Friend,

#ResistandUnsubscribe has saved me more than $120 this month, but more importantly it's gaining momentum as one of the only ways Americans can do something about ICE.

Thus, NYU professor and Pivot co-host Assoc. Professor Scott Galloway @profgalloway is my hero this week. His co-host Kara Swisher is a more likely winner of that title but Galloway wins on points for #resistandunsubscribe. This micromovement is also BC Brief-worthy because it seeks to create "supportive action", which, as you know, is the reputation metric I think matters most.

Backstory: global reliance on the US and its unpredictable leadership was a hot topic at Davos. Prof G attended the conference but probably had this campaign hatching before that.

Has he started a global consumer movement? IDK but I beg you, give it a crack, if you too reject the role "big tech" are playing right now. I'm giving deportation a crack as I write this in a LA hotel room without Prof G profile to protect me!

This week we've seen international powers France and Germany announce pull backs from US tech.

Now, consumers and businesses have a way to do the same. It's brilliant. But will we, ex-US, have the b@lls to do it? Let's see.

ASIC's $3m FIIG punch

FIIG’s $2.5m ASIC penalty landed this week. Painful, but it could have been worse. For us, the subtext is familiar from Optus and Latitude. Cyber breaches are now judged less on what happened and more on how leaders respond in public, under uncertainty.

Having watched this play out repeatedly, and now with FIIG, the PR lesson isn’t that controls failed. It’s that credibility collapsed when messaging lagged, shifted, or over-reassured. Regulators, customers, and media have no patience for “we’re still investigating” when organisations obv. know enough to speak.

Here’s the uncomfortable truth: in a cyber breach, you will never feel like you know “enough”. But you almost always know something early that would help warn and protect people. Your job is to use that information without derailing the technical response or creating future exposure.

Cybersecurity crisis comms: one big DO and one big DON’T.

DO: communicate like an operator. Be fast, factual, time-bound, and useful. Say what you know, what you don’t, what people should do now, and when the next update is coming.

DON’T: fill gaps with reassurance you can’t yet prove. “Limited impact” has become one of the most expensive phrases in Australian corporate history. 

The pattern is clear.

It’s not the breach that burns trust. It's the way brands and CEOs wobble in public.

Especially when they have facts that could HELP customers but have a crap response "MO".

That wobble is almost always a readiness failure.

That's why we focus on winning the first 72 hours, the only window where trust is still malleable. That means owning the narrative while investigations are live: sequencing government, regulators, staff, partners, customers, and media; enforcing message discipline; and protecting leaders from overstatement that comes back to bite. Controls will fail. Humans will too. That’s usually forgivable. What's less forgivable is crap comms.

Your communication decides whether it’s contained or defining in a bad way.

I’ll leave the last words (paraphrased, and re FIIG) to ASIC Deputy Chair Sarah Court: entities that fail to maintain proper cyber security controls risk regulatory action and malicious exploitation. ASIC expects cyber resilience, fit-for-purpose governance, and an incident response plan tested at least annually.

Hit reply and say "send it to me" for BlueChip's 10 slide "How to get your cyber crisis comms house in order" deck. I promise it's easier than you think.

Best,

Carden | she/her (here’s why that matters @work)

On our radar: some of today's RBA reporting

ASIC hits FIIG with $2.5 million cyber security fine

After a 2023 cyber-attack to the tune of 385 gigabytes of stolen confidential client data leaking on the dark web, FIIG Securities Limited has now been ordered to pay a $2.5 million fine (plus $500,000 in legal costs) in an ASIC case heard in Federal Court. Alongside its insufficient preventative controls, ASIC cited the need to "have an appropriate cyber incident response plan".

Resist and unsubscribe

Prof. Scott Galloway's Resist and Unsubscribe highlights the power of the American (and certainly the global) consumer in resisting against the Trump Administration's campaign against immigrants in the US. The publication outlines the platforms, services, and corporations that lend their support to ICE and the administration as a whole, emphasising that the everyday consumer can join global superpowers in divesting.

Trust is the greatest ally of cyber-resilience

McKinsey data shows an explosive 1,265% increase in phishing attacks since the rise of generative AI in 2022. The real kicker is the response. Veeam found that 69% of organisations are confident in pre-ransomware preparedness, with a dramatic fall to 20% with confidence after an attack. The key in retaining consumer trust comes from openness with consumers. Organisations have the data. They need to be confident to use it.

Get to know your journo

This week's market movers

Big plays, bold bets, and (occasional) unconfirmed speculation

Australia's data-centre boom sees early winners - In the race to dominate the exploding AI industry in Australia, the ASX houses early success stories. Ranging from data centre construction to electrical servicing, firms such as NextDC and Worley are tipped to skyrocket.

Macquarie aggressively expands private credit - After already expanding its private credit output in December, Macquarie is now positioning itself to finance the AI boom, accelerating its lending with a $30 billion portfolio.