How to manage communications in a crisis

In recent years, the cybersecurity landscape has been marked by a series of high-profile incidents that have made waves across industries and headlines alike. Data breaches, ransomware attacks, malware outbreaks, and botnet threats are no longer niche concerns but have become central to the conversation.

Take, for example, the 23andMe breach, where hackers accessed the personal data of 7 million individuals, or the massive Dell breach that exposed the information of 49 million customers. These are just a few examples that highlight how no organization—regardless of size or reputation—is immune to the growing threat of cybercriminals. Today’s attackers are more adept than ever, moving from basic disruption tactics to sophisticated network infiltrations that aim to steal, leak, or sell sensitive data.

The aftermath of these breaches can be devastating—both financially and in terms of reputation. However, there are steps companies can take to mitigate the damage before, during, and after an incident. While technical measures, such as advanced security technologies and employee training, play a critical role, the way a company communicates during a breach is equally vital. Clear, honest, and well-managed communication can make all the difference in how your company is perceived during and after a crisis. How your company responds to a cyberattack—not just in terms of the actions it takes, but the message it sends—can have lasting implications. Here are some essential guidelines for building an effective communication strategy during a breach:

1. Get Ahead of the Story

In today’s connected world, news spreads fast—and bad news spreads faster. A single tweet or social media post can quickly snowball into a full-blown crisis. That’s why it’s crucial to act swiftly when a breach is detected. As soon as your organization is aware of the breach, take immediate steps to inform your stakeholders. This includes customers, partners, regulators, and the media. The goal is to take control of the narrative by being the first to break the news. Use press releases, emails, social media, and other relevant channels to keep people updated on the situation.

2. Ensure Accuracy Alongside Speed

In a crisis, speed is essential—but so is accuracy. Your company’s response needs to be timely, but it must also be precise and clear. Having a well-prepared communication plan in place is key to striking this balance. Your messages should be consistent, authoritative, and reflect the seriousness of the situation. This doesn’t mean that the message won’t evolve as more information becomes available, but consistency in tone and content helps maintain trust.

To ensure a coordinated response, assemble a team made up of representatives from key departments: HR, legal, IT, public relations, and the CEO. This team will work together to strategize next steps. It’s important to designate a lead spokesperson—ideally someone with media training—who can serve as the face of the company throughout the crisis.

3. Be Deliberate with Your Messaging

Crafting your message with care is critical. While it’s impossible to predict exactly what will happen during a breach, having pre-drafted templates or guidelines tailored to different types of incidents can help your team respond quickly and thoughtfully. Every word counts. Your messages should be clear and concise, offering a genuine apology where necessary, while sticking to the facts about the breach. Make sure to outline what actions are being taken to resolve the issue and avoid overpromising or making guarantees that can’t be kept. It’s also important to give clear guidance to customer-facing employees about what they can and cannot say during this time.

4. Train and Test Your Plan

Finally, practice is essential. Regularly running through crisis communication simulations will help your team understand their specific roles and responsibilities. It also ensures that any potential weaknesses in your process are identified early on. Crisis plans should be dynamic, so ongoing evaluation and improvement are necessary. By building and refining your communication strategy now, you can be better prepared when disaster strikes. Remember, the trust you’ve built with customers and partners over the years can erode in a matter of days if you’re not careful in your response.

In conclusion, while the technical side of cybersecurity is undoubtedly important, how your company communicates during a breach can have far-reaching consequences. By acting quickly, accurately, and with intention, you can minimize damage to your organization’s reputation and restore confidence among stakeholders.

This guide is a part of our ongoing ‘How to Guide’ series. To read more, please click here.