As brands and organisations come to rely on technology and data in more complex and multifaceted ways, the potential for security breaches, data leaks and other cyber threats inevitably grows. To look into the crucial role that trust and reputation management play in related risks, Telum spoke with Lydia Tsui, Director and Hong Kong Lead of Cybersecurity at Brunswick Group, to discuss effective comms strategies for navigating new tech-related challenges.

What got you into the cybersecurity practice, and how has your experience been as the Hong Kong Lead of Cybersecurity?
My journey into cybersecurity wasn’t a planned one. I knew little about it until I was transferred to our Washington D.C. office, which is our firm’s global hub for cybersecurity, data and privacy. That’s where I got a front-row seat to the critical role cybersecurity plays in safeguarding businesses. I’ve been part of a team managing over 170 incidents in the past four years, guiding companies through everything from threat preparedness to breach response and recovery.

Now leading the Hong Kong practice, I see the Asia Pacific region at a key inflexion point. Regulatory frameworks are evolving, with more emphasis on transparency and accountability, and businesses are grasping the significant connection between cybersecurity and brand reputation. Brands are realising that protecting their reputation, an intangible yet crucial asset, directly impacts consumer loyalty and, ultimately, their bottom line.

What are the effects of emerging technologies like AI and deepfakes on brands and organisations?
Emerging tech like AI and deepfakes is shaking things up for consumer brands. AI can be used to create really convincing phishing emails or fake videos that impersonate brand ambassadors or customer service, which can trick consumers and damage trust. Deepfake videos, in particular, can cause major confusion and hurt brand reputation.

There’s also the risk of AI being tampered with, which could mess up personalised recommendations or even lead to data breaches. And with quantum computing on the horizon, encryption systems that protect consumer data could be at risk.

Brands need to stay on top of these threats to keep their customers safe and their reputation intact.

How can brands create, implement and maintain a strategic crisis comms plan and minimise the risk that new tech may bring?
For brands, a crisis comms plan is a must, but it starts with building a strong culture where everyone from the top down is aware of cybersecurity risks. Employees need to know how to spot potential threats and report them quickly. Running drills is key, too, so everyone knows how to act fast when something goes wrong.

The reality is that consumers expect some cyber incidents to happen. What really matters is how you handle them. If your brand can communicate clearly, act swiftly and be transparent, you’ll keep consumer trust intact, even in the face of new tech-related challenges.

In the instance of a breach, how can brands rebuild credibility and trust during and after such a crisis?
In a data breach, how you react can make or break your brand’s relationship with customers. Cyber incidents are tricky because you often don’t have all the facts right away, but consumers still expect immediate answers.

The key is to be as honest as possible without jumping the gun. Don’t share half-baked info that could cause more confusion or panic. Instead, focus on communicating clearly, updating customers as soon as you know more and offering support, like credit monitoring or refunds. Show that you’re taking responsibility and working hard to fix the issue.

In the long run, it’s all about earning back trust through action.

Can you share a particularly memorable case you've worked on that involved cybersecurity?
Every case has its own complexities, but one incident stands out. A mid-sized company was breached, with no major operational impact at first glance. However, a sensitive “rainy day” file kept by an employee could be compromised, containing offensive remarks made by a C-suite member. If leaked, this could seriously damage the company’s reputation and potentially, its customer relationships.

What started as a typical breach quickly escalated into a potential workplace misconduct crisis. We navigated the potential reputational fallout, advising on how the Board should respond, managing the employee that kept the file, addressing the alleged comments and reviewing oversight practices.

This case highlighted how cybersecurity incidents can quickly shift from technical issues to deeply personal and reputational crises, where the consequences can far exceed the original breach. It was a powerful reminder of the broader impact cyber risks can have on leadership and governance.

Are there ways in which new technology can assist communicators in the prevention or mitigation of data and security concerns?
Absolutely! There are tons of new tools out there that can help communicators stay on top of security concerns. AI-based systems can track social media and other channels for signs of trouble, like data breaches or phishing attempts, and alert you before things spiral out of control.

You can also use secure communication platforms to make sure customer data stays protected. But here’s the catch: you’ve got to make sure these tools meet all compliance and security standards. While tech can help you be proactive, it’s important to balance innovation with safety to keep your brand and customers protected.