Transparency across the incident lifecycle
Christopher Robinson, chief security architect of The Linux Foundation, says transparency is key to rebuilding stakeholder trust. Unfortunately, companies often take the opposite approach.
“A reporter will get word that something happened, and they’ll approach a company, asking, ‘We hear you’re in the middle of a cyber event,’ and [the company representatives will] clam up, and they’ll be very quiet, or they’ll put you [in touch] with the legal team, and they’ll make threats,” he says.
Larry Lidz, vice president of CX Security at Cisco, believes rebuilding stakeholder trust begins during the incident, and it involves two general groups a CISO will need to communicate with: internal stakeholders, such as the C-suite and employees; and external stakeholders, like customers and regulators. “The commonality between the two is [the need for] transparency,” he says.
