Cybersecurity Crisis Communication | The 5 Golden Rules

by | Oct 4, 2024

Cybersecurity incidents are occurring more frequently with a cyber breach or ransomware attack happening every 14 seconds. Whether you’re running a startup or overseeing a large, well-established corporation, every organization is vulnerable to cybercrime.

 

And it’s not just your data that’s in jeopardy —your brand’s reputation is also at risk. In today’s digital age, customers expect businesses to protect their sensitive information for cyber criminals. Once a customer’s data is compromised, they can lose trust in your ability to protect it and that can create negative publicity, and tarnish your brand.

 

So, what can you do to safeguard your brand when the inevitable cyber disaster strikes? Besides working closely with your IT team to ensure you have security measures in place, you need a cybersecurity crisis communication plan.

 

A cybersecurity crisis communication plan is one of the most critical components of the customer notification process. It not only enables your organization to acknowledge that it’s fallen victim to an attack, but it also gives you the opportunity to own the situation and focus on your customers and any other stakeholders who are affected in the cyberattack.

 

Let’s explore the essentials of creating a communication plan that spells out what you’ll say and do when the heat is on.

 

1. Know Where You’re Vulnerable

There is no such thing as a one-size fits all cyber attack. Each attack is different in nature and can compromise your network in a myriad of ways. That’s why it’s important to assess the types of possible cyberattacks and prioritize which ones can inflict the most amount of damage to your network and brand image.

Does your business process customer payments? And are you storing that customer data internally making it more vulnerable to a cyber attack? Do you have an enterprise software that has access to other organizations’ critical internal data?

Each situation presents unique challenges that you need to be ready for. This exercise ensures you’ll never be caught off guard.

 

2. Build a Crisis Communication Team

 

Your crisis communication team is your first line of defense. Your team will be the ones assessing the scope of the breach or attack, gathering important information and communicating to your various stakeholders – both internally and externally. So ensure you have the right people in the most appropriate roles to manage and mitigate a cybercrime.

 

Key Roles to Include:

  • Crisis Leader: The team leader. This person oversees the entire team.
  • IT and Security Lead: Analyzes evidence, determines the issue, leads the technical team and orchestrates rapid system and service restoration.
  • PR/Communications Lead: Internal and possibly external PR experts craft and deliver the right message to the right audiences.
  • Legal Advisor: Provide counsel about legal issues and requirements related to data security, including whom must be notified of a breach or cyberattack.
  • HR Lead: If employee data is compromised, you’ll need someone to communicate internally.

3. Draft Statements BEFORE the Fire Starts

    Don’t wait for a cyberattack to strike. Be cyber ready and start drafting key messaging and statements for internal and external audiences. You’ll want pre-drafted, pre-approved templates for different stakeholders, ready to go at a moment’s notice.

     

    Why? Because when panic sets in, clear thinking often become blurred. By having your messaging ready, you’ll be able to respond swiftly and consistently with internal and external audiences.

     

    Types of Templates to Prepare:

    • Media Statements: Clear, concise updates for the media.
    • FAQs: For customers, clients, shareholders and media who will have important questions.
    • Internal Briefing Notes: Your employees will need clear directions, especially if they’re getting bombarded with questions.

    4. Communication Fan-Out Plan: Who to Tell and How

      When a cyberattack happens, the temptation might be to shut everything down and avoid discussing it publicly. But silence often makes things worse. A well-organized fan-out procedure—which outlines who gets notified and how—will keep things from spiraling out of control.

      Think about all the stakeholders you’ll need to communicate with:

      • Customers who will want to know what data was compromised and what they’ll need to do about it.
      • Employees who need guidance and reassurance.
      • Media outlets that will be looking for a story (whether you share your story with them, or they seek answers from outside sources).
      • Regulators who require updates to make sure you’re complying with the law.

      Also consider the format in which you choose to convey your message. Do you want to use a standard, written press release? Or maybe a video to convey emotion and empathy in a tough situation. In the case of the latter, consider professional media training to really ACE the message and minimize the damage.

      5. Choose the Right Platforms

       

      In today’s multi-platform world, your crisis communication strategy needs to be nimble. Will you send out press releases, post on social media, email stakeholders directly, or all of the above?

       

      It’s important to choose the right platform depending on your audience:

      • Social Media for timely updates to a large group of people.
      • Email for more detailed communication to your clients and employees.
      • Press Releases for official, external announcements.

      Pro Tip: Don’t neglect internal communications. Your employees are on the front lines and should be briefed first so they can help manage customer concerns.

      Final Thoughts: Lean into the Crisis with Confidence

      No one likes to think about getting hacked or dealing with a cyberattack. However, in today’s digital era, it’s now if, but when you’ll be the victim of a cybercrime.

       

      Organizations that prepare to be cyber ready survive and thrive with their reputations intact.

       

      By being proactive and building a comprehensive cybersecurity crisis communication plan, you ensure that when the inevitable strikes, your brand remains strong. It’s not just about weathering the storm—it’s about emerging with your business and reputation intact.

       

      If you need help crafting a comprehensive crisis communication plan that’ll protect your best interests, reach out to Solv Communications. With over 30 years of experience, we’ve prepared leaders to know what to say and what to do with the heat is on. Don’t wait for the worst to happen—be cyber ready.

      Nicole Harris

      Nicole Harris

      Nicole Harris is the Founder and CEO of Solv Communications, a leading Reputation Management and PR agency in the Prairies. As a former network television news anchor and reporter, Nicole has gained deep insight into the power of earning trust through strategic communication. Over her 15-year career in the media she has covered some of the most high-profile risk management stories including cyber breaches at Fortune 500 companies, product recalls, workplace violence and everything in between. Nicole and her team’s extensive industry knowledge and strategic guidance will help you focus on what is in your control to mitigate risk and minimize damage to your reputation. It’s all about prioritizing strategic planning to spot an issue, effectively manage it, and develop action plans to safely steer you through any situation before it damages your reputation. Nicole has developed and delivered bespoke reputation management strategies and media training for senior executives, board members, politicians, and celebrities.