How should the comms team respond during a cyber-attack?


A nightmare scenario for a comms team is not having the full impact of a crisis to hand. If you don’t have all the facts, then an organisation is constantly playing catch up with the media and is incapable of setting the news agenda.

Unfortunately, this is almost the very definition of a cyber-attack. A hack is rarely a one-off event; it is typically something sudden but thereafter incremental. Determining the state of a hack is tricky and time consuming.

So how should you respond to a cyber-assault?

Here are some thoughts:

  • Communicate with staff first – you’re going to need their help – keep them on side.

  • Staff must get information from you not just from social or traditional media.

  • Staff run the risk of exacerbating the spread of malware by accidentally clicking on links. Warn them to be wary.

  • If you can confirm that personal data has not been compromised, then you should communicate this right away – but only if you are sure.

  • Don’t speculate or discuss issues that have not been confirmed as fact.

  • During a cyber-attack it is possible your email server will be suspended to prevent the spread of malware. In that instance, embrace traditional channels – use the phone!

If a hack has taken place and customer data is lost; do you go public straight away or do you wait for all the facts? It’s a double bind because if you sit on information you can be accused of a cover up, but if you go public you run the risk of stoking the story. That being said with GDPR in place you have to inform the regulator within 72 hours and the power of social media means it almost impossible to keep a story under wraps.

Jim Preen (Head of media)