Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


// // //
10:00 AM
Ted Birkhahn
Ted Birkhahn
Connect Directly
E-Mail vvv

Does Your Cyberattack Plan Include a Crisis Communications Strategy? 5 Tips to Get Started

Don't overlook crisis communications in your cybersecurity incident response planning.

In the first half of 2021, the United States has seen a 102% increase in ransomware attacks since early last year. From Colonial Pipeline to Microsoft Exchange, the pervasiveness and sophistication of these attacks continue to intensify. With such staggering numbers, it is easy to become desensitized. But each incident involves potentially ruinous effects on an enterprise that carry profound business, legal, financial, and reputational implications.

Related Content:

The True Cost of a Ransomware Attack

Special Report: Assessing Cybersecurity Risk in Today's Enterprises

New From The Edge: How President Biden Can Better Defend the US From Russian Hacks

During a cyberattack, one of the most overlooked — and consequential — areas for enterprises is implementing an effective crisis communications strategy. Just as you need to shore up the technology, legal, financial, and compliance aspects of your cybersecurity preparation plan, you must also prioritize crisis management and communications/

But where should you start? Below are five crisis communications tips to form the foundation of your strategy.

Tip 1: Be Prepared to Respond Quickly
Our media landscape is characterized by a 24/7 news cycle, ubiquitous social media channels, and misinformation powered by algorithmic artificial intelligence (AI) and delivered instantly on a global scale to billions of people. This shows no sign of abating. What does that mean? Time is not on your side. But with an actionable plan in place, you will be much better prepared. An actionable crisis communication plan consists of:

  • Collection: Before acting, you must first implement a mechanism to collect information. By having a clear picture of the threats and risks your company faces — before or during a cyberattack — you will be able to make more-informed decisions. This will answer crucial questions like: What happened? When did it happen? How did it happen? And why did it happen?

  • Assessment: The information has been collected. Now what? The assessment phase involves digging into which stakeholders were impacted and how they were affected. Each group of stakeholders — whether employees, customers, suppliers, regulators, or investors — has distinct and overlapping needs. Understanding their needs and primary concerns enables businesses to craft effective messages, identify the right spokespeople to deliver the message, and distribute communications through the right channels.

  • Response: You are entering the execution phase — decisions are being made. During this stage, it is important to determine what messages and talking points will be conveyed, the specific channels you will use to communicate the messages, and how you will monitor stakeholder responses.

  • Evaluation: It is now time to evaluate. How are stakeholders feeling and responding? What is the general sentiment? Along with this, you should have a good understanding of the messages that resonate most vs. those that are not quite hitting the mark. These insights will help you recalibrate your messaging accordingly.

Tip 2: Establish a Virtual War Room to Monitor and Assess
With your crisis communications framework in place, it is time for action. Picture this: your company is the target of a ransomware attack. And while desperately trying to address the incident, media are beginning to report the incident, citing reports on Twitter. Information — fragmented at best, wholly inaccurate at worst — is circulating widely. Who and where are your eyes and ears?

It will feel like the fog of war. With so much happening at once, it is critical to have monitoring mechanisms set up to track activity on social media, news coverage, employee feedback, and customer feedback. This information needs to be packaged and delivered into easy-to-digest dashboards that you can use to track and understand changes in sentiment, perception, and the overall dialogue.

Tip 3: Embrace the Notion of Radical Transparency With Your Key Stakeholders
In a cyber crisis, trust can be built or broken depending on how and when a company responds in the hours and days following the breach. In a perfect world, a swift and effective crisis response is ideal; however, if companies need to sacrifice one over the other, taking more time to respond with intention takes precedence over a quick, yet insufficient response.

Speed is certainly important. Yet the inherent damage that can be wrought if your stakeholders smell a hint of evasion or fabrication will have long-lasting and detrimental effects on brand trust and reputation.

Tip 4: Set Goals and Benchmarks but Be Flexible
Cyber crises are not linear; they are fluid and unpredictable. The ability to pivot is a key characteristic of a good crisis response. What does that mean? Just as the proliferation of news and social channels presents threats and risks to a brand's reputation, they can also be leveraged to successfully combat misinformation from a cyberattack. It is critical to understand and use the best channels to reach audiences with the right messages at the right time.

Tip 5: Admit Fault Quickly
With recovery in mind, admitting fault is the fastest way to restore trust and rebuild relationships with affected stakeholders. Yet it needs to be done in close consultation with the legal team. An effective crisis communications response requires a strong and healthy relationship between legal and communications teams. Too often, enterprises bungle their initial responses by equivocating and being vague and indirect about the incident.

Remember this: Brand trust and credibility are fostered by perceived transparency, forthrightness, and honesty. Squandering this critical first opportunity could prove damaging if your company is regarded as unaccountable.

Will Your Company Be Prepared for the Next Cyberattack?
Prioritizing communications will ensure your enterprise is more prepared to identify the nature of the attack; understand the scope of what stakeholders have been affected; uncover primary concerns and needs of stakeholders; craft messaging that resonates and provides assurance; and, ultimately, mitigate the reputational fallout of the attack.

This is a critical and underappreciated component of any cybersecurity preparation plan. There is no reason to be caught off guard when the stakes are so high.


Ted Birkhahn is president of HPL Cyber, a brand, marketing, and communications firm that helps cybersecurity companies grow. Ted's experience as a strategic marketer and communicator spans more than 25 years working as a journalist, press secretary, and as an agency ... View Full Bio
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
The 10 Most Impactful Types of Vulnerabilities for Enterprises Today
Managing system vulnerabilities is one of the old est - and most frustrating - security challenges that enterprise defenders face. Every software application and hardware device ships with intrinsic flaws - flaws that, if critical enough, attackers can exploit from anywhere in the world. It's crucial that defenders take stock of what areas of the tech stack have the most emerging, and critical, vulnerabilities they must manage. It's not just zero day vulnerabilities. Consider that CISA's Known Exploited Vulnerabilities (KEV) catalog lists vulnerabilitlies in widely used applications that are "actively exploited," and most of them are flaws that were discovered several years ago and have been fixed. There are also emerging vulnerabilities in 5G networks, cloud infrastructure, Edge applications, and firmwares to consider.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2023-03-27
In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an attacker could use URL decoding to retrieve system files, credentials, and bypass authentication resulting in privilege escalation.
PUBLISHED: 2023-03-27
In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an attacker could use Lua scripts, which could allow an attacker to remotely execute arbitrary code.
PUBLISHED: 2023-03-27
Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contains an improper access control vulnerability in which an attacker can use the Device-Gateway service and bypass authorization, which could result in privilege escalation.
PUBLISHED: 2023-03-27
Delta Electronics InfraSuite Device Master versions prior to 1.0.5 are affected by a deserialization vulnerability targeting the Device-DataCollect service, which could allow deserialization of requests prior to authentication, resulting in remote code execution.
PUBLISHED: 2023-03-27
Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.4.0.