Organisations face a constant barrage of security threats, with cyber attacks posing a significant risk to operations, finances, and reputation.

In the aftermath of a cyber attack, effective crisis communications is crucial to minimise damage and restore trust.

Crisis comms refers to the strategic distribution of information during a critical event, such as a cyber attack, that threatens an organisation’s stability or reputation. PR professionals play a vital role in managing crisis comms, crafting clear, consistent, and empathetic messages to various groups involved.

To establish strong crisis comms after a cyber attack, follow these five tips:

Assess the situation:

It’s crucial to understand the nature and scope of the attack. Collaborate with cybersecurity experts to assess the impact on data, systems, and individuals. This information helps tailor the communication strategy and identify affected parties.

Swift internal communication:

It’s essential to act quickly through your dedicated crisis comms team. This team should include representatives from PR, legal, IT, and other relevant departments. Internal communication is paramount. Inform employees about the situation, actions taken, and next steps. This transparency fosters trust and minimises panic.

Control the narrative:

Once you have a clear understanding of the situation, acknowledge the attack publicly in a timely manner. Be transparent about the nature of the attack, while avoiding making claims you cannot substantiate.

Do not throw shade:

Acknowledge and empathise with the concerns of all stakeholders, including customers, employees, and partners. Jumping to blame a third-party vendor or individual to distract and take attention away from your company looks insensitive, disingenuous and suspect. It makes you look suspicious, especially if it’s later found to not be true. Focus instead on your commitment to mitigating the damage and taking responsibility for resolving the situation.

Consistency is key:

Ensure all communication channels, including media releases, social media, and the company website, deliver one unified message. Any employees talking about the issues externally need to be thoroughly briefed on the company response – going off-piste makes companies look unprepared, disorganised and potentially untrustworthy. Ideally, designate one spokesperson to speak to the press to ensure consistency.

The most important job for crisis comms in the wake of a cyber attack is to reassure customers, partners and potential clients. Trust takes years to build but seconds to lose, particularly if you respond badly.

Having strong relationships with journalists can help you control the narrative, you cannot assume a friendly journalist will be positive about a cyber attack – likely, the opposite. PR professionals act as a guiding hand but also a potential barrier, quickly identifying who is likely to listen to your statement versus who is looking for a clickbait story.

Crisis comms is not just about damage control. Good crisis comms helps organisations navigate a crisis, such as a cyber attack, minimising reputational damage and maintaining trust by demonstrating responsibility and resilience. Most organisations now accept a cyber attack will happen – how you prepare and respond can make the difference between surviving an attack or not.