Preparing for the worst: an approach to Cyber Security Crisis Management & Mitigation

Preparing for the worst: an approach to Cyber Security Crisis Management & Mitigation 

In the last of the ARA’s Cyber Security Awareness Month series, we talk with Sally Branson, a Crisis Management professional who has worked in corporate, diplomatic and government roles, offering insights into managing crises and public affairs strategy. 


Emphasising the ‘when’ not ‘if’  

Sally began by reemphasising the point made by other interviewees in this series, that cyber-attacks are not a matter of “if” but “when,” and being prepared is key. With her background in advising senior officials and politicians, Sally stresses that preparedness is a fundamental aspect of cyber security. 

The digital landscape is constantly evolving, and cyber criminals are becoming increasingly sophisticated in their methods. Therefore, understanding the importance of cyber security is essential for any business, regardless of its size. A proactive approach to cyber security is crucial for mitigating risks. 



The Human Factor in Cybersecurity 

We’ve heard in the series, how employees can unwittingly become the gateway for cyber threats due to human error. This aspect of cyber security is particularly relevant to small businesses, which may lack the resources to invest in extensive cyber security training. 

Acknowledging that small business owners often find themselves stretched thin, balancing multiple responsibilities, staying informed through sources like podcasts can be an effective way to raise awareness, without over-committing time. By engaging in ongoing learning and awareness-building, business owners can better protect their organisations and stay informed about emerging cyber threats. 


Preparing Small Businesses for Cyber Threats 

Sally understands that small businesses face unique challenges due to their limited resources. She advocates for creating a straightforward crisis plan, outlining clear steps to take in case of a breach. This document can serve as a vital reference point during a crisis, ensuring a swift and organised response. 

There was emphasis on the importance of values and customer service in building trust with clients. Small businesses often rely on their reputation and customer relationships. Therefore, being transparent and demonstrating commitment to cyber security can strengthen the bond between businesses and their customers. 

Further to building a crisis plan, Sally recommends that small businesses surround themselves with a support network of trusted advisors. This network can include peers, mentors, and industry professionals who can offer guidance and assistance during a cyber security incident. 


Responding to a Cyber Crisis 

In the aftermath of a cyber crisis, it’s key to communicate and keep all stakeholders informed. Clear, timely, and honest communication is essential for rebuilding trust and minimising reputational damage. 

Sally suggests that being authentic in addressing the issue is crucial. Businesses should provide a detailed account of what happened, why it happened, and the steps being taken to prevent a recurrence. Transparency helps reassure customers and partners that the business is taking cyber security seriously. 

To illustrate her point, Sally provides a practical example of how businesses can communicate with their customers after a data breach. In addition to providing a clear explanation, she suggests offering incentives, such as discounts or promotions, to maintain customer loyalty during challenging times. 


Building Resilience and Relationships 

For a large or small retailer, business resilience can be determined by the quality of their relationships with employees, customers, and other stakeholders. Building and maintaining these relationships should be an ongoing priority for businesses, even outside of crisis situations. 

It might not be something that jumps into our strategic planning, but Sally references how engagement with local Members of Parliament (MPs) and journalists, can provide valuable support during a crisis. MPs often have resources and connections that can assist businesses in navigating the aftermath of an incident. Likewise, maintaining good relationships with journalists can ensure that the narrative surrounding an incident is helpful to the business and stakeholders alike. 

Customer reviews and champions can help protect a brand from reputational damage. Positive reviews and loyal customers can serve as strong allies in countering the negative impact of a cyber breach. Engaging with customers, addressing their concerns, and showcasing testimonials can help businesses regain trust. 

Sally Branson’s insight provides valuable considerations for retailers and businesses in any industry looking to enhance their reputational risk management. From proactive preparation to effective crisis management and relationship-building, Sally’s advice gives us plenty to reflect on with the escalating threats facing the industry, and acknowledging ‘not if, but when’. 




Retail Voice CEO Message: 22 November 2023

Retailers across the board are preparing for Black Friday this week, with the four-day trading extravaganza set to account for more than 25% of holiday season sales. Price-conscious shoppers will

Reflections on National Recycling Week

As National Recycling Week draws to a close, I find myself reflecting on the year that was and considering the progress made not just in recycling, but more broadly in advancing

Retail Voice CEO Message: 15 November 2023

As we support the retail community through this critical holiday trading period, new insights reinforce that this holiday season will see a focus on the value-driven, bargain-savvy consumer. The ARA and