Button up your overcoat; it’s about to rain cyberthreats
Few businesspeople have as much on the line every moment of every day as grocers. When disquieting events happen at a grocery store, customers can be more than just inconvenienced. In extreme circumstances, grocery products can be the cause of illness, even death.
What makes the grocery industry so susceptible to calamities is that food is a necessity, not a luxury. Threats to food safety have the potential to create panic. If a company is the sole retailer affected, there’s a sobering chance it could lose customers — but perhaps only temporarily. The length of customers’ disaffection all depends on the effectiveness of the company’s response.
What constitutes an effective response? When it comes to cybersecurity, it’s not always easy to say. It’s scary, but data breaches, ransomware, malware, phishing and other cybersecurity issues are all still in their infancy. There are no widely accepted industry standards for incident response, leaving “reasonable” action in the eye of the beholder. One thing is for sure — the miracle of the Internet is being turned into weaponization by a myriad of bad actors.
The specter of malicious product tampering or computer hacks that prevent items from being properly refrigerated are among the risks that keep grocers awake at night. In many ways, they’re a microcosm of the pressures faced these days by corporate CEOs, communications executives, and their legal counsel. Fears surrounding cybersecurity and attendant liability nightmares have become Corporate America’s #1 risk management concern. For the past decade, the threat of hacking was largely limited to information. Now, life, health, and safety are becoming the real exposure, and few companies are ready, though all will face attacks. If a company thinks its prophylaxis is sufficient, it is wrong. If it thinks free credit reporting is still a satisfactory response, it is more unprepared than it realizes.
In early June, I was among the crisis response specialists invited to participate in a crisis management conference organized by Pillsbury Winthrop Shaw Pittman LLP. The panel was given a cybersecurity scenario that involved a ransomware breach disrupting customer transactions in dozens of stores across a nationwide chain.
The scenario cut right to the heart of the grocery industry’s biggest fear: the reputational impact of a liability or injury lawsuit stemming from a single incident, an episode whose repercussions could overwhelm decades of conscientious customer and community service.
Here’s the strategic premise I shared for grocery industry executives caught in the klieg lights: from the moment the crisis hits, their brand reputation hinges on empathetic communications that keeps their customers front and center. Yes, regulatory and legal liability will provide a threshold for them to respond, but their efforts to go above and beyond mere compliance will be what customers remember. As cybercrime gets more sophisticated, audiences from customers to shareholders expect a more fulsome response. “Hey, we are a victim, too,” will only get you so far, and less and less each day.
A company should frame its response through the prism of its customers — a young mom trying to get food for her children, or a son that needs to pick up medicine for his sick father, or a family living paycheck to paycheck.