Before, During and After: Managing Cybersecurity Communications
PwC’s Global Economic Crime and Fraud Survey indicated that on average, organizations were experiencing six cybersecurity incidents within a 24-month period through 2020 — a stressing reality for organizations and the customers and businesses they serve.
Strengthening cybersecurity is a growing consideration for teams, particularly in industries like tech, legal, healthcare and finance. Everyone plays a role in ensuring the organization is protected — especially communicators — from proactive planning to reactive measures in the moment. So, what should we focus on first?
Before: Ready Your Plans
With much at stake operationally and reputationally, a cybersecurity incident can yield a lot of stress for everyone but especially for communicators if they have not been proactive or prepared.
A 2022 survey from Deloitte confirmed that only 49% of respondents were prepared with plans or playbooks for likely crisis scenarios. Deloitte also noted that businesses that already experienced a crisis said the most important lessons they learned or would do differently were “doing more to identify crisis scenarios” and “a more robust communications plan.”
Prioritizing the creation of a communications plan involving multiple scenarios should likely be one of the first focuses for communicators, if not the very first. Running this through various levels of stakeholders is also essential, so that they may weigh in on any gaps or considerations to include. Consider the following questions while preparing your plans:
- Who needs to be at the table during a crisis, and are they aware of their role in the plan?
- Do you have a spokesperson designated to handle external and internal inquiries?
- How will stakeholders be informed?
- Do you have scenario strategies and templates to ensure quick action?
During: Gather Your Facts and Communicate
When a cybersecurity incident occurs and tensions run high, it can feel natural to want to convey everything as quickly as possible to achieve transparency and drive your narrative. Quick communication is very important, but the facts must come first. Gathering executive leaders, IT, legal and other essential departments to level set is going to inform the communications you distribute and, hopefully, create greater transparency and trust through this situation and in the long-term.
Collaboration across multiple disciplines is integral to ensuring every fact, approach and stakeholder are considered — it may seem time consuming to get many involved, but crisis communications has no room for corporate silos, which can make things worse in having communicators go out with inaccurate information or updates that don’t encompass all sides.
Employee awareness is important, whether it’s receiving the employee awareness update or actively participating in the crisis room meeting to gather facts. If you’re in that room, here are some important questions to ask:
- What happened?
- What is known thus far?
- Who or which groups are specifically impacted?
- What is yet to be known, and when/how will this be found?
One of the “worst nightmare” moments in these scenarios is when capturing information takes a lot of time. There is risk in delaying a response and also in appearing less confident going to the public. Choosing not to address it is not an option. Sony waited four days to address their 2014 breach, which only deepened their crisis to the extent it is still often referred to as “what not to do.” In moments where there aren’t enough facts confirmed yet, having a holding statement ready can help showcase acknowledgement and responsibility. It could look like the example below:
We’re aware of an incident taking place starting (WHEN) in (WHERE). We are currently looking into what occurred, and we will provide you with more information shortly as we confirm more details and solutions. For all inquiries, please contact (WHO).
After: Consistent Engagement and Authenticity
Aside from tightening security measures to ensure this doesn’t happen again, organizations have to continue working to build trust through consistent engagement and authenticity. This could look like:
- Continuing to update blogs, social media, FAQs (and keep client-facing roles informed)
- Alleviating as much tension as possible through help guides and direct client check ins
- Communicating reassurance that this will not happen again and what has been done to ensure this.
A great example of this was Buffer’s 2013 breach, which has been the focus of several crisis communication case studies since. They navigated the situation beautifully in real time with updates, step-by-step guides and empathy. Here is what they shared once the situation was over and resolved:
Hi there,
I wanted to follow up with you after yesterday’s hacking incident. For many of you this has seriously disrupted your weekend — I’m sorry we caused that awful experience. The Buffer team has been working around the clock and I’m glad to say we’re back up and running. We have also spent all of today adding several security measures.
There’s one key step to using Buffer again: You will have to reconnect all your Twitter accounts, even if you’ve already done so. Go to the Buffer web dashboard to reconnect. Other important things for you to know:
- Reconnecting won’t work in mobile apps. All Twitter accounts will have to be reconnected on the web dashboard.
- Your Facebook posting will have resumed normally. There is nothing you need to do.
- Signing in with or connecting a new Twitter account in the iPhone app won’t work until our new update is approved by Apple.
I want to apologize again and say that I’m incredibly sorry this has affected you and in many cases also your company. We’ve written a blog post with ongoing updates as we uncover the full details.
What is left for us right now is to complete our technical analysis and take further security measures. We will follow up with another update on this soon. I want to invite you again to hit reply to this email or post a comment on our blog post. We will be sure to respond to you as fast as we can.
—Joel and the Buffer team
With high-profile organizations like Microsoft and Google pledging billions to mitigate cybersecurity incidents, it’s clear that taking the time to consider crisis communications planning with cybersecurity scenarios is important.
Compared to 2020, 2021 saw 50% more cyberattacks per week on corporate networks. We don’t anticipate this to change anytime soon. Every hour put toward planning and mitigation means less organizational and reputational impact later.