How to Prepare for a Cyber Breach and What to Do if it Happens: A Comms Perspective

By: Olivia Gerling

In this day and age, it’s fairly common that your company may fall victim to some sort of cybersecurity breach. That’s why it’s imperative that you know what to do in this scenario! If you don’t, you may be facing negative consequences.

Public Appearance

No matter what industry you’re a part of your public appearance is key to your success. Just a week ago, we saw what happened when sports journalist Buster Olney’s Twitter/X account – an account with 1.3 million followers! – got hacked. The trusted baseball journalist’s account shared tweets such as “I Hate METS” and that Ohtani was banned from the MLB for life due to gambling. Luckily, people figured out pretty quickly that it was a hack job. But what if they hadn’t?

Olney’s reputation could have been majorly damaged – he could have lost followers, been fired, and lost credibility! That’s why you always need to have a plan for when, not if a cyber breach happens.

Preparing Ahead of Time

Whether it’s the weekend, a weekday, or the evening… your company needs to be prepared for a cybersecurity breach before it happens. Though it’s impossible to know what the future holds, having even the most basic plan in place can help your team navigate the treacherous waters of crisis response. Consider the following tips:

  • Have a crisis response plan in place, including a specific crisis response team.
  • Make sure your crisis response team knows the protocols for escalating crisis response situations to management, as well as which managers need to be involved.
  • Understand how to report crises accurately and promptly as they happen.
  • Be prepared to have messaging that is consistent across all channels and platforms.

Before any messaging goes out, work with your crisis response team and your PR agency to identify stakeholders. You must know how to best reach out to these stakeholders, understand the level of technical details expected from the stakeholders, and be prepared to offer frequent updates. All this basic information should be understood before a breach even occurs.

After The Breach

If you company is breached, you need a plan of action. One of the most important aspects of keeping your reputation afloat is the timing of your response, and the messaging. Remember: communicate to your stakeholders clearly and effectively.

A vague, unclear post-breach message could give off the impression that you are not confident in your response, which means your stakeholders are likely to be unconfident in you. These vague responses are typically a result of not having an effective crisis communications plan – perhaps you expected to never have a cyber breach. Wrong! You should always be prepared.

Instead, you need to have a small team trained and ready with concise messaging if any sort of issue were to happen. Be consistent with your messaging and get the timing right. Do not wait until it is too late to share information with your stakeholders and consumers; alert them at the earliest possible time.

You also need to consider the legal ramifications of the breach. Did this breach impact your customers’ data? Tell them! But also, be direct. Share what happened and how you are going to fix it going forward. The speed, consistency, and overall message of your response is critical.

Our newsletter delivers Wonders & Blunders

Sign up for our weekly newsletter for the latest news, trends and financial advice in the fintech world.

"*" indicates required fields

woman holding cell phone with newsletter

Ready for results?
Let's connect.

Want to work with KCD PR? Receive a 15-minute no obligation consulting session.