Almost half of communication teams feel unprepared to communicate about cyber incidents, according to our latest research.
Our survey of 33 in-house communications professionals across Europe, Asia and the US found over 60 per cent of organisations interviewed do not have a cyber-specific communications plan or guidelines in place. This is despite over three quarters (77 per cent) having already been involved in one.
Regester Larkin director, Roberta Ramsden-Knowles said:
“As we’ve seen from numerous high-profile cyber incidents, a good communications response to a cyber incident is critical to protecting reputation and minimising subsequent commercial impacts such as a loss of customers or intellectual data.
“While communication professionals recognise scenario-specific plans are needed, producing them for all scenarios, whether data is lost, access is lost or there is a loss of confidence in the data’s integrity, for an internal or external threat, is challenging. Each scenario presents a different set of questions, risks and impacts on an organisation’s reputation”
The survey also found that communicating the complexity of cyber incidents is seen as one of the biggest challenges (58 per cent), and that scrutiny of how an organisation responds will increase over the next two years (82 per cent).
Roberta Ramsden-Knowles continued:
“Organisations need to be more prepared than ever to communicate about a cyber incident and relay very complex situations and technical information to customers and stakeholders quickly.
“The timing of your communication and notification to customers and regulators is critical. Deciding when to inform stakeholders is a tough decision, fraught with many variables, and we have seen many organisations accused of responding too slowly. A clear plan, or playbook, should help inform this decision as well identify critical external stakeholders.
“Equally as important is ensuring the communications team is aligned with the operational teams such as the cyber incident response team. Working together during business as usual, allocating time to scenario plan and understand the critical data the organisation holds, will help teams be better prepared in the event of a cyber attack.”
Roberta’s top five’ measures communication teams can take to prepare for cyber incidents are:
- Make sure cyber preparedness is on the agenda of senior executives within your organisation, ensuring executives feel confident and trained to communicate if necessary.
- Spend time working with the technical teams scenario planning, identifying the unique cyber challenges your organisation faces and developing strategies to manage or mitigate them.
- Develop a set of ‘fast facts’ including what data is held on customers, how the data is stored, and details of your organisations investment in cyber resilience.
- Develop a playbook to guide decisions depending on the cyber threat, for example internal vs external, DDoS vs data hack and regularly test the agreed response through crisis exercising, involving suppliers and partners where necessary.
- Should a cyber incident occur, undertake a post-crisis review to ensure lessons are learned, and ensure required actions are implemented.