Why companies need to be prepared for a cyber-security crises now more than ever

It’s no doubt the rapid migration to digital technologies that took place at the height of the pandemic accelerated the rate of cyber-attacks exponentially.

Optus and Medibank are the latest big companies to have the personal data of millions of their customers hacked.

As the risk of falling victim to these breaches continues to grow, it is crucial for companies to have strong plans in place to communicate with key stakeholders in the event of an attack.

The latest Annual Cyber Threat report released by the Australian Cyber Security Centre shows attacks on critical infrastructure, supply chains and businesses are occurring every seven minutes.

According to the report, in 2021-22, 76,000 cybercrimes were reported in Australia, which is a 13 per cent increase on the previous year.  Of these, 29 per cent came from Queensland alone.

Data is also showing 43 per cent of cyber-attacks tend to target small to medium businesses – particularly in the education, healthcare and government sectors.

These statistics highlight it is crucial for companies to be prepared and to ensure they have comprehensive cyber-attack response procedures in place.

The importance of communications for cyber-attack responses

As companies are hit with data breaches, many fail to respond to speculation and commentary surrounding them quickly enough – or respond with “no comment”.

As history has shown, this can be detrimental to their reputations, impacting client and customer acquisition and relationships with key stakeholders.

Organisations experience a range of negative outcomes during and after a cyber breach, which can be exacerbated by poor stakeholder communication, including:

  • erosion of trust
  • potential loss of intellectual property
  • reputation damage
  • loss of customers/clients
  • significant inconvenience or harm to stakeholders
  • lower market value
  • increase in stakeholder complaints
  • increased scrutiny (regulators, government)
  • potential litigation and compensation payments.

Preparing for these incidents through strong crisis communication strategies can help manage these issues and risks.

Based on our extensive history in developing crisis communication frameworks for clients across a range of industries, we have outlined three principles to improve cyber-attack messaging:

Three principles to help optimise your cyber-attack messaging

1. Use of leaders or subject matter experts

The nature of cyber-attacks is highly dynamic and increasingly complex.

When disclosing a cyber-attack incident, it is important for companies to state the situation in a way that is both factual and empathetic covering:

  • what happened
  • how it affects key stakeholders such as customers and partners
  • the steps you are taking to protect stakeholders going forward.

It is important, at this point, to be both factual and empathetic, using clear, jargon-free messages to show your support for the stakeholders and your willingness to find a solution.

Put yourselves in the shoes of the affected stakeholder and use phases such as, “we are deeply sorry this happened”; “we understand the gravity of this situation”; “we recognise the significant concern this has caused”; “we are conducting a review to ensure this never happens again”; “we will continue to keep you informed once we know more”.

The involvement and support of subject matter experts is highly encouraged to ensure response messaging for these procedures stays accurate and specific.

2. Stay ahead of the terminology and knowledge divide

As a minimum, every person involved in the response to a cybersecurity incident requires a basic understanding of IT security.

Companies should work towards building a cyber-aware corporate culture. Not only will this increase the efficiency of incident response, but it will also contribute towards its prevention.

In order to do so, companies are encouraged to regularly educate and test employees, establish cyber-security as a holistic responsibility through continual reminders and training and implement and test breach response plans.

3. Keep abreast of cyber security trends

Cyber-attack methods are perpetually evolving in response to regularly updated security systems and procedures. Consequently, the preferred forms of data breaches are constantly changing, making them highly unpredictable.

To ensure companies are prepared, leaders must be educated on the various forms of attack, and they must regularly stay on top of those most currently prevalent.

In cooperation with our global partnership, Worldcom Public Relations Group, we provide regular insights relevant to the most prevalent global trends and developments – including cyber-related issues.

Contact us

We can train your spokes people be prepared and confident to handle a crisis. For comprehensive media and crisis training, please contact Stephanie Paul.

Related reading

6 tips for surviving your next virtual media interview