Help, I’ve been hacked! Cybersecurity crisis communications 101. 

Written By Publik Agency

The outage of cybersecurity platform CrowdStrike in July 2024 – where one faulty software deployment caused millions of Windows computers around the world to display the dreaded blue screen of death – showed how vulnerable businesses are to technological disruptions. Flights were grounded; online banking was inaccessible; and emergency call centres couldn’t respond. 

When so much of business now happens online, you and your people depend on knowing systems are secure. 

But, as in the case of CrowdStrike, there’s always elements beyond your control. A third-party's system might go down, impacting you until they fix it. You could be subject to a DDoS (distributed denial-of-service) attack that crashes your website, or a ransomware/malware attack, where malicious groups actually hack into your systems.  

We saw good and bad examples of crisis communications in the early days of the pandemic. Clearly and empathetically conveying to your staff, your stakeholders and the public about what is happening and what you are doing to resolve the issue is essential.  

With a cybersecurity incident, your communications are especially important as people need to know what it means to them. Has their privacy has been breached? Or has their personal information (data) been stolen and is it being held for a ransom (ransomware)?  

You may also need to report a breach or hack to CERT NZ, the Privacy Commisioner or the Police. 

Of course, the hope is these things never happen. But being prepared and managing a crisis well, especially in the age of social media, is crucial for successful business continuity.  

And being prepared – the readiness phase of a crisis communications plan and toolkit – can prevent or lessen the impact of a cybersecurity incident.  

Bring your communications manager, your PR agency, into the loop before something happens. 

Preparation, preparation, preparation 

The first part of any crisis communications plan is readiness. For a cybersecurity incident, that means: 

  • Training and testing all your staff to recognise and report suspicious activity or phishing scams – to reduce human error. 

  • Knowing who has access to all of your systems and that all 2FA (two-factor authentication) is set up and tested. 

  • Having an incident response team you can activate, including someone who will step up to manage communications – and who their backup is! 

  • Having a crisis communications plan and toolkit prepared for the top risks in your organisation’s risk matrix or radar.  

  • Setting up physical and secure backups of all your systems and data, in case you lose access to your servers. 

Mid-crisis, your communications need to strike the right tone.  

You will need to let your stakeholders and the public know what you are doing about it, but you can’t speculate or overpromise. When transparency is expected or requested, you might need to explain why you can’t say too much in the public arena (eg, in media) while the emergency response is underway and your IT team and experts are trying to shut an attack down, restore and recover systems.  

Keeping good records about what’s happened and the steps taken to solve the issue is essential for debriefing after – and to know what you need to do to improve.  

And then after the situation is resolved and your investigation is complete, you still have to let your staff, stakeholders and the public know what happened, what you did and what support you are offering. A genuine and heartfelt apology is often key.  

How Publik can help 

These are just the very basics of what you need to consider when planning for a cybersecurity crisis. 

Here at Publik, we can help you develop a communications plan and toolkit for any and all crises, so you can feel confident in your preparations and responses.  

Publik Agency
Previous

Publik use of AI
Next

Publik-supported project a winner in 2023 EMPA Awards.