Communication management is a crucial element in a cyber crisis. An effective, well-orchestrated response can mitigate negative impacts on corporate reputation, maintain stakeholder confidence, and ensure optimal coordination of corrective actions. Here's a detailed guide to how to communicate during a cyber crisis.
Preparing for a crisis
Crisis communication plan :
Even before a crisis occurs, it's essential to have a well-defined crisis communications plan. This plan must include :
- Contact details for the crisis management team.
- The roles and responsibilities of each team member.
- Internal and external notification procedures.
Pre-written messages :
Prepare standard messages for different types of incident, to save time in the event of a crisis. These messages need to be quickly customized to suit the specifics of the incident.
Internal communication
Immediately inform :
- As soon as a cyber attack is detected, immediately inform the management team and IT managers.
- Activate the incident response team.
Transparent and calm:
- Be transparent with employees about the existence of the incident, but avoid causing panic.
- Provide clear instructions on what to do (e.g. disconnect devices from the network, avoid opening suspicious emails, etc.).
Regular updates :
- Communicate regularly on developments in the situation and the measures taken to resolve the crisis.
- Make sure employees know who to contact to ask questions or report problems.
External communication
Notify stakeholders:
- Rapidly inform customers, partners and suppliers of the incident.
- Use secure communication channels to transmit sensitive information.
Public statement:
Prepare a public statement to inform the general public and the media. This statement should include:
- Recognition of the incident.
- Immediate measures taken to contain the situation.
- The company's commitment to resolving the incident and protecting the data.
- Contact details for questions and support.
Coordination with the authorities :
- If necessary, inform the relevant authorities (CNIL, ANSSI, etc.) of the incident.
- Cooperate fully with investigators to facilitate their work.
Communication content
Recognize the incident:
- Openly admit that an incident has occurred. Transparency is essential to maintain trust.
Detail the actions taken :
- Explain the immediate measures taken to contain and mitigate the effects of the incident.
- Assure stakeholders that experts are involved in resolving the crisis.
Safety commitments :
- Reiterate the company's commitment to data security and protection.
- Indicate future measures planned to reinforce safety and prevent such incidents.
Offering support :
- Provide information on the resources available to affected stakeholders (e.g. hotline, support center, etc.).
Post-crisis follow-up
Post-incident reports :
- Once the incident has been resolved, prepare a detailed report describing the nature of the incident, the actions taken and the corrective measures put in place.
Ongoing communication :
- Keep stakeholders informed of progress in implementing improved safety measures.
- Solicit feedback to improve processes and future communication.
The role of Phishia
Phishia supports companies in managing communication in times of cyber crisis. Our cybersecurity and crisis communication experts work together to develop robust communication plans, prepare clear messages and coordinate responses, ensuring effective crisis management and minimizing the impact on your business.
We also offer you the opportunity to test yourself by making acyber crisis management exercises. The scenarios are created on the basis of work carried out by ANSSI.
