How can organisations prepare to communicate in a cyber crisis?

Ahead of this year’s Crisis Management Conference, Regester Larkin’s chief executive, Andrew Griffin, looks at how organisations can prepare to communicate in a cyber crisis.

Organisations must be prepared to face any sort of crisis, from major physical incidents to scandals and performance failures. According to our recent crisis management survey, organisations are more confident in their ability to respond to familiar risks, such as industrial accidents and extreme weather events, than they are unfamiliar risks. For most, a cyber attack is unfamiliar territory. Yet cyber risk is a key commercial and reputational vulnerability that has moved quickly up organisations’ risk registers in recent years.

As with all aspects of crisis communication preparedness is key. The unique dynamics of a cyber crisis need some special attention. Here are three tips for organisations getting ‘cyber crisis ready’.

  1. Plan the logistics of communication

All organisations should have a crisis communications plan but few of these plans consider the logistics of this. A cyber crisis might require direct communication with consumers, customers and stakeholders, sometimes with important information about actions they should take. But a cyber attack could debilitate normal communication channels, most of which don’t have the capacity to reach large numbers in short time periods. And, of course, internal systems may have been directly impacted, isolated or disconnected to contain the attack. Thinking through these realities during peace time is an invaluable time saver in a crisis.

  1. Don’t be a victim

Even if an organisation is the ‘victim’ of a cyber attack, it can never play the victim card.

Stakeholders may feel let down: an organisation they trust has failed to protect their interests. They must feel that you understand and regret that they have been impacted by the cyber attack. The watchwords here will be care, concern, containment and control. Containment in particular is hugely important in a cyber crisis. If the organisation cannot put a fence around what has happened, the assumption will be that the situation is out of control and uncontained. The last thing stakeholders want in this situation is for the organisation to play the victim card: they want to see action and hear the right emotion.

  1. Ensure you know the facts

A cyber crisis, again like most crises, is characterised by a lack of information in the early stages. What exactly has happened here? What has been compromised? What information is lost? With a cyber incident, the lack of knowledge is about other people’s information and details. Knowing what the organisation does and doesn’t hold on its customers, employees and consumers is the most important step. The organisation’s spokespeople (many of who will find the whole ‘cyber thing’ very unfamiliar and confusing) will need to be reassuring wherever possible.  Knowledge is key: information should include what data is held on customers, how the data is stored and details of the organisation’s investment in cyber resilience.

We have seen through a series of recent high profile data breaches that cyber attacks can have significant commercial and reputational impacts. Preparedness is the key to successful response.

The Crisis Management Conference will be held on Wednesday 14th September in London. For further details on the programme and how to register, please visit the CMC website.

Communications that change the world: the Sustainable Development Goals

  • 1.25 is the magic number.
  • $1.25 is equivalent to 80p a day
  • That’s less than your average cappuccino
  • Yet more than 800 million people live on this, or less, every day.

Living on $1.25 a day is living in extreme poverty; 800 million people in this state is unacceptable. What can we do change this?

IABCUKGlobalGoalsIn 2000, the UN came up with a plan to half extreme poverty by 2015 and called it the Millennium Development Goals. Did they succeed? Yes, two years ahead of target, but much was left to be done. Three years ago they came together again, this time with the input of the private sector and NGOs, and agreed to take it further. Last Friday, all 193 countries members of the United Nations endorsed a plan to end extreme poverty, fight inequality and injustice, and fix climate change: the Sustainable Development Goals.

The 17 goals have been called too ambitious, too many, too complex and too expensive to be met by 2030. However, even the cynics agree that these public statements have galvanised ambition, raised unprecedented amount of aid-money and, ultimately, changed global behaviour.

Isn’t that what we, as business communicators, try to achieve through our work? That’s the question behind this blog. In my opinion, the launch of the global goals are a great example of how our profession -at its best- can change the world. Here’s why:

1. Engagement led to defining outcomes

As opposed to the MDGs, which were famously concocted by an isolated group of gurus, the SDGs came to life after three years of dialogue. The result, albeit imperfect, is now owned by everyone. Shared results always have a better chance of being successful. The listening exercise transformed the goals, and enriched all of those participating.

2. They’ve made it matter to everyone, so everyone is involved.

The spirit of the goals is to leave no-one behind: youth, women, minorities, and even big corporate businesses. But how to get them involved?

“A key challenge was to make the goals accessible outside the development community” says Katja Iversen (@Katja_Iversen), CEO of the global advocacy organization Women Deliver. Before running Women Deliver, Katja led strategic communications at UNICEF and knows first-hand the value of meaningful communications. “If we want to drive progress, we need broad engagement, including by the business community. And it has to business as unusual. Stories about real people, showing that success is possible – that it is not all war, doom and gloom- are key. That is where the identification blossoms, the collaboration starts and action accelerates”.

The role of the UN Foundation in translating a policy-heavy text into a meaningful campaign was crucial. Take a look at their Employer toolkit or let the stories of the Tell Everyone campaign move you to action.

If you are in-house communicator, this is your chance to map your business outcomes against a global movement and motivate your people.

The responsibility of meeting the UN goals might lie with the governments, but the role of business can’t be ignored: we are employers and generate the income needed. We bring expertise, investment and can catalyze development. Cutting-edge companies are making their commitments public – you and your company however large or small can do the same. Join Richard Branson, Paul Polman from Unilever or, my employer, Mark Cutifani of Anglo American, in publicly stating how your company will support government in achieving the goals. As Mark put it supporting the achieving of the SDGs “means doing our work with excellence and ensuring our presence in host countries leaves a positive lasting legacy.”

Now what? In the worlds of Erna Solberg, Prime Minister of Norway, (and Elvis!) “A little less conversation, a little more action -please”. The work begins after launch, and the true test of this global movement will come with implementation. Just as any communications campaign. You can start by telling everyone the story of how you – as a communicator – can change the world. 


The International Association of Business Communicators (IABC) is a global membership association with a network of 12,000 members in more than 80 countries. We deliver on the Global Standard in communication through educational offerings, certification, awards programs and annual World ConferenceFollow us on Twitter @iabcuk