Managing crisis communication after a cyberattack

What is crisis communication?

Crisis communication refers to all the means of communication a company can use to address an issue that affects its organization and its reputation. A crisis is a situation where the organization of the company is likely to be thrown off balance, disrupting its processes and operating environment in the process.

‍

Crisis communication mainly aims to limit the negative impact of a crisis on a brand and its products. In the event of a crisis, disaster prevention efforts, crisis responsiveness, and short-term decision-making are required. You can manage communication effectively and bypass potential controversies thanks to successful crisis communication planning.

‍

Crisis communication should also be part of a company’s fundamental communication strategy, as it impacts all communication channels, from internal and external communication, public and press relations, and social media.

‍

Furthermore, crisis communication is an integral part of crisis management, so it also calls for continuous consultation with general management and members of the crisis unit.

‍

There are two commonly recognized components of crisis communication:

• Communication on crisis management, which consists of warning stakeholders and coordinating repair operations by giving effective instructions.
• Communication on how the crisis is dealt with, which helps protect the company's reputation.

‍

Why communicate in the event of a crisis?

Crisis communication is a central part of crisis resolution. Without an appropriate crisis response, employees and other stakeholders are left to interpret the situation in their own way, encouraging the crisis to grow and develop to the point of threatening the organization’s survival. A company going through a crisis due to a cyberattack therefore has a duty to go public with its side of the story and reassure its audiences.

‍

The main objective of crisis communication is to allay concerns and protect the image of the company. Be careful, however, not to communicate for the sake of communicating – your crisis communication must convey your genuine intention to provide durable solutions to current malfunctions.

What is the context for crisis communication after a cyberattack?

The general public is increasingly aware of the risks associated with digital security and cybercrime, and a company that realizes how sensitive its audience is to these issues is more likely to communicate successfully.

‍

Since 2016, the implementation of the General Data Protection Regulation (GDPR) also demands communication in the event of a confirmed cyber risk. To be thorough, articles 33 and 34 of this regulation stipulate that organizations should provide “detailed information to the supervisory authorities within 72 hours of detecting the problem, and as soon as possible to each natural person concerned if there is a high risk of infringement of their rights”. (Source: CNIL, In the event of personal data breach)

‍

This is why the IT department, in collaboration with the communication department, must prepare crisis communication strategies, depending on the type of cyberattacks or system failures involved. In 2022, the most recurring cyber crimes targeting companies are:

• ransomware attacks;
• scams based on identity theft;
• personal data breaches;
• theft of passwords or user names;
• DDoS (Distributed-Denial-Of-Service) attacks, which take online services down.

The trick to surviving a crisis situation is to know how to appropriately time your communication. Sharing information with the public too early can negatively impact customer, shareholder, and stakeholder behavior. Communicating too late, on the other hand, can deal a fatal blow to a company's reputation and financial stock.