Does Your Cyberattack Plan Include a Crisis Communications Strategy? 5 Tips to Get Started

Don't overlook crisis communications in your cybersecurity incident response planning.

Ted Birkhahn, President, HPL Cyber

June 22, 2021

5 Min Read
Dark Reading logo in a gray background | Dark Reading

In the first half of 2021, the United States has seen a 102% increase in ransomware attacks since early last year. From Colonial Pipeline to Microsoft Exchange, the pervasiveness and sophistication of these attacks continue to intensify. With such staggering numbers, it is easy to become desensitized. But each incident involves potentially ruinous effects on an enterprise that carry profound business, legal, financial, and reputational implications.

During a cyberattack, one of the most overlooked — and consequential — areas for enterprises is implementing an effective crisis communications strategy. Just as you need to shore up the technology, legal, financial, and compliance aspects of your cybersecurity preparation plan, you must also prioritize crisis management and communications/

But where should you start? Below are five crisis communications tips to form the foundation of your strategy.

Tip 1: Be Prepared to Respond Quickly
Our media landscape is characterized by a 24/7 news cycle, ubiquitous social media channels, and misinformation powered by algorithmic artificial intelligence (AI) and delivered instantly on a global scale to billions of people. This shows no sign of abating. What does that mean? Time is not on your side. But with an actionable plan in place, you will be much better prepared. An actionable crisis communication plan consists of:

  • Collection: Before acting, you must first implement a mechanism to collect information. By having a clear picture of the threats and risks your company faces — before or during a cyberattack — you will be able to make more-informed decisions. This will answer crucial questions like: What happened? When did it happen? How did it happen? And why did it happen?

  • Assessment: The information has been collected. Now what? The assessment phase involves digging into which stakeholders were impacted and how they were affected. Each group of stakeholders — whether employees, customers, suppliers, regulators, or investors — has distinct and overlapping needs. Understanding their needs and primary concerns enables businesses to craft effective messages, identify the right spokespeople to deliver the message, and distribute communications through the right channels.

  • Response: You are entering the execution phase — decisions are being made. During this stage, it is important to determine what messages and talking points will be conveyed, the specific channels you will use to communicate the messages, and how you will monitor stakeholder responses.

  • Evaluation: It is now time to evaluate. How are stakeholders feeling and responding? What is the general sentiment? Along with this, you should have a good understanding of the messages that resonate most vs. those that are not quite hitting the mark. These insights will help you recalibrate your messaging accordingly.

Tip 2: Establish a Virtual War Room to Monitor and Assess
With your crisis communications framework in place, it is time for action. Picture this: your company is the target of a ransomware attack. And while desperately trying to address the incident, media are beginning to report the incident, citing reports on Twitter. Information — fragmented at best, wholly inaccurate at worst — is circulating widely. Who and where are your eyes and ears?

It will feel like the fog of war. With so much happening at once, it is critical to have monitoring mechanisms set up to track activity on social media, news coverage, employee feedback, and customer feedback. This information needs to be packaged and delivered into easy-to-digest dashboards that you can use to track and understand changes in sentiment, perception, and the overall dialogue.

Tip 3: Embrace the Notion of Radical Transparency With Your Key Stakeholders
In a cyber crisis, trust can be built or broken depending on how and when a company responds in the hours and days following the breach. In a perfect world, a swift and effective crisis response is ideal; however, if companies need to sacrifice one over the other, taking more time to respond with intention takes precedence over a quick, yet insufficient response.

Speed is certainly important. Yet the inherent damage that can be wrought if your stakeholders smell a hint of evasion or fabrication will have long-lasting and detrimental effects on brand trust and reputation.

Tip 4: Set Goals and Benchmarks but Be Flexible
Cyber crises are not linear; they are fluid and unpredictable. The ability to pivot is a key characteristic of a good crisis response. What does that mean? Just as the proliferation of news and social channels presents threats and risks to a brand's reputation, they can also be leveraged to successfully combat misinformation from a cyberattack. It is critical to understand and use the best channels to reach audiences with the right messages at the right time.

Tip 5: Admit Fault Quickly
With recovery in mind, admitting fault is the fastest way to restore trust and rebuild relationships with affected stakeholders. Yet it needs to be done in close consultation with the legal team. An effective crisis communications response requires a strong and healthy relationship between legal and communications teams. Too often, enterprises bungle their initial responses by equivocating and being vague and indirect about the incident.

Remember this: Brand trust and credibility are fostered by perceived transparency, forthrightness, and honesty. Squandering this critical first opportunity could prove damaging if your company is regarded as unaccountable.

Will Your Company Be Prepared for the Next Cyberattack?
Prioritizing communications will ensure your enterprise is more prepared to identify the nature of the attack; understand the scope of what stakeholders have been affected; uncover primary concerns and needs of stakeholders; craft messaging that resonates and provides assurance; and, ultimately, mitigate the reputational fallout of the attack.

This is a critical and underappreciated component of any cybersecurity preparation plan. There is no reason to be caught off guard when the stakes are so high.

About the Author

Ted Birkhahn

President, HPL Cyber

Ted Birkhahn is president of HPL Cyber, a brand, marketing, and communications firm that helps cybersecurity companies grow. Ted's experience as a strategic marketer and communicator spans more than 25 years working as a journalist, press secretary, and as an agency owner working with some of the fastest-growing startups as well as the world's largest companies. His firm, which won the 2020 PRovoke Media New Agency of the Year, works closely with industry brands and business leaders to build brand awareness, acquire new customers and protect their reputation.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights