Building Trust in the Age of Cyberattacks: Why Secure Secrets Management is Critical

What Does Company Reputation Do for You?

Various important measures are associated with a company’s reputation. For instance, customer choice tends to favor more reputable businesses in a competitive field, given two primary assumptions: the customer is well informed, and their choices are competitive in price, quality, and availability. Nevertheless, when information is available, reputation drives customer choice.

There are also far more measurable valuations tied to company reputation. Reputation operates as its own form of capital in the investment world. Whether it fuels VC attention or stock market estimation, reputation brings value far beyond a company’s asset package or brand recognition. It pays further dividends in conjunction with assets and branding, and reputation drives direct investment back into the product and its outreach.

The common saying “all press is good press” isn’t true regarding cybersecurity. A negative reputation with customers, investors, or legislators can lead to immediate consequences, with the risk of additional loss over time as more bad press accumulates. The negative reputation associated with falling stock prices, often caused by a reputation-damaging incident, further drives down prices as investors decide their money is better placed elsewhere.

Here, we'll look at how cybersecurity incidents like data breaches impact reputation and the steps your platform or company can take to avoid further damage in its wake.

Cybersecurity Breaches Affect Value Holistically

Data breaches are more common than you might expect. Of the Chief Information Security Officers (CISOs) who responded to Splunk’s CISO Report, 96% fell victim to a ransomware attack in the past year. 83% paid up, and 1 in 11 paid more than a million dollars. More than half paid over $100k, and more than half responded that the ransomware attack significantly impacted business systems and operations.

Breaches, like ransomware attacks, may include loss or damage of proprietary information and payouts of significant amounts of money. Expensive and lengthy litigation further impacts the growth and development of assets and branding. Product recalls, platform downtime, disruption of marketing timelines, or any number of other factors may also hinder growth and development.

Yet, even in the event of a breach, all is not lost. Proper security practices can mitigate the size and scope of the breach and help repair damage quickly. A secrets manager with continuous monitoring and auditing allows an incident response team to identify the compromised credentials used during the breach and seamlessly rotate them out.

Beyond the Physical: Reputation Impact in the Wake of a Breach

The external response to cybersecurity incidents is just as important as the internal response, and it significantly determines future reputation.

A study conducted by Pentland Analytics following shareholder value in companies affected by data breaches highlights the importance of this public response following a crisis. Even in 2000, before the advent of social media, post-incident portfolio valuation split into two groups, which Pentland Analytics identifies as winners and losers. The winner's group saw the valuation of their portfolio rise after their cybersecurity incident. According to the study, “Winners go on to outperform investors’ pre-crisis expectations.” (Reputation Risk in the Cyber Age, 13)

On the other hand, the losers saw their portfolio valuation continue to drop in the year following the breach. More staggering, even, is the speed at which the market decides a company’s fate. “The market is rapid in its judgment as to which group a company will belong, and it takes only a few trading days for the divergence in performance to become clear. The value loss by Day 5 strongly predicts the value position at the end of the post-event year.” (Reputation Risk, 13)

This study was first conducted in 2000 and then again in 2018 to investigate how this market valuation has changed. As it turns out, the effect has only increased over time: “The value impact of reputation crises has doubled since the advent of social media.” (Reputation Risk, 14)

Data breaches are significant crisis events but may also be growth opportunities. A company’s response in the wake of a breach determines which of these two diverging groups it becomes—whether a strong response reassures investors that the future is bright or a lackluster one begins a long journey of value loss.

Why is this Happening?

The author of the Pentland Analytics report, Dr. Deborah Pretty, sums up the mechanism behind this strange valuation phenomenon concisely:

“At times of crisis, the market receives substantially more information about a company and, in particular, about its management, than would be received in usual circumstances. Investors use this additional information to re-assess their expectations of future cash flow. This re-estimation process results in a dramatic divergence in the consensus view reflected in the market price. Some management teams impress, and expectations of future performance are even higher than prior to the crisis. Others disappoint, and investors’ confidence in the ability of management to generate value is shattered.” (Reputation Risk in the Cyber Age, 14)

What does a proper response look like?

In a reputation crisis, there are a few critical elements to a strong public-facing response.

Twofold Timeliness

• The response team must be aware of the attack surface and equipped with the proper tools to identify and close the breach as quickly as possible.
• The company must relay pertinent information to the public quickly and accurately.

Transparency

• The incident response must make clear the scope of the breach, how it occurred, and what steps are being taken to remedy it.

Responsibility

• Proper responsibility and accountability are essential in earning back lost trust. This includes taking responsibility for implementing faulty practices, failing to invest in better ones, and acquiring the tools and techniques to prevent future incidents.

Customers Respect

• Making the situation whole, particularly for the consumer, goes a long way in future reputation evaluation. Home Depot, for instance, provided free credit monitoring for all customers affected by its data breach.

Strong Centralized Leadership

• Strong leadership affects all aspects of a proper response and additionally alleviates concerns that the company needs clear direction. Strong leadership respects the customer base by speaking to them promptly and transparently and ensuring proper responsibility is taken.

Forward-Facing Plan

• Beyond timely and transparent communication, a proper breach response includes altering the development workflow to improve security. This means equipping teams with the tools to create a secure development environment and investing in employee security training.

Equip your Team with the Right Tools

Industry reputation begins with proper reliability and security practices, and dividends are paid based on customer and investor choice. In the event of a breach, being transparent about implementing proper security practices can become a net positive in the long run, as investors and customers determine that your company takes its customers, reputation, and cybersecurity as a whole seriously.

Learning from mistakes is critical to avoiding future breaches and building a reputation of trust and security. Equipping your team with proper cybersecurity practices and software shores up existing infrastructural weaknesses and allows them to be proactive in the event of a breach.

A secrets management solution like Doppler can significantly enhance your team’s security posture and breach response. Many leaks occur due to lost, exposed, or stolen API keys. Store your environment variables and secrets in a secrets manager to reduce the risk of a data breach.

Try a demo today and see how easy it is to add another layer to your security arsenal.