This is part of an ongoing series from our Issues Response Team on insights and best practices for how to navigate sensitive situations and crises.
Even companies with the best-laid plans and technology investments may fall victim to a cyberattack.
Communications plays a critical role in how a company comes out on the other side of a cyberattack. The actions a company takes in this scenario – how swiftly, frequently and honestly you communicate – can either build or erode trust.
So what actions can you take to ensure your company is prepared?
“Communications plays a critical role in how a company comes out on the other side of a cyberattack. The actions a company takes in this scenario – how swiftly, frequently and honestly you communicate – can either build or erode trust.”
Have your crisis plan in place BEFORE a crisis hits. Best case scenario, you never have to touch the plan. Worst case scenario, you have to use it, and you don’t have to scramble to put it into place in the midst of the crisis when you will be expected to move quickly.
Key components to your crisis plan:
Going through the exercise of preparing holding statements can help your company define how you would speak in these scenarios (tone, etc.) and also help prepare you for questions you may be asked. For example:
The purpose of the call should be to get a brief on the cyberattack: What’s the level of impact? Who was impacted? Is it contained? If not, when do you expect it to be contained?
Discuss your key messages for your customer communication and holding statement. While your tone may change for your audiences (customers versus media), your messages should remain consistent. Be aware that anything shared internally or externally, could be “leaked” on social channels or to the press. So don’t share something that you’re not willing to share publicly.
“Be aware that anything shared internally or externally, could be “leaked” on social channels or to the press. So don’t share something that you’re not willing to share publicly.”
Other actions to be taken on this call:
Remember the key elements to your holding statement:
Suggested Read: Issues Response Framework: Guiding Your Internal and External Communications
While you may not need to use these, outlining questions you may receive from customers and the media allows you to be prepared with responses. You may also want to consider support materials (e.g. your privacy policy or past blog posts on how you manage data) to point to published materials on how you handle data. If appropriate, you may also choose to share these FAQs internally; for example, with your sales and customer care team, to be prepared to answer customer questions.
While customer communication is typically the first order of business during a cyberattack, you also need to have an agreed-upon media strategy. Will you proactively or reactively share your holding statement? Where will media inquiries be funneled and who is the spokesperson?
In a Level 1 crisis, a proactive strategy may be in order (getting out in front of the inquiries). In other levels of crises, it may be just responding with the holding statement that has been prepared. We typically do not recommend media interviews while in the midst of the crisis. A holding statement that is updated as needed is the right response, as getting the cyberattack resolved is the primary focus. For Level 1 crises, you may also appoint a place on your site (for example, your blog) where you update your holding statement with a date/time stamp. This is where you can point press to for consistent updates on the crisis.
“We typically do not recommend media interviews while in the midst of the crisis. A holding statement that is updated as needed is the right response, as getting the cyberattack resolved is the primary focus.”
Whether it’s your sales team, customer care team or your internal staff, make sure your team knows who to funnel inquiries to and who the appropriate person is to address the questions.
This step is critically important, as tuning into key channels – customer care team inquiries, internal team questions, activity on your social channels, media inquiries and/or coverage of the cyberattack – will play a role in your evolving strategy.
In the scenario where you’re getting more inquiries and the cyberattack is gaining more public visibility, it can turn your Level 2 crisis into a Level 1 crisis. Set up a cadence for reporting out regularly on this listening and monitoring (even if it’s to say there are no updates!). If your social media channels are heating up with inquiries, you may consider posting your holding statement somewhere on your site (homepage or blog) and pointing all social media inquiries to that holding statement.
Suggested Reading: Issues Response: Mitigating a Sticky Social Situation
As a crisis evolves, so does the level of response. While an agreed upon “reactive” strategy might have been in place, an ongoing attack may require a shift to a “proactive” response. There is no hard and fast rule for when this shift happens, so you need to be prepared to be agile and fluid. Customer inquiries, media inquiries or activity on your social channels can quickly move a reactive strategy into a more aggressive proactive strategy.
While the cyberattack can be difficult to navigate, there are opportunities to turn a negative into a positive. In fact, your key learnings just might be the start of your next thought leadership platform.
Stay tuned for our next IRT blog on best practices for handling internal comms when working through crises and issues.