Our top tips for communicating in a cyber crisis
Cyber-attacks are a potential crisis for every organisation, no matter how big or small. It is going to happen to you at some point, you just don’t know when.
For businesses, this can include everything from fake invoices to breached networks. The consequences can be devastating and can place the very survival of a business at risk.
Cyber security is not the domain of IT alone; it requires whole of organisation coordination and response.
Without a solid crisis plan in place, it is your organisation’s reputation that stands to suffer during a crisis. A slow response can be taken as an indication of a lack of control or care, and perceptions can very quickly overtake facts.
As with any crisis, the best defence against a cyber-attack is good planning and preparation.
Depending on the size of your organisation, cyber security can be incorporated into your existing crisis communication plan or it can be a standalone plan. Our recommended approach for communicating during a cyber crisis cycle is:
Before a crisis:
Build a plan and response team, delegate and deeply understand roles and responsibilities – establish key duties in advance and practice and wargame as a team. Prepare templates, messages, contact lists and communications channels in advance.
Scenario plan – scan the environment and identify potential attack scenarios while continually assessing your organisation’s ability to respond. This is not static. Cyber security is evolving and the threat is constantly changing, and that means your response must too.
During a crisis:
Respond quickly and proactively across all available platforms. Show that your organisation’s response is equal to the threat by responding quickly, but with clarity and consistency. Pre-prepared key messages and templates will help here. Respond in minutes not hours and provide updates as things change.
Be ready to efficiently handle increased contact from customers, stakeholders, suppliers and the media, who deserve to know what is happening and what is being done about it. However, don’t allow this to detract from the team’s focus on the job at hand; containing and responding to the crisis. Having delegated team responsibility and someone whose job it is to manage this helps.
Implement media and social media monitoring to inform the evolving response – this is essential from a reputation and brand management perspective.
After a crisis:
Restore business as usual as soon as possible to build stakeholder confidence and your business’s credibility.
Evaluate and identify opportunities for improvement – implement this into your next crisis planning phase. Going forward, show what you are doing differently to rebuild better.
Consider bringing in outside legal, technical and media help to prepare for the next time a crisis hits.
For more information, ask our team for advice by calling (08) 8981 6445