We still talk about cyber incidents as if they're black swan events – unexpected, rare and shocking.
“But the truth is that cyber incidents have gone from being something that only happens occasionally to something that happens regularly.”
This was the word from Sunitha Chalam, a partner at the Singapore office of global strategic communications and advisory firm Brunswick Group.
Chalam delivered the opening keynote address today at ITWeb Security Summit 2026, at the Century City Conference Centre in Cape Town.
“Just five years ago, seven in 10 organisations experienced an annual cyber incident. Today, that figure is closer to nine in 10,” she said. As these events become more common, she noted that public perception is changing.
Keen to understand this shift, Brunswick Group conducted a survey of over 4 000 people across four markets: the US, UK, France and South Korea.
Sharing some of the research findings, she highlighted that 71% of survey respondents judge companies more by their response than by the fact that they were attacked in the first place, and 85% say that when an incident is handled well, it can actually increase trust.
“This tells us that a cyber incident does not necessarily mean immediate reputational collapse. Instead, communications and handling of the event are seen as signals of how well a company is run. So much so that 86% agree that how a company handles a cyber attack is a reflection of how well the company is run overall,” she said. “And when one tracks how the market reacts to an incident, the story is much the same.
“When one looks at the stock performance of around 59 American companies that disclosed cyber incidents over roughly a three-year period, there's no evidence of a severe or sustained long-term decline in stock prices.
“While stocks of some of the affected companies did drop over an initial period of about 30 to 60 days, these changes were not particularly significant.”
It tells us that stakeholders are not looking for perfection; they are looking for evidence that the organisation remains very much in control, she said. In action, this means restoring services and providing fast, transparent and practical communication about what is happening, as the incident evolves, because people want to be kept updated.
“And once you’ve done this, the focus needs to shift from immediate response to recovery. This is not about promising that a cyber security incident will never happen again. It's about showing you've learned from the incident and you've strengthened your processes and systems to reduce future risk.”
Global impact
But what makes this complicated, she explained, is that in any single incident, companies are trying to meet various expectations simultaneously.
“Cyber crime is inherently multi-jurisdictional and crosses multiple geographies and markets.”
Why is this important? Because something like public perception differs from place to place, she noted. For example, the same message across different markets can land very differently. South Korea ranked an apology as being among the top three communications priorities, while this wasn’t deemed as important in markets like France and the UK.
“With this in mind, it’s clear there is no single definition of a perfect response. What builds trust in one market may not necessarily translate into another. What appeases one regulator might not make another one happy. This means the most effective responses are ones that combine a truly global narrative with locally-tailored communications and stakeholder engagement.”
Lessons learned
As an advisory firm, Brunswick Group works with clients around the world to help them manage their reputation during high-stakes issues, like a cyber incident. Chalam concluded by sharing several key learnings from these experiences.
It’s essential to understand the risks, she said. And to do this when not under pressure.
She advised that businesses take the time to audit their environment and understand everything from where their data is located to what their regulatory obligations are. As part of this, she stressed the importance of carefully considering how decisions will be made.
“A lot of our clients invest in preparing cyber crisis playbooks, but if this manual is hundreds of pages and is sitting in a drawer somewhere, are you really going to be paging through it when something goes wrong?”
She encouraged the audience to take time to test resilience. “If someone tells you that a system can be brought back up in 30 minutes. Switch it off at a time when the stakes aren’t high and test this claim.
“In all of this, don’t forget about the people – both internally and externally. For those who are most affected by the crisis, communicate directly and empathetically with them.
“But also don’t forget about your employees because they can be very important advocates for the company.”
As a final point, Chalam highlighted the importance of securing the supply chain. “You can do everything you want to keep yourself safe, but if the smaller companies you work with aren’t properly protected, you are also at risk.”
Share
