Insights

The Essentials of Crisis Communications in the Face of a Cyber-attack

Quorum Cyber’s Principal Incident Response Consultant shares his advice on how to communicate effectively during or after a cyber-attack.

  1. Home
  2. The Essentials of Crisis Communications in the Face of a Cyber-attack

Mark Cunningham-Dickie, Quorum Cyber’s Principal Incident Response Consultant, shares his advice on how to communicate effectively during or after a cyber-attack.

When a cyber-attack hits it’s often the most stressful day imaginable for everyone involved. As well as the shock of being breached there are a host of unknowns – who attacked, how did they do it, have they stolen any data, has the business been disrupted, is there a ransom note?

Such an extreme and unusual event for the victim organisation requires a specialist Incident Response (IR) team to investigate. This is an emergency team that visits the scene of the crime to contain the situation and assess what took place, when, how, and by whom. Our IR professionals have deep technical expertise and the experience of handling hundreds of unique cases. So, what’s the worst-day ever for the organisation is the IR team’s standard Tuesday.

Here are his top two recommendations:

1. Communication is key

A huge part of this is crisis communication. This is often overlooked in the heat of the moment. Clear communication with internal and external stakeholders at the correct times is essential. An art and a skill, communication is the best way to minimise reputational damage, and maintain – and possibly even improve – trust.

It’s vital to be clear, consistent, and timely with all communications. And, as advised in our article, ‘Cyber-attack Survival: Seven Crucial Dos and Don’ts’, it’s important to be faster than the story and only convey the cold, hard facts. By planning in advance, you’ll be confident of who should do what in the event of a cyber-attack.

Communication is often taken for granted. Until it isn’t. Having reviewed incident response plans for hundreds of companies and reviewed their strategic recovery priorities, Quorum Cyber’s Incident Response team is always struck that the ability to communicate is almost never first on the list, if it appears at all. Emails and telephony, website and social media present the gateways to the organisation, not just for threat actors but for suppliers, and customers. Worse still, if you can’t leverage these to get your message out, it leaves a void that can quickly turn something that is largely trivial into being a huge conspiracy, and significantly more difficult to get in front of and manage.

Some other points to consider are:

  • Who is it that you can call and from which device?
  • What do you do when the device used to manage all your social media accounts is locked and the stored passwords lost?

2. Know what to communicate, how, and when

Good incident responders know what information is needed, necessary and desirable, and how to phrase it ways that can be easily communicated to the relevant parties, and in the relevant manner. Remember, it’s OK to say, “I don’t know” but never “No Comment”. Acknowledge and be up-front.

During an incident, it’s easy to fall into the trap of only focusing on the negative impacts, but promote the positives as well. Acknowledge the incident and its impact, but also what it’s not. For example, you could say something like, “Parts of our IT infrastructure have been impacted by a cyber-attack, and we have taken the proactive approach of isolating other areas to prevent wider impact while we investigate. Fortunately, all of our staff are safe and accounted for, we continue to deliver our great services/products, and we are working with some of the best names in the industry to understand the impact and extent of the incident as we recover.”

3. Preparing for the worst day ever

The importance of clear communication can’t be understated, and it’s another reason why companies should have Incident Response Preparedness as part of their cyber security strategy. And while any organisation can call a cyber security company in an emergency, it’s advised to set up an Incident Response Retainer ahead of time so that you have a trusted IR team on standby to support you around the clock – one that knows your business and your IT estate. Every minute counts after a cyber-attack.

Find out more

If you would like to learn more about how Quorum Cyber can help you before, during, or after any kind of cyber incident, don’t hesitate to contact us.

Further Insights from Quorum Cyber.

Privacy Preference Center

Privacy Preferences

Skip to content