Managing a Hack: A communicator’s guide to cyberattack response

Type: Features|February 2016
By Sandra Fathi
3 February 2016
Credit: sifotography / 123RF Stock Photo

Data breaches and other forms of cyberattacks have become far too common—it seems like every day another organization is reporting a hack or leak of critical information. In fact, according to a report from the Identity Theft Resource Center, there were 781 tracked breaches in 2015 in the U.S. alone. And no industry, including government entities, financial institutions, security companies and retailers, is safe. It’s no longer a matter of “if” but “when” your organization will experience a data breach. In addition to the material damage and potential revenue impact, companies also face the long-term effects of a poor reputation for dealing with this type of crisis.

Public relations professionals must be prepared to protect their companies’ reputations and to build back customer trust. Here are four recommendations to help guide you in protecting your brand’s reputation in the event of a security breach.

1. Establish a bulletproof response plan

Having a cyberattack plan as part of your organization’s crisis management strategy is non-negotiable in the digital age. Companies can get ahead of a crisis by leveraging social media to defuse damaging situations. In order to prepare, be sure to anticipate and understand the kinds of threats that could affect your business and your industry. Common threats include malicious attacks (e.g. malware, distributed denial-of-service  attacks and cyber extortion), technology system glitches and even human error. You can find a comprehensive list of breach types here.

There are four phases of crisis communication: readiness, response, reassurance and recovery. In order to properly respond to a crisis, each stage must be ready to go at a moment’s notice. Develop materials such as messages and prepared statements, prepare delivery channels like hotlines and social media platforms and train employees regarding awareness and organizational procedures.

2. Your customer is critical

Being honest and transparent with customers is arguably the most important step in maintaining a brand’s image amid a breach—especially if their personal information is at risk. In the U.S., 47 states have Security Breach Notification Laws that govern communication with customers in the face of a security breach, including the timeline for those communications. In the European Union, it’s critical to be aware of the General Data Protection Regulation (GDPR). If time elapses before official notifications are sent, you could be facing fines as well as a backlash from customers and the media.

In the wake of a data breach, urgency, empathy and transparency are absolutely crucial. Not being up front with customers can result in a loss of confidence in the brand that can not only negatively affect the company’s reputation, but could also impede recovery from the crisis.

3. Monitor conversations: The good, the bad and the ugly

In the wake of a breach, it’s crucial for companies to be on alert for both positive and negative online engagements. While positive engagements boost respect for a brand respect, companies must always monitor for negative interactions in real time and be even more vigilant during a security breach, as customers will turn to social media to respond to situations, regardless of their allegiance to the brand. Create a Social Media Response Map that outlines anticipated situations and correlated standard responses to avoid any last minute shuffle.

Don’t be intimidated by furious customers posting negative comments; they may need some extra attention. At your discretion, consider using a private forum to contact upset customers directly to resolve their problems and take negative conversations offline.

Learn more about crisis planning and monitoring, including cyberattack response, in this SlideShare presentation.

4. It’s only a mistake the first time

For brands, it is especially important to not make the same mistakes twice. Just like in your personal life, people may or may not forgive a first offense, so a second infraction is even harder to rebound from. Companies must carefully document and analyze each breach to identify how it happened, why it happened and how to prevent recurrence. Changes such as switching security vendors, deploying new software, re-training staff and amending company policies (such as employee access and permissions, vendor approval requirements and data transfer logistics) may be necessary. It is also important to communicate these changes to customers and to the public to reassure them that a similar breach will not happen again.

Communication professionals typically don’t have control over the systems and processes that keep their company’s data secure. What they can control, however, is having a robust and detailed crisis plan to help ensure that their company’s reputation is protected, customer relationships are in good health and revenue isn’t negatively impacted after a breach.

Sandra Fathi

Sandra Fathi is president and founder of Affect, a public relations and social media firm specializing in technology, healthcare and professional services. Sandra is an expert on crisis communication and is a sought-after speaker and writer on the topic. She is currently on the board of PRSA-NY and the PR Council. She can be reached at or on Twitter at @sandrafathi.

Post a Comment

Your email address will not be published. Required fields are marked *