Latest News
Blog: Effective communication in a cyber crisis
Businesses have long been the target of digital scammers, fraudsters and hackers, but over the past few years cybersecurity attacks have become much more commonplace.
While not all have been as high-profile as Optus or Medibank, nearly all cause some form of operational, financial and reputational damage.
Recently released Australian Bureau of Statistics figures show that 1 in 5 businesses experienced a cyber security attack during the 2021-22 financial year, more than double the figure from 2019-20. The majority of these attacks related to scams or fraud.
The increasing number of cyber attacks has led many businesses to invest heavily in their IT and cybersecurity systems to mitigate the operational and financial risks, but businesses have been much slower to protect themselves from the reputational risks.
The higher-profile cyber-attacks escalated quickly and received extensive media coverage and social media commentary - not because of flaws in the businesses’ cyber security systems but because of how communications were managed.
There are lessons to be learned from every cyber-attack and many of the same principles apply to managing a cyber-attack as managing any other crisis. However, there are also a few communications considerations and requirements that are particular to a cyber-attack.
Based on our experience assisting clients with cyber issues, we’ve compiled a few simple tips.
- Ensure you have a crisis communications plan in place
The fear of a cyber-attack has been a motivator for some businesses to develop a communications plan. If you don’t already have a plan in place, you’re heightening your risk. While every crisis is different, a plan with clear protocols, roles and responsibilities is vital. Ideally, the plan should also be ‘road tested’ through practice scenarios and key spokespeople provided with media training.
- Act quickly
A cyber-attack may cause some unavoidable reputational damage regardless of how well you communicate. To avoid lasting damage to a business’s reputation, acting and communicating quickly where you can is key, particularly where the impact of the cyber-attack is obvious. This also extends to quickly understanding who has been impacted by the cyber-attack. For example, it may not only be a business’s direct customers or clients who are impacted, but also the customer’s customers. Noting this can be difficult in case of a ransomware attack where unknown personal information has been extracted.
- Control the narrative
In the long-term, it is better to be open, share details as best you can and control the narrative from the outset. The impact of a cyber-attack can be immediate and obvious but identifying the cause of the attack and a plan for remediation can take time. Customers and clients expect prompt, clear and honest communication when the services they depend on are disrupted. A void in communication can cause reputational damage. Initial communication may be as simple as acknowledging the issue and providing assurance that it is being investigated, but it should always be proactive not reactive. Communications and messages will inevitably evolve over time as the cause is identified and rectified.
- Understand your legal requirements
Some cyber-attacks, such as data breaches, where personal information has been accessed or disclosed, require individuals and the Office of the Australian Information Commissioner to be notified by the business. This requirement covers where the personal information disclosed is likely to result in serious harm. For more information, visit https://www.oaic.gov.au/privacy/notifiable-data-breaches.
- Check your cyber insurance policy and your insurer’s communication protocols
In some cases, where the financial risk is potentially high, insurance companies can exercise the right to appoint their own PR and legal advisors to work with businesses to oversee their response to mitigate risk and potential financial exposure for the insurer. While this expertise can be helpful, there’s also potential reputational risk associated with a business having their communications controlled or heavily influenced by a third-party.
- Develop a recovery plan
The reputational impact of a cyber-attack can vary according to its severity and how the communications have been managed. Regardless, a plan will need to be developed to rebuild trust and provide assurance that the risk of another attack has been significantly reduced. This may include communicating upgrades to your cyber security systems, sharing key lessons to benefit clients should they be faced with a similar issue or helping customers communicate with their customers about the impact of the issue.
Hughes | Consultant
Useful Resources
Australian Cyber Security Centre (ACSC)
Recent News
- Blog: Why annual reporting is so much more than a financial update
- Which charity would your favourite furry friend support? Dig deep for Guide Dogs.
- Adelaide business leaders turning a ‘spotlight’ on homelessness
- Yugo announced Best Student Housing Provider
- Riverland Wine welcomes Chinese removal of Chinese tariffs
- Volunteering is a badge of honour for SA students
- Believe Housing Australia launches much-needed affordable rental homes in Adelaide
- All-woman crew building affordable housing for SA women impacted by violence
- Flinders Port Holdings among Australia’s best privately-managed companies
- Riverland growers to benefit from increased Rural Financial Counselling Service funding
- Celebrating our Guide Dog graduates, retiring Guide Dogs and our newest training group
- Scotch College Adelaide to host the 102nd annual SA Schools’ Head of the River Regatta
- Groundbreaking start for award-winning Waterford Purpose Built Student Accommodation Project
- CH4 Global named one of America’s Top GreenTech Companies by TIME Magazine
- DETMOLD MEDICAL LAUNCHES NEW MASK RANGE
- Blog: Crafting credibility
- Riverland grape growers call for financial support measures to save local industry
- END OF AN ERA FOR BOILEAU BUSINESS TECHNOLOGY
- Hundreds flock to 24/7 National Pharmacies store in first week
- Flinders Port Holdings welcomes PV Spirit to its fleet
