Faaez Samadi
Oct 20, 2016

Culture leaves many Asian companies unprepared for a cybersecurity crisis

Strict adherence to hierarchy means Asian companies have been slow improve crisis planning around information-security, according to FireEye’s global comms chief.

Vitor D'Souza
Vitor D'Souza

Asian brands continue to make slow progress in cybersecurity crisis planning, due to the lack of awareness about the issue and continued mistakes around how to respond, according to Vitor De Souza, vice president of global communications at security-software provider FireEye.

De Souza said that in almost every case of a cybersecurity breach that FireEye has been involved with in Asia, “in terms of communications planning, they did not have any at all”.

“They would have what they would call a ‘business continuity plan’, which is totally different," he said. "It has nothing to do with crisis.”

Coupled with this lack of preparation is a tendency in Asia to cling rigidly to company hierarchy in a crisis, which can be a big mistake if the person handling the crisis is not the most knowledgeable about the situation.

“In Asia, company hierarchy is very important,” De Souza told Campaign Asia-Pacific. “What I see a lot is that there’s this immediate push toward the chairman or CEO to handle the crisis. But the education of the C-Suite in Asia regarding cybersecurity, just in terms of awareness, is not at the same level as other regions.”

Brand reputation can be severely damaged if a top-level executive is put before the media without sufficient knowledge of the crisis, and it is up to the communications team to ensure that does not happen, said De Souza.

“I wouldn’t necessarily say it’s the response from the CEOs that causes an issue,” he explained. “It’s more about the lack of preparation. Culturally, you can decide it must be the CEO, which is absolutely fine and something most companies would want to do. But then you need to prepare them; you can’t just expect them to talk.

“Comparing globally, Asia is behind on best practices. The maturity is lower here, and the crisis plans just aren’t there.”

De Souza said that in a cyber crisis, unprepared communications teams can often add to a brand’s problems by just reverting to their regular spokesperson, who again may not be the best person for the situation.

“If you don’t do the right preparation, or you don’t know the scenario you’re dealing with, and you just send out the media-relations person, you’re not responding to the problem,” he said.

Despite ongoing issues, De Souza said that the situation is improving, particularly since the high-profile cybersecurity breach at toy company VTech in Hong Kong in December 2015.

Since that crisis, more Asian brands are aware of the threat of cybersecurity and are disclosing breaches.

“Companies in Asia know it’s coming, they’ve seen how other countries have progressed, so they’re now trying to prepare ahead of it in case they’re the first company that has to deal with it,” De Souza said. “I’ve seen improvements in just the last six months. Asian companies are doing much better with C-Suite preparation, but step one is build a response team and prepare properly.”

Related Articles

Just Published

5 hours ago

Publicis.Poke to help employees facing the menopause

Policy aims to break down taboo of speaking about the menopause at work.

2 days ago

Mindshare adds dedicated China leadership

EXCLUSIVE: APAC CEO Amrita Randhawa has relinquished her China responsibilities to two new leaders, Benjamin Condit and Linda Lin.

2 days ago

Pinterest unveils new tools and insights for marketers

Major takeaways from the platform’s first global advertiser summit.

2 days ago

Crash Course: How to develop a content strategy

You know content should be a key part of your overall brand strategy, but where do you start? This course explains the key steps you should take to ensure an effective content journey.