June 16, 2013 By Peter Allor 3 min read

Many would say that reputational risk is something that only the private sector should be concerned with, and that for the federal government it’s not really a big issue. But in today’s digital age, with citizens dialing in to social networking and on-demand consumerization from any device at any time, I think we need to adjust that thinking.

The Administration has directed all Federal Agencies and Departments to have two mobile apps or smart device-capable Web sites this year.  I think you get where I am going.   The change is that we all expect that services from the government are ready, safe and secure.   And that is what reputational risk is all about.

It is the ubiquitous connectivity from multiple device types and the movement to the cloud that provides change, and with it a shift in how we respond securely.   Done poorly and noted by hackers, the ensuing attack greatly impacts ones reputation.

What do I mean by reputation and how is it measured?

As you’ll learn by reading through the recently released study commissioned by IBM and conducted by the Economist Intelligence Unit who interviewed 427 senior executives, three forces drive their reputation: best in class service, customer engagement, and trusted-partner status.

Note for those in the federal sector that each of these point to how well the citizens view your ability to provide information, services, and are trust-worthy with their information. And that is key when it comes to whether or not you can you defend the nation, let alone ensure that the electricity stays on and transportation works and ATMs function. After all, if the government doesn’t work what will?

How is IT central to this?

Well, technology is the common thread in delivering these services and hence many see that preventing the problem goes a long way in protecting the ‘brand’.

Unfortunately, due to many circumstances and issues around our economic challenges, this leaves us with the attitude of ‘let’s wait for an incident to happen so we can justify the expense mentality’.  But can you really take the damage to your reputation that cavalierly?  This isn’t just about losing connectivity for continuity of business, but also includes data theft and breaches.

Three IT areas to minimize reputational risk

As reputational risk is really an everyone problem across all sectors, I think I should at least point out from the study three IT areas that align with the business drivers we all should concentrate on to minimize risk from becoming a response situation.

1. Incident response

First, is IT security with many organizations focusing on accomplishing tasks in the future (read after an incident)?

If you look at the past several X-Force Threat Reports, you will note that SQL Injection is always listed.  In fact, when I wrote the first X-Force Threat report in 2002, it was on the list then.   I point this problem out only because we have known of this attack vector for a long time. And looking at who is writing apps and making mobile Web sites with this common problem that hackers frequently use as a starting point, you can immediately see we have not dented this issue at all. Organizations are not even ready to respond, as they have no incident response plan or team identified.

2. Business continuity

Second is business continuity. I think many of us see that having the business running is a good thing. But we fail to see it as a reputational risk.

If the ‘lights’ are not on, will a customer just go somewhere else? Will they consider you reliable, safe and secure? With social media, can you hope that no one tweets you out and survive with an intact brand?

3. Technical support

Finally, technical support demonstrates your reputation most succinctly. We all recall that if we get great technical support, instead of what might have been a nasty complaint, we consume it as ‘they were on the ball and doing all they can to assist me’.

We all have experienced it, yet, this is an area that many are not focused on as part of the reputation.   It is the difference between a good organization and a great one.

Reputational risk is a serious matter of “trust” and “leadership” that any organization or agency that is watching out for our best interest or for our business needs to fully manage.

After all, your reputational risk reflects our reputations as either citizens or consumers of your services or goods.

More from Government

Updated SBOM guidance: A new era for software transparency?

3 min read - The cost of cyberattacks on software supply chains is a growing problem, with the average data breach costing $4.45 million in 2023. Since President Biden’s 2021 executive order, software bills of materials (SBOMs) have become a cornerstone in protecting supply chains.In December 2023, the National Security Agency (NSA) published new guidance to help organizations incorporate SBOMs and combat the threat of supply chain attacks.Let’s look at how things have developed since Biden’s 2021 order and what these updates mean for…

Roundup: Federal action that shaped cybersecurity in 2023

3 min read - As 2023 draws to a close, it’s time to look back on our top five federal cyber stories of the year: a compilation of pivotal moments and key developments that have significantly shaped the landscape of cybersecurity at the federal level.These stories highlight the challenges federal agencies faced in securing digital infrastructure in the past year and explore the evolving nature of cyber threats, as well as the innovative responses required to address them.New White House cybersecurity strategyThe White House’s…

ITG05 operations leverage Israel-Hamas conflict lures to deliver Headlace malware

12 min read - As of December 2023, IBM X-Force has uncovered multiple lure documents that predominately feature the ongoing Israel-Hamas war to facilitate the delivery of the ITG05 exclusive Headlace backdoor. The newly discovered campaign is directed against targets based in at least 13 nations worldwide and leverages authentic documents created by academic, finance and diplomatic centers. ITG05’s infrastructure ensures only targets from a single specific country can receive the malware, indicating the highly targeted nature of the campaign. X-Force tracks ITG05 as…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today