June 16, 2013 By Peter Allor 3 min read

Many would say that reputational risk is something that only the private sector should be concerned with, and that for the federal government it’s not really a big issue. But in today’s digital age, with citizens dialing in to social networking and on-demand consumerization from any device at any time, I think we need to adjust that thinking.

The Administration has directed all Federal Agencies and Departments to have two mobile apps or smart device-capable Web sites this year.  I think you get where I am going.   The change is that we all expect that services from the government are ready, safe and secure.   And that is what reputational risk is all about.

It is the ubiquitous connectivity from multiple device types and the movement to the cloud that provides change, and with it a shift in how we respond securely.   Done poorly and noted by hackers, the ensuing attack greatly impacts ones reputation.

What do I mean by reputation and how is it measured?

As you’ll learn by reading through the recently released study commissioned by IBM and conducted by the Economist Intelligence Unit who interviewed 427 senior executives, three forces drive their reputation: best in class service, customer engagement, and trusted-partner status.

Note for those in the federal sector that each of these point to how well the citizens view your ability to provide information, services, and are trust-worthy with their information. And that is key when it comes to whether or not you can you defend the nation, let alone ensure that the electricity stays on and transportation works and ATMs function. After all, if the government doesn’t work what will?

How is IT central to this?

Well, technology is the common thread in delivering these services and hence many see that preventing the problem goes a long way in protecting the ‘brand’.

Unfortunately, due to many circumstances and issues around our economic challenges, this leaves us with the attitude of ‘let’s wait for an incident to happen so we can justify the expense mentality’.  But can you really take the damage to your reputation that cavalierly?  This isn’t just about losing connectivity for continuity of business, but also includes data theft and breaches.

Three IT areas to minimize reputational risk

As reputational risk is really an everyone problem across all sectors, I think I should at least point out from the study three IT areas that align with the business drivers we all should concentrate on to minimize risk from becoming a response situation.

1. Incident response

First, is IT security with many organizations focusing on accomplishing tasks in the future (read after an incident)?

If you look at the past several X-Force Threat Reports, you will note that SQL Injection is always listed.  In fact, when I wrote the first X-Force Threat report in 2002, it was on the list then.   I point this problem out only because we have known of this attack vector for a long time. And looking at who is writing apps and making mobile Web sites with this common problem that hackers frequently use as a starting point, you can immediately see we have not dented this issue at all. Organizations are not even ready to respond, as they have no incident response plan or team identified.

2. Business continuity

Second is business continuity. I think many of us see that having the business running is a good thing. But we fail to see it as a reputational risk.

If the ‘lights’ are not on, will a customer just go somewhere else? Will they consider you reliable, safe and secure? With social media, can you hope that no one tweets you out and survive with an intact brand?

3. Technical support

Finally, technical support demonstrates your reputation most succinctly. We all recall that if we get great technical support, instead of what might have been a nasty complaint, we consume it as ‘they were on the ball and doing all they can to assist me’.

We all have experienced it, yet, this is an area that many are not focused on as part of the reputation.   It is the difference between a good organization and a great one.

Reputational risk is a serious matter of “trust” and “leadership” that any organization or agency that is watching out for our best interest or for our business needs to fully manage.

After all, your reputational risk reflects our reputations as either citizens or consumers of your services or goods.

More from Government

NIST’s security transformation: How to keep up

4 min read - One thing that came out of the pandemic years was a stronger push toward an organization-wide digital transformation. Working remotely forced companies to integrate digital technologies, ranging from cloud computing services to AI/ML, across business operations to allow workers to keep up high production and efficiency standards. Now that businesses and consumers have adjusted to the new normal of digital transformation, it is time to develop a security transformation strategy. Coping with the speed of change A constantly evolving tech…

Cyber experts applaud the new White House cybersecurity plan

4 min read - First, there was a strategy. Now, there’s a plan. The Biden Administration recently released its plan for implementing the highly anticipated national cybersecurity strategy published in March. The new National Cybersecurity Strategy Implementation Plan (NCSIP) lays out specific deadlines and responsibilities for the White House’s vision for cybersecurity. The plan is being managed by the White House’s Office of the National Cyber Director (ONCD). Cybersecurity experts have applauded the Administration’s plan as well as the new implementation calendar. For example,…

How the FBI Fights Back Against Worldwide Cyberattacks

5 min read - In the worldwide battle against malicious cyberattacks, there is no organization more central to the fight than the Federal Bureau of Investigation (FBI). And recent years have proven that the bureau still has some surprises up its sleeve. In early May, the U.S. Department of Justice announced the conclusion of a U.S. government operation called MEDUSA. The operation disrupted a global peer-to-peer network of computers compromised by malware called Snake. Attributed to a unit of the Russian government Security Service,…

How NIST Cybersecurity Framework 2.0 Tackles Risk Management

4 min read - The NIST Cybersecurity Framework 2.0 (CSF) is moving into its final stages before its 2024 implementation. After the public discussion period to inform decisions for the framework closed in May, it’s time to learn more about what to expect from the changes to the guidelines. The updated CSF is being aligned with the Biden Administration’s National Cybersecurity Strategy, according to Cherilyn Pascoe, senior technology policy advisor with NIST, at the 2023 RSA Conference. This sets up the new CSF to…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today