Transparency Key after Cyberattack Linking Reputational Risk with IT
Top executives must be transparent with their stakeholders when their IT systems get attacked. Otherwise, their enterprises' reputations could be more severely damaged, says IBM Fellow Luba Cherbakov.

Her response comes in an interview with Information Security Media Group, in which Cherbakov is asked if the actions of PNC Financial Services Group President William Demchak stood out from other banks in recent wave of distributed denial of service attacks that took down their online services. Demchak issued a statement explaining to customers what happened and how the bank addressed the problem. Most other banks hit by DDoS attacks didn't provide explanations to customers; a few didn't even acknowledge why their websites went down [see Bank Attacks: What Have We Learned?].

"If you are not defining what's happened to you, if you're not out there talking about what happened to you, how you're getting in front of it, how you're solving it, others will do it for you," says Cherbakov, who also serves as a vice president at IBM Security Services.

Cherbakov's remarks coincide with the Oct. 18 publication of a survey conducted for IBM Security Services and entitled Reputational Risk and IT: How security and business continuity can shape the reputation and value of your company.

The thinking of the survey's 427 respondents aligns with Demchak's actions: more than 80 percent of the executives surveyed say the chief executive officer is most accountable for their enterprise's reputation.

Cherbakov, in the interview, analyzes the survey findings, which include the identification of five characteristics of highly trusted companies:

  • Integration of reputational and IT risk;
  • Mapping of IT threats to key elements of reputation;
  • Strong IT risk management capability;
  • Robust IT risk management funding;
  • Strenuous supply chain control.

In the survey, respondents overwhelmingly cite data breaches, data theft and cybercrime as the top IT risks that pose the greatest threat to reputation.

Survey respondents also identify critical components of IT that link with reputational risk.

Cherbakov worked for several small IT firms as a solutions architect before joining IBM's services arm, where she worked on first-of-a-kind on demand, e-business and grid computing solutions for clients in various industries. Cherbakov spearheaded, co-invented and served as the chief evangelist behind the development and deployment of the Service-Oriented Modeling and Architecture, the industry's first SOA modeling method.

As an IBM fellow, Cherbakov has been at the forefront of IBM's transition into a social business. Many of the on demand workplace features IBMers use daily, including expertise locator, w3 tagging and media library, are the handiwork of Cherbakov and the CIO innovation team she led for several years.

Around the Network