This month’s webinar featured a discussion of crisis communication processes related to cybersecurity or cyber events.
STG Principal Consultant Mike Skinner and Wilson Public Relations Founder + Chief PR Officer Beth Wilson, discussed how companies can communicate effectively with their employees, clients, and other business partners in the midst of a cyber event.
Haven’t watched this month’s webinar yet? Here’s an overview.
What is a Cybersecurity Crisis?
There are many ways a company can be affected by a cyber event. One of the most well-known is the exposure of sensitive information. This could be from a data breach, a ransomware attack that ends with encrypted data being held hostage, or a breach or DDOS attack that floods web and file servers with traffic to the point where they cannot be used. So, what do you do if you are in the midst of a cybersecurity crisis?
Rules of (Crisis) Engagement
When dealing with a crisis, cybersecurity or otherwise, it all boils down to communication. It’s essential to understand what is going on, have all the facts in place, and communicate both internally and externally. Your response needs to be multi-phased, beginning, middle, and end. Updates should be consistent and the audience for these should be discerned – who should know what and when should they be notified? Although there is no true “end” to communication, there is always a lesson to be learned from a crisis.
Becoming the Reassurer-in-Chief
When a cybersecurity crisis is at play, whoever is the primary communicator of the company takes responsibility for becoming the “reassurer-in-chief.” This means you’re required to engage with and reassure your partners that you are doing what you can to regain security. Even if the situation evolves, it’s critical to be transparent. The main concern is to fully understand what has happened, what data is at risk, develop a plan for mitigation, and communicate all of this information.
Different Stakeholders, Different Messages
Internal and external stakeholders will have different messages delivered to them. You want to be prepared for potential questions that audiences may have. For example: Has confidential information been exposed or compromised? If so, what are the consequences? Have there been losses of data or dollars? What steps were taken immediately after the breach was discovered? And what is being done to prevent this from happening again?
Final Takeaways:
Planning communications for a cybersecurity crisis is rarely thought about. But it can be helpful for your team to be well-versed in the plan in place and keep it regularly updated. Having a guidebook can mitigate anxiety and chaos in the midst of an event.
Check out the full webinar here!