Cyber attacks: A daily threat to reputation   

By Giles Usher, Account Manager

The recent cyber attack on Asahi Group, Japan’s largest brewer and producer of the nation’s most popular beer, is the latest reminder of the threat posed by cyber criminals. The attack brought the majority of the firm’s factories to a standstill, with Japan coming within days of running out of Asahi Super Dry⁽¹⁾. Closer to home, the attack on Jaguar Land Rover back in August stopped production for six weeks (2), with the UK government stepping in to offer the carmaker a £1.5bn credit guarantee(³⁾. 

While both firms are now set to gradually restart production, significant financial and reputational damage has already been done. The threat of cyber attacks extends far beyond the manufacturing sector, however. The attack that brought Marks & Spencer to a standstill in late April is estimated to have cost the business £300m(⁴⁾, with just a third of the losses reportedly covered by insurance(⁵⁾.  

While the perpetrators from the infamous Scattered Spider group have since been apprehended(⁶⁾, the wave of attacks and the extensive amount of personal data that’s been stolen have served as important reminders of the very real threat posed by cyber criminals. Regardless of size, sector or location, every business currently faces a heightened threat from hackers and ought to be taking proactive steps to address their vulnerabilities. 

The narrative during Cybersecurity Awareness Month typically focuses on prevention. This ranges from investing in robust defences to outsourcing their cybersecurity affairs to Managed Security Providers (MSPs), in an attempt to reassure stakeholders. This alone, however, is not enough. Should the worst happen, businesses need robust disaster response plans, underpinned by a comprehensive crisis communications strategy.  

A new frontier of cybercrime  

In today’s digital age, cyber criminals have become more professional, specialised and effective. Hackers are deploying daring attack tactics and continually honing their techniques. Third party data breaches, malware and social engineering attacks are now a daily threat to businesses.  

Courtesy of the dark web, hackers are also increasingly well-connected and can easily sell stolen data before finding their next target. At the same time, geopolitical tensions have placed renewed focus on the threat posed by ruthless state sponsored hackers who aim to intimidate political opponents and gather intelligence.  

The threat posed by AI 

The transformative potential of AI has been well documented. The technology has enabled businesses to streamline operations and benefit from efficiency gains, as AI can help to free employees from time-consuming, administrative tasks. At the same time, however, AI has opened the floodgates to a new wave of cyber attacks, giving hackers the upper hand and leaving businesses scrambling to keep up.  

The power of generative AI to produce written content has already been weaponised, with hackers leveraging its ability to draft scripts for phishing attacks(⁷⁾ whilst also creating new forms of deception, such as deepfakes. Along with enhancing phishing attacks, AI can now aid business email compromise attacks. These attacks can lean on AI to understand what a convincing approach would look like for a specific target, both in terms of language and tone(⁸⁾.  

Globally, it is estimated that 3.4 billion phishing emails are now being sent every day(⁹⁾. 

Communication can make or break reputations 

In the immediate aftermath of a cyber attack, businesses have a responsibility to communicate with a wide range of stakeholders. In an increasingly litigious society, shareholders, clients and employees all demand swift explanations and a clear plan to restore systems and regain trust. High-profile businesses may unwittingly find themselves caught up in a media storm and a seemingly never-ending drumbeat of negative coverage.  

Businesses often struggle to control the narrative surrounding their firm following a cyber attack, particularly in circumstances when the board is accused of negligence and poor governance. This can result in severe reputational, and ultimately financial, damage for the business. As Marks & Spencer discovered earlier this year, initially positive media coverage garnered from proactive communications can quickly turn sour the longer an incident persists without meaningful resolve. 

However, it can be possible to influence the narrative in the immediate aftermath of a breach:  

• Finger on the pulse: Given the 24-hour news cycle and the speed at which negative news can go viral and reach a mass audience, businesses should waste no time in communicating the news of a cyber incident that knowingly effects customers or client data. To maintain trust and authority, boards cannot afford to give off the impression that they are on the back foot. Policymakers and regulators do not hesitate to punish firms that fall foul of the expected standards. 

• Set a regular cadence of updates: To reassure stakeholders at what can be a troubling time, it is important to maintain a regular stream of detailed updates, as under-communicating can lead to harmful accusations of negligence. Equally, over-communicating can lead to accusations of incompetence, and businesses must avoid disclosing information that may heighten the risk to either their own systems or their stakeholders.  

• Quash speculation: As questions from stakeholders and scrutiny from regulators often play out in the public domain, businesses must provide clarity. Businesses should take a proactive to media and prepare short statement in the event of any enquiries. A statement should highlight ongoing response efforts and detail the lessons learned. This can help to avoid speculation in the press and prevent fake news causing unnecessary reputational damage.  

• Consistency of message: Coordination between legal, executive, IT and communications teams is essential to avoid conflicting messages and confusion. However, as cyber incidents are deeply human experiences, it may be necessary to tailor messaging to address the specific needs and concerns of different types of stakeholders. Regardless, the core points in each communication should remain consistent.  

Both consumers and investors widely accept that cyber attacks are now a daily occurrence. As a result, businesses are increasingly judged on their crisis response capabilities and whether they can mobilise a transparent and proactive communications strategy. If the incident is managed effectively, communications teams can turn a negative moment into a positive, protecting long-term brand value in the process.  

To understand more about what this could look like for your business and ensure you have suitable plans in place, reach out to the corporate PR team here at Boldspace.

References

¹ Japan days away from running out of Asahi Super Dry after cyber attack 
² Jaguar Land Rover cyber attack: Production shutdown enters sixth week | Money News | Sky News 
³ Britain’s flawed support for Jaguar Land Rover 
⁴ M&S cyber attack: What we know about it and its impact – BBC News 
⁵ M&S cyber insurance payout to be worth up to £100mn 
⁶ UK crime agency arrests 4 people over cyber attacks on retailers 
⁷ 5 Mistakes Companies Will Make This Year With Cybersecurity 
⁸ What Is Business Email Compromise (BEC)? – Palo Alto Networks 
⁹ The Latest Phishing Statistics (updated April 2025) | AAG IT Support