measures are in place is key to mitigating any crisis. We would love to partner with you to educate your employees and address these potential threats to your business while establishing proper procedures and protocols.

Leigh Salvo, Managing Director

[1] Ford, M (2017, April 27). Device Hacking, Cybersecurity Becoming Growing Concerns for Med-Tech Companies. Medical Device Daily, 21(81), 1-3.

[2] McGrath, M. (2014, February 26). Target Profit Falls 46% on Credit Card Breach and the Hits Could Keep on Coming. Forbes. Retrieved from

[3] Teitelbaum, R. (2017, April 17). Cyber Insurance Becomes a Must for More Manufacturers. The Wall Street Journal. Retrieved from

[4] Hackett, R. (2017, March 22). Apple Responds to Hacker’s Threat to Wipe Hundreds of Millions of iPhones. Tech-Fortune. Retrieved from

« Back

Leave a Reply

Your email address will not be published. Required fields are marked *