A Democratic firm may have cracked the code on how to build a business in the cyber security space — and it isn’t by providing technical services.
For years, companies and consultants have been courting campaign clients with services designed to secure their data, and protect against cyber chicanery. They’ve met with little success, even as the list of costly hacking incidents has grown.
Budget constraints and knowing that the FBI was only a phone call away to help are two contributing factors that stymied adoption. But the story doesn’t end there. It appears the comms play in this market is the better bet.
SKDK last week unveiled a new cybersecurity and technology practice that’s headed by EVP Elizabeth Kenigsberg, an eight-year veteran of the mega communications and public affairs shop.
Kenigsberg had been working under Jill Zuckman, a partner at the firm, servicing clients on cyber issues for several years. Incident response has been a big part of the business, but the newly formed practice is also about preparation, a kind of internal muscling building for the eventuality that’s almost sure to happen.
“A lot of the work has evolved from pure incident response, which would be someone bringing us in when perhaps a hacker exploited a vulnerability,” Kenigsberg told C&E.
“We worked with an organization a few years ago that was the victim of a social engineering attack, and millions of dollars were wired away. Today, there’s greater understanding about these issues, so we’re coming in to partner with different companies and organizations to game out different cyber vulnerabilities and test their response from a communications standpoint.”
Responding to cybersecurity incidents requires a lot of internal coordination, and SKDK sees its consultants as able to embed with an existing team and optimize that.
“It requires a lot of collaboration with the technical team, the legal team, oftentimes if the government is a customer or there is mandatory reporting, how they manage those notifications, and then, of course, the press who often learn about these incidents as well and how to respond to inquiries,” she said.
“When these incidents occur, you need to think about the many stakeholders often involved — people within your organization, anyone whose data might have been impacted, users or customers who might have been unable to use your service or even the general public.”
Kenigsberg said comms practitioners like herself can help thread the needle between what an organization should be releasing publicly in the interests of transparency — and perhaps helping others in the space better respond — and what the internal technical experts don’t want out there because of ongoing security concerns.
“It’s important that when these incidents occur, people operate with the greatest degree of transparency possible, but sometimes doing so might actually undermine the security that people are trying to protect. So whether it’s a campaign, a company, a non-profit, a hospital, you do want to be responsive to concerns, but you also don’t want to stick a target on your back to invite more attacks,” she said.
“That’s really where that partnership with the technical experts comes in, where we have a back and forth pushing for the greatest degree of transparency possible about what happened, how it happened and the impact, the investigation into it, and what’s being done to fix the problem.”
While these services are geared more toward larger businesses or groups, campaigns are also potential clients as they’re also targets, according to Kenigsberg.
“There have been repeated incidents, both at party headquarters as well as individual campaigns, and there’s no sign of that slowing down,” she said.
“So we do think that there is an opportunity for helping campaigns prepare like other organizations in the event of a crisis like this.”