Why a cyber attack crisis requires a different comms response

Data breach

Purple 26 Aug 2021
2 mins

Most crises centre around a distinct or discrete event. An accident. A fatality. A failure of critical infrastructure.

And although the details of the issue may not be immediately apparent, there is usually clarity around what has happened, or at least, the immediate impact of what has happened.

In most cases then, managing a crisis, particularly the communications aspect, centres on what has happened, what is known, what happens next. It is stressful, and it can put severe pressure on teams, but usually the interest and engagement about the issue tends to die down after a day or two.

There’s reputation rebuilding, and engagement to be done, and ultimately there’s probably another peak of interest when the report into the issue is published, or blame is apportioned, but broadly speaking, these incidents are reasonably discrete, separate and distinct.

When it comes to a cyber or data incident however, it can be very different indeed.

It’s not clear-cut

The nature of these events is that quite often, very little is known about the situation. It’s rarely immediately clear what has happened. Some cyber incidents may have been going on for months, or years, and by their nature, unpicking the details takes time. The impact of something like ransomware might be immediate (a company is unable to operate), but often the outcomes are more insidious.

Imagine a customer or client tells you that they think you’ve been hacked because they’ve been sent some suspicious emails from you. The process to uncover what has happened (if anything at all), when and how it happened, how long it’s been going on for, and the wider implications of the potential breach, can’t happen overnight.

Six tips to managing a cyberattack

  • Acknowledge a potential issue
  • Acknowledge an actual issue
  • Provide advice to stakeholders regarding the implications of the issue
  • Provide secondary advice to a wider group of stakeholders as more information is revealed regarding who is impacted
  • Announce the initial findings of your investigation
  • Update the initial findings as more information becomes available

In this scenario, there are multiple phases to the discovery process, and thus, a similar number of communication activities.

Traditionally, public relations advice would be to go to market once with an announcement, and include all the information you have in that activity. But in cyber cases like this, which reveal themselves bit by bit, the perception can be that an organisation doesn’t know what it’s doing because it keeps having to go to market to say new things.

This can be mitigated to some extent through some decent planning, but I believe that organisations that suffer a cyber or data breach have as much to lose through the negative perception of their brand as they do from the cyber-induced loss of operations.

Not if, but when

I can say from experience that cyber attacks and data breaches are vastly different beasts to your “standard” business crisis. In many cases, the spotlight (including media interest) doesn’t just fade away after a couple of days or a week. It’s not uncommon for thousands of new affected parties to start appearing weeks after an incident was first brought to light and for businesses to still be taking steps to address the situation many months down the track. 

The duration and uncertainty of the crisis only multiplies the importance of good communications planning. 

There’s an important message in that for every business. 


Purple Director of  Design and  Digital , Jamie Wilkinson is an expert in proactively preparing communications strategies to respond to data breaches and managing communications during a data breach crisis. Email  Jamie.