Plan Now to Avoid a Communications Failure After a Cyberattack

By Rosalyn Page for CSO

Responses to recent cyber breaches suggest organizations can struggle to get the message right in the midst of an incident. While managing the communications around an incident is outside the direct purview of the CISO, having an existing communications plan in place is an essential element of cyber preparedness.

“Communications are a critical component of a good cyber strategy, and it should be prepared and practiced in organizations before an incident occurs,” says Eden Winokur, head of cyber at Hall & Wilcox, which helps companies with cyber incident management among other things.

Cyber preparedness should include a communication plan

Winokur’s advice is to err on the side of transparency, while ensuring accuracy when it comes to responding to a cyber incident. “Cyber is not just an IT risk. It really is an enterprise risk, and a key part of cyber preparedness includes a communication strategy within the organization and with external stakeholders.”

Do not rush post-breach stakeholder communication

When cyber incidents first break, it’s often a case of known unknowns, and the urge to reassure and even contain the incident is strong. But the need for accuracy is paramount, warns Andrew Moyer, executive VP and GM with Reputation Partners, which handles crisis comms. “You want to be the one out there, planting that narrative flag first,” he says. If organizations get ahead of themselves and issue definitive statements, based on the understanding at one point in time only to recant or change them later, it can spell a bigger disaster.

Suddenly, a cyber incident turns into a full-blown PR crisis. If things change, as they tend to, it can raise questions as to the credibility of the organization. “What you don’t want to do is say something with such specificity that you risk having to walk it back and you lose credibility,” says Moyer.

With cyberattacks becoming more regular every year, the general public has a certain level of understanding, and even expectation, about incidents occurring. As a result, Moyer believes people are more comfortable with qualifying statements, so “you’re not painting yourself in this absolute corner”. Instead of aiming for exact numbers, for example, he recommends using language that includes “relative scale terms such as ‘We’re aware it’s a limited number of individuals impacted’ as opposed to ‘we think it’s 1,000 people.’”

Anyone in a frontline position needs an early warning sign something has occurred and a direct line with decision makers to raise the question of when it’s necessary to activate the crisis plan. “It’s critical, as part of any communication strategy, to ensure you’re accurate and to acknowledge if an investigation is ongoing, and to make that statement over and over again. Some of that comes down to building those materials as templates early so that people have done an initial review and sign off. And you can move a little quicker,” Moyer says. For more, click here.

Image by Darwin Laganzon from Pixabay

By Jeanette Meyer-Fladung | April 14, 2023 | Best Business Practices, Communicating to Stakeholders, Crisis Communications, Crisis Management, Crisis Preparation, Cybersecurity

Plan Now to Avoid a Communications Failure After a Cyberattack

Cyber preparedness should include a communication plan

Contact Us