+44 (0)20 7877 0060 contact@2-sec.com
Select Page

Cyber Security: The CEO’s PR Gap?

Imagine you’re the CEO of a publicly listed company. In the middle of the night you get a call from your COO – they say there has been a major data breach, and an unknown (but significant) amount of customer data has been stolen…

After the initial wave of panic passes, your technical teams start to investigate but immediately your lawyer walks in and asks you; “when are we telling the press, and what are we going to tell them?”.

Instantly you think reputation, brand… share price. 

One of the greatest lessons learned in cyber security in 2015 was the importance of having a strong PR response to a cyber breach. But in a recent survey 2-sec found that more than 85% of companies still do not have a ‘ready to go‘ PR  crisis plan specifically for a cyber breach.

Given the increase of public awareness of cyber security, it’s now become the norm  for major cyber incidents to be dissected live on national television. If a CEO appears on television to explain what happened they don’t get to own the narrative as much anymore. Instead they might find themselves getting a Paxman-style grilling from a very-well informed press.

In that situation everything the CEO says is live on television, and if a direct question is asked such as; “can you confirm your company is 100% secure?“, it takes a very technically-confident CEO to give the right, carefully-worded answer about cyber security. If the CEO says something technically inaccurate it’s likely to see the share price tumble further.

The 2-sec team is increasingly working with companies that don’t have a board-level PR plan ready for crisis management in the event of a cyber breach. Over the past year the team has been delivering PR cyber projects to clients within the FTSE 250: from training board members on basic cyber security, to carrying out full-scale cyber breach scenarios and delivering a tried and tested PR plan.

With cyber security becoming an increasingly board-level cyber issue, the need for the CEO to be ready with a cyber PR plan is expected to increase significantly.


2-sec is a leading provider of security consulting services. These include penetration testing, PCI DSS, Cyber Essentials, PA DSS, virtual CISO and training & awareness.