At Evolve North, we’ve worked with organisations across the public and private sectors to navigate the challenges of cyber incidents, and one lesson stands out: a strong communications plan is the cornerstone of an effective response. Drawing on years of experience delivering Cyber Incident Tabletop Exercises and supporting clients during real-world crises, our Managing Director and cyber incident expert, Mark Dennis, shares his insights into why clear, proactive communication is critical to managing incidents successfully and avoiding organisational chaos.
Having seen many incidents unfold, I can say with confidence that the difference between a manageable event and a disaster often comes down to communication. Controlling the narrative quickly, decisively, and proactively is critical. Adopting a ‘go big, go early’ approach can change the outcome entirely.
Why is communication so important? It ensures the organisation can shape the narrative rather than being shaped by speculation or misinformation. In practical terms, it means transitioning from a reactive stance (responding to queries and firefighting) to a proactive approach where stakeholders, staff, and regulators are kept informed in a timely and transparent way.
Key Lessons in Communication
- Keep Staff in the Loop: It’s surprising how often organisations forget their staff. They’re on the frontline, dealing with customers and clients, and they’re often personally impacted by the incident. Informing them early is essential.
- Have Standardised Messages Ready: Pre-prepared responses for stakeholders and customers save time and reduce confusion. If possible, direct people to your website for updates, ensuring consistent messaging.
- Be Regular with Updates: Committing to provide updates, say every four hours, helps reduce inbound queries and builds confidence that the organisation is in control.
- Engage Regulators Early: Even if you don’t have all the facts yet, notifying regulators quickly demonstrates professionalism and accountability.
- Notify Insurers Promptly: If you have cyber insurance, informing your brokers immediately can ensure swift support and guidance.
Building a Resilient Communications Plan
An effective communications plan isn’t created in the heat of the moment; it needs to be prepared and tested well in advance. Mark emphasises the importance of having a detailed Cyber Incident Response Plan, which includes:
- Clearly defined roles and responsibilities, ensuring everyone knows what’s expected of them.
- Up-to-date contact information for staff, stakeholders, third parties, and regulators.
- Backup communication methods, like SMS systems or externally stored contact lists, in case usual channels (e.g. email) are unavailable.
- A robust, pre-tested communications strategy.
The Value of Preparation
Testing is just as important as planning.
You can’t assume your plan will work perfectly on the day. Testing it allows you to uncover gaps, ensure the right people are involved, and confirm resources are in place. It’s about preparing to fail; because that’s how you ensure success when it really matters.”
Ultimately, communication is more than just an operational requirement during a cyber incident, it’s a critical factor in protecting your organisation’s reputation, maintaining stakeholder trust, and ensuring a faster recovery. With the right preparation, organisations can stay in control of the narrative and minimise the damage from even the most challenging events.