By Ben Overlander
Communicating around cyber incidents can fill even the most seasoned of communications professionals with fear. According to recent research by Regester Larkin, almost half of communications teams feel unprepared to communicate about them. A good communications response to a cyber incident is critical to protecting reputation and minimising subsequent commercial impacts such as a loss of customers or intellectual data.
Regester Larkin director, Ben Overlander, shares 10 steps to help organisations prepare to communicate confidently about cyber incidents.
1.Understand what data your organisation holds and identify the legal,
regulatory, operational and reputational risks a breach would cause.
2. Identify which regulators you would need to communicate with in a cyber
incident. Develop relationships with them in peacetime.
3. Develop draft materials for how you would communicate detailed technical
information to non-technical audiences.
4. Map the key stakeholders you would need to communicate with and the
most suitable channels. Consider the implications of an IT outage.
5. Media train potential spokespeople specifically against cyber incidents.
Ensure they can speak confidently about cyber issues.
6. Engage senior leaders and agree how your organisation would approach
the difficult challenges around a cyber incident:
- Would we proactively communicate?
- How would we respond to a ransom attempt?
- Do we apologise if it’s not our fault?
7. Write a list of questions you would need to ask your IT colleagues in a
8. Develop a cyber playbook or toolkit documenting all of the above.
9. Engage with your IT colleagues so they are familiar with your plans.
10. Rehearse the communications response to a cyber incident through a