11 Sep Cyber crisis communications – are you prepared?
By Nichole Culverwell ACIPR
It is widely agreed that the nature of cyber security threats is changing so quickly that it is becoming harder for organisations to defend themselves against some kind of attack.
So rather than ‘if’, businesses should now think in terms of ‘when’ an attack might happen and plan accordingly.
Cyber security breaches can cost an organisation in terms of loss of productivity or information, time and data, but the loss of consumer or shareholder confidence and the long-term impact on your organisation’s reputation could be the greatest cost of all.
However, there are steps that any organisation can take to communicate well during a crisis, reduce the potential reputational fallout and recover more quickly.
Fail to plan, and you will plan to fail
Communications plans and crisis management processes must be prepared and kept up to date to help minimise reputational damage and help to ensure efficient communication should the worst happen. Being prepared will save time and money.
The nuances of managing a crisis vary tremendously but broadly, in the instance of a data breach, the organisation will need to communicate with customers and suppliers whose personal data has been compromised. Stakeholders need to be kept informed. The business will need to reassure and advise these audiences, acting quickly and in an appropriate manner.
Ransomware or malware attacks might result in a halt in business operations where it becomes necessary to communicate the problem to customers, intermediaries, regulators etc.
In all situations, the organisation will need to communicate what it is doing to prevent a similar incident in the future and once the immediate issue has been tackled it will need to repair the reputational damage.
If the company is regulated it will come under even more scrutiny and may face fines or worse. TalkTalk was given a £400,000 fine after the Information Commissioner’s Office found the telecoms company failed to implement sufficient cyber security measures. The company is still recovering from the 2015 hacks and in May warned of falling profits.
Reputation is your greatest asset
Public relations professionals are the guardian of your business’s reputation and consequently must be involved in your cyber security plans. Reputational damage is one of the ‘slow burn’ costs of a cyber attack, particularly if communication to those affected is poor.
The need for speed
When facing any crisis you need to act fast, or the void you leave will be filled with rumour, conjecture and misrepresentation.
Social media and user-generated content have changed the way news breaks and the way the news cycle plays out. Don’t dismiss print media as tomorrow’s chip paper; almost all also have a web presence and remember: online is forever.
Local news becomes global news very quickly in multi-jurisdictional organisations and this must also be considered when planning crisis response plans.
Cyber crisis communications planning
Any kind of security breach will put a business on the back foot, but the right preparation in case things do go wrong gives you the best chance of getting back on track quickly and with minimum fuss. It also frees up time to get on with the main job in hand – plugging the breach and getting back to full operations.
Identifying the possible threats your organisation might face is the first stage in preparing to manage those threats. Anticipate potential issues, brainstorm the ‘what if’ and any areas of the business that a cyber breach might impact.
Select an issues management team (IMT) based on the skills and authority required to carry out the work. Ensure the IMT is actively engaged in creating the issues management plan.
Identify stakeholder groups, how they are best reached and by whom then identify and agree on processes to respond to the different potential issues.
Plan responses and prepare for scenarios with the right tools, materials and, if required, training.
How we can help
Successful crisis and stakeholder management will help to reduce the impact a cyber security attack might have on reputation. Reputation is a powerful intangible asset for any corporation. It has a measurable impact on a business’s bottom line. If a business is not in the right position to respond well to issues, it will be more vulnerable to reputational damage.
Black Vanilla can work with your organisation to create your cyber security crisis response plan. Typically this starts with a briefing meeting to discuss the types of threat the organisation might face and the personnel who will be part of the issues management team.
Black Vanilla will then facilitate a crisis planning workshop which typically takes place over a half or a full day. Stakeholder and audience mapping, message development and response plans are devised and we start to work on draft statements.
After the workshop, the materials and plans are fine tuned by the Black Vanilla team before being signed off by senior management or the board.
Black Vanilla recommends a six-monthly review meeting to ensure the plans are up to date.
Remember, you can’t respond well unless you are prepared and equipped appropriately. Read more here. BV Cyber Crisis Communications. If you would like to talk to Black Vanilla about cyber crisis communications planning please contact Nichole@black-vanilla.gg.