Singapore – Cybersecurity in the digital era is no longer optional but rather mandatory. Malicious groups are constantly evolving with AI-driven, sophisticated attacks that can compromise large volumes of data or operational frameworks within minutes.
Across global markets, the APAC region is seen as a digital battleground, with various industries and organisations encountering large-scale attacks compromising systems, data, and privacy.
Penta’s recent 2025 report highlighted how consumer and investor trust saw a decline across the retail, technology, telecom, finance services, healthcare, and automotive industries after witnessing how organisations responded to complex cyberattacks. This highlights how cybersecurity goes beyond detection and prevention, signifying the importance of transparency and reaction for organisations to maintain the public’s trust.
UpTech Media recently spoke with Deborah Giam, managing director of Singapore at Penta, who shared how organisations need to also understand cybersecurity from a branding reputation perspective beyond IT technicalities.
“APAC organisations need to move away from treating cybersecurity as a purely technical or IT issue and recognise it as a core trust and reputational issue,” Deborah told UpTech Media.
Mindset and collaboration under pressure
How organisations respond after a cyber attack is also an essential part of cybersecurity in terms of managing the expectations of investors, regulators, and customers. Releasing generic statements or maintaining silence will often lead to negative sentiment, regardless of the industry, without transparency and active coordination.
“Communication leaders must be embedded in cyber planning early, alongside IT, legal, government relations, and leadership teams. Preparation needs to happen before a breach, with clear roles, escalation paths, and stakeholder-specific messaging in place.”
She added how organisations, particularly in the APAC region, need to factor in market-by-market regulatory expectations, media scrutiny, and cultural nuances when communicating to the public following a cyber attack. Additionally, Penta’s report highlighted how slow, fragmented, and overly defensive responses from organisations lead to negative sentiments from various groups, including regulators, investors, and customers.
Deborah pointed out that, at its core, the best approach to cybersecurity is mindset and collaboration.
“Cyber resilience is about how an organisation shows preparedness, accountability, and leadership under pressure, not just how quickly systems are restored,” she commented.
Preparedness begins with transparent leadership
Cybersecurity is often associated with how organisations detect, prevent, and react to malicious attacks that comprise operations. However, a key aspect of cyber resilience and how a company’s branding is perceived by the public is through proactive measures, not just strategic defence plans.
Deborah highlighted that effective action plans start well before an incident occurs, with a company’s reputation recovery dependent on the quality of response following a cyber breach.
“Senior leaders need cross-functional plans that align IT containment with communications, legal obligations, and stakeholder engagement,” she mentioned.
In the midst of a crisis, organisations may not have all the information right away as the situation unfolds. Different stakeholders have varying expectations, with regulators prioritising compliance and disclosure, investors seeking clarity on risk and governance, and customers needing reassurance, empathy and concrete actions.
“Therefore, transparency means communicating early, clearly, and consistently about what is known, what is being done, and what comes next,” Deborah added.
“Visible leadership is also critical. Leaders should be prepared to step forward, supported by trusted technical voices, rather than allowing silence to create a vacuum filled by speculation.”
Following the research findings, the best approach for an organisation to maintain trust and credibility after a cyber attack is to avoid generic statements and instead demonstrate preparedness, local understanding, and a clear sense of responsibility to all stakeholders.
No one-size-fits-all approach
Penta’s research highlighted how various industries are affected by large-scale cyber attacks, while reputational impact remained consistently negative across the retail, technology, telecom, finance services, healthcare, and automotive industries.
“Sectors with direct consumer exposure—such as retail, healthcare, and financial services experience the steepest sentiment declines because breaches feel personal and disruptive to everyday life,” Deborah explained.
She further added that one of the effective approaches to cybersecurity is understanding where reputational risk is highest. With consumer-facing industries, communications led with empathy, clarity, and customer protection can result in a more positive reputational recovery.
Meanwhile, infrastructure-heavy industries such as telecoms, technology, and automotive require reassurance around systemic resilience, supply-chain security, and collaboration with authorities to satisfy stakeholders.
For Deborah, regardless of the industry, organisations should consider proactively communicating about their cybersecurity investments, actions, policies and efforts. She added that organisations also need to anticipate the spillover effects from one industry to another.
“This makes cross-industry monitoring, scenario planning, and stakeholder-specific messaging essential for protecting reputation when the spotlight shifts unexpectedly,” she concluded.
Cybersecurity is built on trust before catastrophe
Communication is a key aspect of having strong cyber resilience and cybersecurity measures that ensure trust and credibility for all stakeholders.
Deborah shared how organisations, especially in the APAC region, will require stronger coordination between communications, IT, legal, policy, and leadership teams, supported by real-time monitoring of media and stakeholder sentiment. Action planning for cyber incidents should be more dynamic, taking into account scenario testing and stakeholder mapping that lead to decision frameworks being updated regularly rather than filed away.
“The future lies in treating cyber preparedness as a continuous, organisation-wide discipline, rather than a crisis-only response. Sophisticated threats, including state-linked attacks and AI-enabled risks, mean that incidents are no longer isolated or short-lived,” she shared.
“Companies that build regulatory relationships early, activate leadership visibly, and communicate with clarity and confidence are more likely to retain credibility when the next cyber incident occurs.”
*****
Long-term cybersecurity is the product of how organisations respond to complex cyber threats with clear communication, transparency, proactive, and dynamic action plans that enable trust and credibility.
The future of cybersecurity goes beyond having the ability to detect and prevent, but starts by building a foundation of relationships with all stakeholders across industries to be ready when the next breach occurs.
