After many months of data breach disclosures and sexual harassment scandals, of frustration about perceived pay inequality and insular boardrooms, the largest financial institutions in the world have finally had enough. Larry Fink, CEO of BlackRock, fired the first warning shot this year, when in January he issued his annual letter to CEOs, titled “A Sense of Purpose.” In the letter, Fink asked public companies not only to deliver increasing returns but to demonstrate how they make a “positive contribution to society.” And in March, the Council of Institutional Investors (CII), which represents 130 pension funds managing more than $3.5 trillion in assets, called for corporate boards to adopt stricter guidelines for executives violating sexual harassment codes.
Our Blog: The Podium
Global cybercrime damages are expected to exceed $6 trillion annually by 2021. From hacks of mobile payment and other non-traditional payment systems to data manipulation and sabotage, the external threats to operations and customer and investor perception seem to increase daily. We recently sat down with cybersecurity expert William S. Rogers Jr. of Prince Lobel Tye LLP, a Boston law firm whose attorneys handle matters of local, regional, national and international reach. Rogers, who is chair of the firm’s Data Privacy and Security Practice Group, discussed cybersecurity regulation and its impact on public and private companies.
Strategic Messaging, Corporate Governance, Board of Directors, Reputation Management, Investor Relations, Cybersecurity, Investor Relations Trends, Corporate Communications, IR Compliance, crisis communication plan, cybersecurity communication plan, crisis preparation
New disclosure rule presents an “apples and oranges” problem
As any communication veteran knows, every corporate “happening” creates a messaging opportunity. That is certainly the case with the impending round of pay-ratio disclosures. Starting this year, under an SEC amendment to Regulation S-K, which stemmed from a provision in the Dodd-Frank Wall Street Reform and Consumer Protection Act, most U.S. public companies will need to disclose the total annual compensation of their “median” employees, along with the ratio of that figure to the total compensation of their chief executive officers. Based on preliminary estimates, the highest ratios could exceed 350 to 1.
When faced with a crisis, even senior IR executives can benefit from an outside perspective, particularly when that perspective is based on years of experience. In the following conversation, David Calusdian, president at Sharon Merrill Associates, discusses crisis management issues and the most effective strategies to protect corporate reputation and credibility.
Q: Can you share some recent examples of your crisis communications work, to give readers a sense of the many issues that can ensnare a public company, and discuss how you solve them?
A: Today the potential for a crisis lurks in any piece of market-moving information that originates from somewhere other than the company. It could be a social media post about an impending management shakeup, an FDA product recall or a data breach. The potential scenarios are endless, but an effective response shares a few common themes:
The Equifax data breach, which affected some 143 million people, is just the latest high-profile incident reported by a large corporation. Verizon announced that 14 million customer accounts were exposed; Bell Canada said the data of 19 million customers was hacked; education platform Edmodo said the data of millions of its 78 million users were sold on the dark web. And Yahoo’s 2013 data breach reached epic proportions this month, when it announced all 3 billion customer accounts were hacked in that attack four years ago.
The good news -- and there is good news -- is that companies are stepping up their efforts to protect data. Ten years ago, information security was seen chiefly as an IT topic. Now, it has been elevated to the status of a strategic boardroom issue. I attend a monthly meeting of corporate board members, and at nearly every event there is discussion about cybersecurity and how to prepare – at the board level –for cyberattacks.
There’s a saying in the IT world: There are two kinds of companies, those that know they’ve been attacked, and those that don’t know they’ve been attacked. With that in mind, here are five critical things every company can do to prepare for a cyber crisis.