Penta’s latest white paper, "Cyber risk is stakeholder risk", explores the growing reputational impact of cybersecurity incidents across industries and stakeholder groups. The analysis leverages Penta’s media intelligence and stakeholder sentiment modelling, covering more than 4.8 million global mentions from January 2024 to August 2025.
Key trends shaping the cyber risk landscape
The study finds that overall stakeholder trust is eroding, reflected in strongly negative sentiment around customer privacy, data security, and incident response across all stakeholder groups - particularly regulators and investors.
Cyber risk is also emerging as a geopolitical concern. State-linked attacks are increasingly viewed as potential national security issues, exposing organisations operating in sensitive sectors to heightened geopolitical risk.
At the same time, reputation recovery is no longer just about containment. The research suggests that a brand’s ability to rebound from a cybersecurity incident is closely tied to the effectiveness of its response, with fast and visible executive action outperforming opaque or delayed communications.
Cyber risk breakdown by industries
Key trends shaping the cyber risk landscape
The study finds that overall stakeholder trust is eroding, reflected in strongly negative sentiment around customer privacy, data security, and incident response across all stakeholder groups - particularly regulators and investors.
Cyber risk is also emerging as a geopolitical concern. State-linked attacks are increasingly viewed as potential national security issues, exposing organisations operating in sensitive sectors to heightened geopolitical risk.
At the same time, reputation recovery is no longer just about containment. The research suggests that a brand’s ability to rebound from a cybersecurity incident is closely tied to the effectiveness of its response, with fast and visible executive action outperforming opaque or delayed communications.
Cyber risk breakdown by industries
- Retail: The most negative sentiment overall, driven by the direct consumer impact of breaches, sensitive customer data, and operational disruption.
- Technology: The most visible sector in cybersecurity discourse, where recurring attacks and regulatory fallout continue to erode trust in digital infrastructure.
- Telecommunications: Among the hardest-hit sectors, affected by repeated attacks and legacy breaches resurfacing on the dark web, raising national security concerns.
- Financial services: Sustained negative sentiment linked to high-profile breaches, customer data exposure, and significant crypto-related losses.
- Healthcare: Persistent distrust driven by repeated breaches involving patient and billing data, alongside heightened scrutiny of AI-related data risks.
- Automotive: Negative sentiment following ransomware attacks that disrupted dealer operations and raised concerns about digital resilience in increasingly connected vehicles.
Overall, the study notes that industries with the most direct consumer interfaces tend to experience the steepest reputational declines following cybersecurity incidents.
Key takeaways for communications and public affairs leaders
Key takeaways for communications and public affairs leaders
- Cyber risk is board-level risk: It must be managed as a cross-functional priority, not solely as a technical or compliance issue.
- Integrated response drives resilience: Organisations that align IT, legal, communications, and executive leadership with clear escalation protocols and stakeholder-specific strategies are better positioned to protect trust and reputation.
- Proactive oversight is essential: Scenario planning, continuous monitoring, and treating incidents as reputational challenges enable faster, more effective responses.
- Leadership visibility matters: Transparent, decisive, and timely action by executives is the most critical factor in stabilising stakeholder confidence and reinforcing organisational credibility.
