Don't wait for the breach: Why leaders need to treat cyber risk as stakeholder risk

Cybersecurity is no longer just an IT issue—it's a reputational one. As the lines between digital infrastructure, brand trust, and stakeholder expectations continue to blur, cyber events now shape how customers, policymakers, investors, and employees view an organization's integrity, resilience, and license to operate as a business.

Penta's latest white paper, "Cyber risk is stakeholder risk," draws on insights from our AI-powered media intelligence and stakeholder sentiment modeling to assess over 4.8 million global mentions from January 2024 to August 2025. By combining visibility-weighted scoring with issue and audience-specific sentiment, the research was conducted across six industry sectors (Automotive, Retail, Telecom, Tech, Healthcare, Finance) and shows how cyber threats reverberate across industries and stakeholder groups. The white paper also identifies key trends to watch in the cyber landscape and outlines the critical steps that communications, policy, and public affairs leaders should take to strengthen their preparedness for the next cyber event.

What's happening: Stakeholder trust is collapsing across the board

One of the key trends the white paper identifies is that across industries, sentiment around customer privacy, data security, and incident response remains deeply negative—especially among regulators and investors. Stakeholders are not just watching how organizations prevent breaches; they're judging how well they manage, communicate and recover.

When response efforts are slow, fragmented, or overly cautious, they erode stakeholder trust. But when organizations demonstrate preparedness and transparency, they can actually strengthen credibility even amid a crisis.

What leaders should do: Build for speed and coordination

For communications, policy, and public affairs leaders, the growing erosion of stakeholder trust means that they must take a holistic team approach to incident planning and response. Many organizations have crisis playbooks, but few have crisis teams that operate in sync when it matters most. Communications, IT, legal, and government affairs often plan separately, leading to slow, fragmented responses that can deepen reputational harm. 

Organizations should proactively take an assessment of their existing plans with a cross-functional team to develop a clear understanding of potential issues, legal requirements, and the many other factors that come into play during a cybersecurity breach. This exercise helps prevent what too often happens in a crisis: siloed activities, fractured and slow information flow, and unclear ownership.

In the white paper, Penta identifies actionable steps leaders can take to implement this approach:

• Ensure the right leadership from public affairs, legal, IT, customer support/success, partner marketing, and communications are embedded in the core cyber response team.
• Use research and media intelligence to shape tone, not just message. Leverage AI tools to test messaging against synthetic audiences alongside traditional polling and research.
• Conduct stakeholder-specific debriefs after incidents and apply learnings to update messaging, positioning, and risk frameworks.