top of page

Navigating the Storm: Effective Communication During a Cyberattack

a stormy scene, with lightening and circuitry

Cyber risks are a harsh reality of doing business. Whether caused through malicious intent or through an innocent employee's actions, these risks have the potential to significantly impact your business.

Whilst effective preventative and detective security controls are essential, a well-defined communication plan will make a world of difference in mitigating damage during and after a cyberattack.

Effective communication during a cyberattack ensures transparency with internal and external stakeholders, minimise panic, and could be the difference between your company appearing in the news for a day and being headline news for weeks/months to come.



There are a variety of audiences that need to be considered when developing your communications plan. The audiences may include:

  • Internal Stakeholders: Security incidents are not like IT outages, and should not be broadcast to the whole organisation. However, ensuring relevant employees remain informed builds trust and promotes cooperation during the incident.

  • External Stakeholders: This group will include investors, partners, and customers, amongst others. Ensuring these stakeholders are kept informed will demonstrate responsible leadership and help to minimise reputational damage

  • Regulators: Any incident involving personal data will trigger mandatory reporting requirements. Depending on your industry, there may be other regulations with mandatory reporting requirements. These mandatory reporting requirements will carry fines or sanctions, should you not meet them

  • Law Enforcement Authorities: Engaging with law enforcement and relevant authorities can help your incident response, through shared intelligence and capabilities

Communication Plan Structure: A Roadmap for Response

The following a structured approach will ensure the development and operation of an effective communications plan:

  1. Communication Teams: Identify teams responsible for drafting communications, and those responsible for delivering them, and align this with the identified audiences (staff, customers, media, etc.)

  2. Communication Channels: One size does not fit all, so you will need to identify the right communication channels for each audience. Consider whether this should be internal emails, a website, press releases, social media updates, or town halls

  3. Communication Templates:  Define and maintain approved templates for various scenarios. This will ensure communications are effective during a cyberattack. No-one has time to draft these on the fly during an incident

  4. Communication Triggers: Determine the severity levels of an attack that trigger specific communication protocols. For instance, a minor data breach might only require internal communication, whilst a large-scale attack will likely necessitate informing regulators and customers - see below

  5. Post-Incident Review and Lessons Learned:  Debrief and improve your communication plan based on lessons learned from the incident. Nothing is ever perfect, but the plan has to be effective. Identify what worked well and what needs revision.

Communication Triggers: Examples

  • Low-Level Attack: Phishing attempt, malware infection on a single device

    • Communication: Internal notification to IT and potentially affected teams

  • Mid-Level Attack: Data breach affecting a limited number of records

    • Communication: Internal notification, communication with affected individuals, potential regulatory notification

  • High-Level Attack: Major data breach, disruption of critical systems

    • Communication: Internal notification, communication with all stakeholders (customers, media, investors), regulatory notification, potential law enforcement involvement

Effective Communication During a Cyberattack

Remember: Transparency and timeliness are key. Clear communication will foster trust and support collaboration. Having a well-defined communication plan in place, that is practiced and updated, will minimise any disruption caused by a cyberattack and position your teams for a more successful recovery.


Commenting has been turned off.
bottom of page