Several high profile cyber attacks have dominated news headlines over the past few months, compromising the details of millions of Australians. As it stands, the companies involved in these cyber incidents are still reeling and in full recovery mode, both technically and reputationally. And while data and information security professionals work overtime to strengthen cyber resilience, concurrently, the communications world is observing the evolving nature of crisis communications. This is reinforcing what we as PRs already knew: how you manage your corporate reputation is more important than ever. Let’s delve a little deeper into the lessons the PR industry is learning in the wake of recent cyber-attacks.

Always be Prepared
Bad actors have become so sophisticated they can strike as fast as lightening, so it’s important that corporations involved in an attack respond at pace. No matter how strong you believe your cyber defences to be, it’s always worth having the materials in place and ready to go if something does go wrong. Messaging, quotes and statements should be pre-prepared to avoid any delays in public disclosures. Rather than eternal optimism, take the approach of “when” not “if” and you’ll be ready to act if the worst occurs.

Appoint a Single Spokesperson to be The Messenger
If we’ve leaned anything from the latest slew of cyber incidents, its’s that having a single spokesperson addressing the public lends greater clarity, consistency and cohesion. Usually, it’s the role of the CEO to addresses the issue head on. Having one single, C-suite level spokesperson handling public discourse provides the consistency of message and tone necessary to reassure the public, maintain trust, credibility and corporate accountability.

Manage Expectations and Don’t Over Promise
Given the unique and overly complex nature of cyber attacks and incidents, it’s always advisable not to commit to specific timeframes for recovery. Without a full investigation, a full resolution cannot be mapped out and missing your own deadline is a sure way of hindering the damage control process, opening the door to further unwanted scrutiny.

Lead with Transparency
Ideally, when a cyber incident does occur, a balance should be struck between transparency and over divulgence of unnecessary details. This is done to maximise the chances of successful recovery and warding off copycat attacks who may use publicly shared information to exploit perceived weaknesses. This also serves to balance public trust and operational security.

Don’t Rush the Recovery Process
The inconvenient truth is that cyber attacks deliver a severe blow and just like a physical injury, trying to rush the recovery process will only hinder the chances of a successful recovery. Recovering from a cyber breach is a long game that requires sustained and transparent communication effort. Even in the most challenging circumstances, effective PR can protect trust and corporate reputation.

The key takeaway for all businesses is that cyber crisis PR planning should be as high up on the priority list as the technical security measures. PR and comms teams in today’s digital business environment should be preparing well in advance for how to communicate when such a breach occurs.

To be on the front foot and proactively protect your corporate reputation from whatever may transpire, contact us at christopher@pearscroftcommunications.com.au