Faaez Samadi
Oct 20, 2016

Culture leaves many Asian companies unprepared for a cybersecurity crisis

Strict adherence to hierarchy means Asian companies have been slow improve crisis planning around information-security, according to FireEye’s global comms chief.

Vitor D'Souza
Vitor D'Souza

Asian brands continue to make slow progress in cybersecurity crisis planning, due to the lack of awareness about the issue and continued mistakes around how to respond, according to Vitor De Souza, vice president of global communications at security-software provider FireEye.

De Souza said that in almost every case of a cybersecurity breach that FireEye has been involved with in Asia, “in terms of communications planning, they did not have any at all”.

“They would have what they would call a ‘business continuity plan’, which is totally different," he said. "It has nothing to do with crisis.”

Coupled with this lack of preparation is a tendency in Asia to cling rigidly to company hierarchy in a crisis, which can be a big mistake if the person handling the crisis is not the most knowledgeable about the situation.

“In Asia, company hierarchy is very important,” De Souza told Campaign Asia-Pacific. “What I see a lot is that there’s this immediate push toward the chairman or CEO to handle the crisis. But the education of the C-Suite in Asia regarding cybersecurity, just in terms of awareness, is not at the same level as other regions.”

Brand reputation can be severely damaged if a top-level executive is put before the media without sufficient knowledge of the crisis, and it is up to the communications team to ensure that does not happen, said De Souza.

“I wouldn’t necessarily say it’s the response from the CEOs that causes an issue,” he explained. “It’s more about the lack of preparation. Culturally, you can decide it must be the CEO, which is absolutely fine and something most companies would want to do. But then you need to prepare them; you can’t just expect them to talk.

“Comparing globally, Asia is behind on best practices. The maturity is lower here, and the crisis plans just aren’t there.”

De Souza said that in a cyber crisis, unprepared communications teams can often add to a brand’s problems by just reverting to their regular spokesperson, who again may not be the best person for the situation.

“If you don’t do the right preparation, or you don’t know the scenario you’re dealing with, and you just send out the media-relations person, you’re not responding to the problem,” he said.

Despite ongoing issues, De Souza said that the situation is improving, particularly since the high-profile cybersecurity breach at toy company VTech in Hong Kong in December 2015.

Since that crisis, more Asian brands are aware of the threat of cybersecurity and are disclosing breaches.

“Companies in Asia know it’s coming, they’ve seen how other countries have progressed, so they’re now trying to prepare ahead of it in case they’re the first company that has to deal with it,” De Souza said. “I’ve seen improvements in just the last six months. Asian companies are doing much better with C-Suite preparation, but step one is build a response team and prepare properly.”

Related Articles

Just Published

1 hour ago

It's time brands stop paying lip service to ...

The pandemic has opened new customer experience opportunities that should not be ignored by only adding a few generic digital tools, says Wunderman Thompson's APAC strategy chief.

4 hours ago

WFH means longer, ‘rollercoaster’ days, but no drop ...

Yet job satisfaction remains high, according to an employee survey by US agency Goodby Silverstein & Partners.

4 hours ago

ViacomCBS' Sumner Redstone dies at the age of 97

The media mogul led Viacom as executive chairman of the board for almost 30 years.

4 hours ago

There is now a mayo-themed Hellmann's Island on ...

And its residents want to make change in the real world.