Interview with Ann Marie van den Hurk
Founder & Principal @ Mind The Gap Public Relations, LLC

The evolving threat landscape means leaders today must worry about far more than theft and fraud. They must now consider cyber attacks, terrorism, misconduct, and activism. We understand what keeps executives up at night and work them to prepare for the unseen discreetly. Mind The Gap Public Relations is a crisis management consulting firm specializing in proactive crisis communications planning, training, and management. Mind The Gap Public Relations
Hi Ann! What makes your work with Mind The Gap Public Relations unique from other crisis management firms?
Hi! What do I think my work with Mind the Gap Public Relations makes me unique from other crisis firms. The fact that I've been doing this for 20 years, and I bring a wide breadth of experience, knowledge. I look at a big picture, long term picture, not just the short term. Let's quick fix it and move on, and I think that's important. I am a soul opener, so when you do work with me, you are working with me. Literally, not a team of junior members, which I think is really important. I feel like if you've come to me, you have trust in me to do the right thing, to guide your company. So, I think the fact that also I have a sort of a code of conduct that I follow breaks me apart from a lot of crisis firms, and then I just happen to specialize in cyber risk, which is really underrepresented right now in crisis management firms.
What are some of the biggest security threats and crisis risks prevalent today that weren't a threat say, five years ago?
Many of the security and crisis risks are pretty much the same. Most organizations understand what they are or know what their next crisis is going to be. Typical crisis is fraud, misconduct. Some of the more severe ones are having to do with active shooters, espionage, and so forth. Now, when it comes to cyber, that has become one of the largest threats, most prevalent threats in the past five years. Simply for the fact, here is one, there's been building of awareness, and two, it's become more widespread. So, Fortune 500 companies, governments, all the way down to your local bakery have a high potential of a cyber attack to happen, and that certainly has increased tenfold in the last five years. That said, there still needs to be a lot of awareness building around cybercrime, people understanding it, and that's what I hope to do, is bridge the knowledge gaps between what businesses know and what the real facts are.
What are the first steps firms and companies must take when a crisis or emergency happens?
Well, let's take this question a little further back. Instead of what must they take when a crisis or emergency happens, let's take them before the crisis happens, and that is essential for an organization to be successful in mitigating a crisis, and that is having a plan. Having a plan before anything happens, and that would be a crisis communications plan, where strengths, weaknesses, opportunities, and threats are reviewed, scenarios are created. And from there, you build as to what would your response be to those scenarios. You would need a team of, a crisis team to be gathered, and trained, and drilled, it would include legal, the CEO, whoever provides your services, and then from there, once a crisis happens, you already have a set plan, and it buys you time in order to investigate the real situation, the real crisis. You can't plan for every crisis, but what you can do is train yourself as to how to respond to the crisis in an efficient and effective way. So, once a crisis happens, what you do is you activate your crisis communications team, and from there, you use your plan to manage it effectively.
What can companies do to start developing their crisis management plans to include the potential for digital and cyber attacks?
The first thing that organizations can do, when they are developing their crisis communications, or their crisis management plans include digital and cyber attacks. What they need to do, one actually reviews their plan, and crisis communications plan should be reviewed quarterly, due to the fact, that this is a very fast paced changing environment for threat levels to organizations as well as there are staffing changes, and those people need to be trained and brought up to speed. Now, every crisis communications plan, every risk plan needs to include something about reacting to digital or a cyber attack. Now, a digital attack I would classify as a social media situation that has developed. A cyber attack is much more, is done by more nefarious individuals looking for financial gain. The key to it is, when you're doing your plan, is to understand what your risks are, and how you could mitigate them beforehand. There are lots of things you could do to ensure safety, to prevent these sorts of incidents from happening. It's a requirement now. It is not something that should be an afterthought. Digital and cyber need to be in the plan, because they can affect business continuity.
What's next for your work with Mind The Gap Public Relations? What are the main sectors, threats, and partnerships you'll be focusing on in the next year?
What's next for Mind the Gap Public Relations and myself. We will be continuing to focus on cyber risk as part of our crisis communications practice. It definitely is something that is least understood within the executive team. There is a huge gap of knowledge and understanding between the C-suite, and perhaps the more technical sides of the business, and what we're able to do is bridge those gaps, and bring people together, and allow them to be able to communicate effectively. So essentially, I'm a cyber risk communicator bringing people together to understand their risks, assessment, and how they can move forward to ensure protection of their organization. Now, major sectors that I'm looking at, are health care for every country that is a treasure trove of important data. For example, on the dark web, your social security number, or something similar to that as a personal dental fire, is only going for about one U.S. dollar. Now, your health care records, on the other hand, can go between three to four thousand U.S. dollars. So, that means protecting, and there are huge gaps specifically around third party vendors. And, I'm focusing on working with individuals who have more technical skills than I do and bringing our skills and knowledge together to help people.