An organisation’s response to a Cyber incident impacts reputation, customer and stakeholder confidence and even financial survival.
Today organisations and individuals are being exposed to more Cyber Threats than ever before. This has been compounded by the increase in digitisation, working in a hybrid environment, the challenging geo-political landscape, and exponential growth in cyber crime. It is estimated that cyber crime results in a $2.9 million loss every minute.[1]
These threats exploit vulnerabilities, not only in systems but also via people, through methods such as social engineering with opportunistic and targeted phishing attacks. The results can be devastating.
Faced with a heightened threat environment, now more than ever, organisations need leverage a robust communications capability that supports a proactive stance in mitigating risks associated with any disruption to operations. Implementing a well-structured and rehearsed incident response plan will optimise the recovery of business-critical functions, mitigate data loss and ensure continued operations during a crisis, as well as protecting customer confidence, brand and reputation.
PR and Comms professionals should be an integral part of the Cyber Response Team and involved in the preparation, duration and aftermath of a Cyber incident. This includes supporting timely and appropriate ‘lines to take’ and communication channels to the public, internal and external stakeholders, as well as providing support to nominated Board members trained to deal with the media. Some useful tips include:
- Having appropriate and timely communications that are identified in the organisation’s Incident Response Plan (and Playbook) and rehearsed regularly;
- Proactively managing your internal and external profile and messaging with clear and aligned communication – which is informative rather than defensive;
- Working collaboratively with the Cyber Response Team and providing regular, updated communications;
- Ensuring all communication channels are considered, including social media, and that these are appropriate as you reach out to different stakeholders such as employees, investors, regulators, customers and suppliers;
- Checking that there is appropriate media training and coaching for PR and Comms professionals and key Senior Board members who will be engaging with the media;
- Considering communication approaches post-incident to demonstrate confidence that the organisation is open to implementing lessons learnt and mitigating future risks.
It is essential therefore, that PR and Comms professionals continue to build their own Cyber knowledge and capability and are seen to provide sound, credible and timely advice. It is also important that they are able to use their communication skills within the organisation to engage others in delivering key messaging to foster a positive Cyber Security approach and to provide critical support during a crisis.
For further information about Cyber Security training, please email souha.khairallah@prca.org.uk.