Many would say that reputational risk is something that only the private sector should be concerned with, and that for the federal government it’s not really a big issue. But in today’s digital age, with citizens dialing in to social networking and on-demand consumerization from any device at any time, I think we need to adjust that thinking.

The Administration has directed all Federal Agencies and Departments to have two mobile apps or smart device-capable Web sites this year.  I think you get where I am going.   The change is that we all expect that services from the government are ready, safe and secure.   And that is what reputational risk is all about.

It is the ubiquitous connectivity from multiple device types and the movement to the cloud that provides change, and with it a shift in how we respond securely.   Done poorly and noted by hackers, the ensuing attack greatly impacts ones reputation.

What do I mean by reputation and how is it measured?

As you’ll learn by reading through the recently released study commissioned by IBM and conducted by the Economist Intelligence Unit who interviewed 427 senior executives, three forces drive their reputation: best in class service, customer engagement, and trusted-partner status.

Note for those in the federal sector that each of these point to how well the citizens view your ability to provide information, services, and are trust-worthy with their information. And that is key when it comes to whether or not you can you defend the nation, let alone ensure that the electricity stays on and transportation works and ATMs function. After all, if the government doesn’t work what will?

How is IT central to this?

Well, technology is the common thread in delivering these services and hence many see that preventing the problem goes a long way in protecting the ‘brand’.

Unfortunately, due to many circumstances and issues around our economic challenges, this leaves us with the attitude of ‘let’s wait for an incident to happen so we can justify the expense mentality’.  But can you really take the damage to your reputation that cavalierly?  This isn’t just about losing connectivity for continuity of business, but also includes data theft and breaches.

Three IT areas to minimize reputational risk

As reputational risk is really an everyone problem across all sectors, I think I should at least point out from the study three IT areas that align with the business drivers we all should concentrate on to minimize risk from becoming a response situation.

1. Incident response

First, is IT security with many organizations focusing on accomplishing tasks in the future (read after an incident)?

If you look at the past several X-Force Threat Reports, you will note that SQL Injection is always listed.  In fact, when I wrote the first X-Force Threat report in 2002, it was on the list then.   I point this problem out only because we have known of this attack vector for a long time. And looking at who is writing apps and making mobile Web sites with this common problem that hackers frequently use as a starting point, you can immediately see we have not dented this issue at all. Organizations are not even ready to respond, as they have no incident response plan or team identified.

2. Business continuity

Second is business continuity. I think many of us see that having the business running is a good thing. But we fail to see it as a reputational risk.

If the ‘lights’ are not on, will a customer just go somewhere else? Will they consider you reliable, safe and secure? With social media, can you hope that no one tweets you out and survive with an intact brand?

3. Technical support

Finally, technical support demonstrates your reputation most succinctly. We all recall that if we get great technical support, instead of what might have been a nasty complaint, we consume it as ‘they were on the ball and doing all they can to assist me’.

We all have experienced it, yet, this is an area that many are not focused on as part of the reputation.   It is the difference between a good organization and a great one.

Reputational risk is a serious matter of “trust” and “leadership” that any organization or agency that is watching out for our best interest or for our business needs to fully manage.

After all, your reputational risk reflects our reputations as either citizens or consumers of your services or goods.

More from Government

The Biden Administration’s 2023 Cybersecurity Strategy

4 min read - The Biden Administration recently introduced a new national cybersecurity strategy, expected to aggressively address an increasingly complex and dangerous threat landscape. Improving cybersecurity may not be the top priority for the Biden Administration, but it is an issue that the White House has been focused on since the earliest days of President Biden’s tenure. For example, in May 2021, Biden issued an executive order that emphasized sharing information about threats and modernizing cybersecurity across the federal government. In 2022, President…

4 min read

What’s Going Into NIST’s New Digital Identity Guidelines?

4 min read - One of this year’s biggest positive cybersecurity events comes from the National Institute of Standards and Technology (NIST). For the first time since 2017, NIST is updating its digital identity guidelines. These new guidelines will help set the course for best practices in handling digital identity for organizations across all sectors. What is Digital Identity? To grasp the update’s importance, it helps to understand the role of digital identity in an organization’s security posture. In its 2017 guidelines, NIST defines…

4 min read

Who Will Be the Next National Cyber Director?

4 min read - After Congress approved his nomination in 2021, Chris Inglis served as the first-ever National Cyber Director for the White House. Now, he plans to retire. So who’s next? As of this writing in January of 2023, there remains uncertainty around who will fill the role. However, the frontrunner is Kemba Walden, Acting Director of the National Cyber Director’s office. Walden is a former Microsoft executive who joined the National Cyber Director’s office in May. Before her appointment, Walden was the…

4 min read

How Much is the U.S. Investing in Cyber (And is it Enough)?

3 min read - It’s no secret that cyberattacks in the U.S. are increasing in frequency and sophistication. Since cyber crime impacts millions of businesses and individuals, many look to the government to see what it’s doing to anticipate, prevent and deal with these crimes. To gain perspective on what’s happening in this area, the U.S. government’s budget and spending plans for cyber is a great place to start. This article will explore how much the government is spending, where that money is going…

3 min read