logo Crisis Solutions

Crisis Solutions

+44(0) 207 965 7319CONTACT US

Crisis communication during a cyber-attack

During an incident or crisis, the nightmare scenario for a comms team is not having the full facts and impacts to hand. Not knowing the full extent of a crisis will see comms forever playing catch-up with the media and unable to get on the front foot.

Step up a cyber-attack, an almost perfect definition of the above. Those of us in crisis management have learnt from bitter experience that a hack is not a one-off, event; it is typically something sudden but thereafter incremental. Determining the state of a hack is tricky and time consuming. How the comms team responds needs careful thought.


Once is has been determined, presumably by IT security, that an attack is underway, internal comms is the most important first step. Before you think about communicating with external stakeholders let your staff know what’s going on.

Everyone in the organisation is going to have to work together to beat the cyber-threat so your staff need to learn from you rather than the media about any new developments. Information sourced from the media is likely to be sensationalist, so they need good dispassionate information from the comms team to maintain trust. There are practical benefits too, as if there is malware involved then staff need to be told to stop sending emails or using website messaging as this could spread the virus and put data at risk.

Hi-tech, Low-tech

In a crisis, it’s a good idea to think hi-tech and low-tech. If the cyber-attack is particularly vicious it may be necessary to take down the email sever. How will you then communicate with staff? Traditional channels such as phone calls and notes pinned up at the water cooler may be the way ahead.

When it comes to external comms a speedy response is needed as it is likely the attack is already on social media. It may be tricky to establish the facts and impacts of the attack, but IT must do this if comms are going to be able to work effectively.

Key messages

If the story has broken, then release a holding statement setting out what you do know, however limited that may be, together with your key messages. This may be how customers can best protect themselves and what you are doing to address the problem. Obviously don’t speculate about what you don’t know. If you can confirm that no confidential data has been seized than do so, but only if you are absolutely sure. If data has been stolen then journalists and others will be asking whether the data was encrypted. You must have your answer ready.

Many organisations are now putting together cyber-playbooks to complement their Business Continuity Plans, setting out in specific terms how to tackle the cyber-menace. This may well be something you should consider if the threat of a cyber-attack is keeping you awake at night.