How can organisations prepare to communicate in a cyber crisis?

Ahead of this year’s Crisis Management Conference, Regester Larkin’s chief executive, Andrew Griffin, looks at how organisations can prepare to communicate in a cyber crisis.

Organisations must be prepared to face any sort of crisis, from major physical incidents to scandals and performance failures. According to our recent crisis management survey, organisations are more confident in their ability to respond to familiar risks, such as industrial accidents and extreme weather events, than they are unfamiliar risks. For most, a cyber attack is unfamiliar territory. Yet cyber risk is a key commercial and reputational vulnerability that has moved quickly up organisations’ risk registers in recent years.

As with all aspects of crisis communication preparedness is key. The unique dynamics of a cyber crisis need some special attention. Here are three tips for organisations getting ‘cyber crisis ready’.

  1. Plan the logistics of communication

All organisations should have a crisis communications plan but few of these plans consider the logistics of this. A cyber crisis might require direct communication with consumers, customers and stakeholders, sometimes with important information about actions they should take. But a cyber attack could debilitate normal communication channels, most of which don’t have the capacity to reach large numbers in short time periods. And, of course, internal systems may have been directly impacted, isolated or disconnected to contain the attack. Thinking through these realities during peace time is an invaluable time saver in a crisis.

  1. Don’t be a victim

Even if an organisation is the ‘victim’ of a cyber attack, it can never play the victim card.

Stakeholders may feel let down: an organisation they trust has failed to protect their interests. They must feel that you understand and regret that they have been impacted by the cyber attack. The watchwords here will be care, concern, containment and control. Containment in particular is hugely important in a cyber crisis. If the organisation cannot put a fence around what has happened, the assumption will be that the situation is out of control and uncontained. The last thing stakeholders want in this situation is for the organisation to play the victim card: they want to see action and hear the right emotion.

  1. Ensure you know the facts

A cyber crisis, again like most crises, is characterised by a lack of information in the early stages. What exactly has happened here? What has been compromised? What information is lost? With a cyber incident, the lack of knowledge is about other people’s information and details. Knowing what the organisation does and doesn’t hold on its customers, employees and consumers is the most important step. The organisation’s spokespeople (many of who will find the whole ‘cyber thing’ very unfamiliar and confusing) will need to be reassuring wherever possible.  Knowledge is key: information should include what data is held on customers, how the data is stored and details of the organisation’s investment in cyber resilience.

We have seen through a series of recent high profile data breaches that cyber attacks can have significant commercial and reputational impacts. Preparedness is the key to successful response.

The Crisis Management Conference will be held on Wednesday 14th September in London. For further details on the programme and how to register, please visit the CMC website.

World Communication Forum Davos – key lessons

I’d heard a lot of good things about this forum. I was told that it focuses on real communication issues facing society and businesses, debates “hot topics” and connects communicators and thought leaders from all over the world. I’d never been before, but with that sort of recommendation, who wouldn’t want to be part of it? So I signed up, traveled to Switzerland and dived head first into the debate.

But did the forum live up to my expectations? What did it cover, what did I take from it and would I go back? Having had a few days to digest my experience, here are my thoughts.

My main observation is that the committee and organisers have nailed the title, location and content of the forum and, by doing so, attract an incredible mix of professionals from all over the world.

This is not a conference, it is a forum

And there is a big difference. At a conference people show up in their thousands, sit in packed auditoriums whilst someone preaches at them, collect free stuff from exhibition stands and try to avoid people selling them things they don’t need. At a forum, people go to share ideas, experiences and, collaboratively, shape the future of their industry. That’s precisely what everyone at this forum went to do.

Location, location, location


The forum is held in Davos, which, despite being tucked away in the beautiful Swiss mountains, is regarded as the epicentre of thought leadership and change as it hosts the annual World Economic Forum (WEF).

It is a pain to get to from the UK (2 hour flight and 3 hour transfer) but, actually, being in a town so small and secluded makes perfect sense. It gives you a break from the normal day-to-day hustle and bustle, allows you to focus on the topics of the forum and means you’re never more than 5ft from another attendee (not literally, but you get the point) so conversation continues outside of the auditorium.

Fantastic, passionate, expert communicators

Just over 130 communicators, representing 30+ countries and cultures, attended the forum. Despite the diverse nationalities, skill and background of the group – there was a common willingness to share knowledge and ideas and a shared passion for improving the communications profession.

There were open debates at the end of each presentation, lots of panel discussions and a group activity to stimulate interaction and collaboration. In the two days I think I spoke to most of the attendees at one point or another and always had a healthy discussion… with the exception of starting an awkward discussion between a Russian and Ukrainian… wooops.

Key lessons

In the two days there were presentations and debates around social media, the future of PR, technology, “big data”, communicator 3.0 and how to generate economic value through communication. Here are key lessons, trends and messages I took away:

  • Communication needs to be authentic. Yes, that’s nothing new but your communication strategy should not just focus on building trust, but should reflect aspects of your brand, product or service that harbour the feeling of trust
  •  “If you don’t have data and analytics you don’t have a strategy?” Paul Holmes.
  • Data enables communication to target on the ‘market of one’… but that isn’t enough. Communicators should be using data intelligence to give their audience the answer to the next best question they should ask – but there is a fine line between being helpful and tasteless.
  • A communicator’s fight for their audience’s attention is getting tougher. People don’t read long articles (ok, it might take me a while to adapt this one), they typically read the first paragraph, scan for key words or read the comments to see if it’s worth their time. ‘tl; dr’ means ‘too long, don’t read’.
  • In the same way a CFO is not solely responsible for the profitability of a company, internal communicators and PR do not control a brand’s reputation anymore. Establishing brand ambassadors is key, as is having a “better well done than well said” strategy.
  • I also met the Scott Fahlman, the scientist who introduced this 🙂 in online communication 32 years ago. Now “the smiley” is used a billion times a day to express emotion in our communication! You shouldn’t underestimate the emotional impact of a smile!

 Would I recommend it?

Absolutely. All I would say to anyone considering going in 2015 is that you need to go with an open mind and willingness to share your experiences, challenge thinking and actively participate in the debate.

I came away fascinated by how influential communication is in shaping business, society and culture and with plenty of ideas for how we will improve client projects in the future.


Matt Frost

Matt is CEO of SHILLING – a specialist company that helps multinationals achieve their business goals through strategic and creative employee communication. Matt has worked in the marketing and communicators industry for nearly 15 years and is passionate around pushing the boundaries and challenging the ‘norm’ to engage, educate and inspire others.

To find out more about Matt and SHILLING: