Why cyber attacks need to be a core pillar of your crisis comms strategy

The services of all three retailers were affected to varying levels, and it fell to senior leadership, ably supported by their comms teams, to update customers and other stakeholders on how the attack impacted (and continue to impact in some cases) them, as well as the business as a whole.  

These are big businesses, with significant cyber security and communications operations, but all of them were disrupted to differing degrees by these attacks. This should be a wakeup call for businesses of all sizes – large-scale cyber attacks like these embolden other copycats, and also give the green light for smaller bad actors to target smaller operations.  

If you haven’t considered a cyber attack in your crisis communications plan, it’s time to, because this is a situation that a one-size-fits-all strategy won’t flex to accommodate. Cyber attacks bring unique threats and disruptions that you need an answer to, even if it’s the first time that you’re facing them.  

These events are unique in their ability to disrupt all of a business’s operations simultaneously, including the infrastructure that comms teams use to execute a crisis strategy. For example, you must have a plan B that involves setting up alternative lines of communication in the business when laptops become glorified doorstops.  

This doesn’t just go for the inner circle (comms, IT, C-suite, investors); you need a way to provide information and instructions to all employees on how to handle incoming requests from media and customers. Even if this advice is to keep shtum and direct journalists to official spokespeople, you still need a way to communicate that message. So, make it part of how you stress-test your crisis strategy – try to operate it without using all of your regular systems, and find suitable alternatives that all teams will still recognise as authentic.  

A cyber attack will also mean looking more closely at the statements you’re releasing to key stakeholders and the media, and adding in extra rounds of approval from external parties. It may be tempting to attempt to provide as much information as possible to stakeholders and customers, but offering false reassurance before the extent of the damage is clear can make the situation worse.  

Given the criminal nature of cyber attacks, you should also be working closely with local authorities to ensure that any statements you make to the media don’t prejudice ongoing investigations and align with their key messages and processes.  

A serious cyber attack will be a day you’ll never forget as a comms professional, and it’s one that you need to start preparing for now. Responding to this specific, growing threat needs to be a core pillar of your crisis comms strategy, because an off-the-shelf response simply won’t cut it, and leaves your brand at risk. 

We’ve created an AI-powered crisis simulator – The Crisis Lab – to help you uncover threats relevant to your business and test the resilience of your crisis communications strategy. 

Get in touch to give it a go: luke.mcdowell@tangerinecomms.com