SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Australia
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware
Search
Story image
#
CX
#
MarTech
#
Breach Prevention

How to keep public trust when systems go down

Fri, 2nd May 2025
By Mark Devlin, Director, Impact PR

When a cyberattack hits, it doesn't just compromise systems – it can derail reputations, investor confidence, and customer loyalty. While IT teams rush to identify and contain the breach, one aspect is often overlooked: communication. Failing to manage the public narrative during a cyber event can leave customers in the dark, media in a frenzy, and trust permanently damaged.

For IT professionals and business leaders, cybersecurity preparedness must include a strategic communication plan. This article outlines how to embed crisis communications into your cyber response strategy, with advice drawn from frontline experience.

Failing to get ahead of the narrative can lead to a loss of stakeholder trust, customer churn, regulatory penalties, and long-term brand damage. This is where a robust crisis communications plan becomes mission-critical. Preparation, combined with expert guidance from a crisis-tested PR company Auckland businesses trust like Impact PR, can help ensure that your public response is as resilient as your technical defences.

Below is a step-by-step guide to managing crisis communications during a cyberattack.

1. Treat Communications as a Critical Component of Your Incident Response Plan

Many organisations develop detailed technical response plans, but don't formalise who will communicate, what they will say, and when. This gap leaves space for confusion and reputational risk.

Your incident response plan (IRP) should include a communication framework that:

  • Identifies who is authorised to speak externally
  • Provides pre-drafted holding statements tailored to potential scenarios
  • Details internal notification protocols
  • Outlines stakeholder engagement, including regulators and media

Tip: Use templates, flowcharts, and pre-approved messaging to act swiftly under pressure.

2. Pre-prepare Holding Statements and FAQs

When systems go down, stakeholders want immediate reassurance. Pre-approved holding statements allow you to:

  • Acknowledge the incident
  • Provide assurance that it's being addressed
  • Outline next steps and expected updates

Develop FAQs for customer-facing teams to avoid inconsistent or speculative messaging.

3. Align Your Spokespeople

Spokespeople shape public and media perception. Ensure designated individuals:

  • Are media-trained and confident
  • Have aligned talking points
  • Know how to respond under scrutiny

One misstep on camera can undo a carefully planned response.

4. Lock Down Internal Communications

Internal leaks often reach social media or journalists before official statements. Protect your brand by:

  • Briefing staff early
  • Supplying internal Q&A material
  • Making it clear who can speak publicly

Internal alignment is crucial for consistent messaging.

5. Map Regulatory and Legal Coordination

Clear communication is important - but so is legal compliance. Your comms and legal teams must work in tandem to ensure:

  • Statements meet disclosure obligations
  • Privacy regulations are followed
  • Escalation protocols for legal review are established

6. Monitor the Narrative in Real Time

Cyber events unfold quickly, especially on social media. Use monitoring tools to:

  • Track brand mentions and sentiment
  • Identify misinformation early
  • Respond to trends before they escalate

Assign a dedicated monitoring lead during active incidents.

7. Post-Crisis Review: Don't Waste a Good Crisis

After the dust settles, review your response:

  • Were stakeholders adequately informed?
  • Did the media coverage reflect your message?
  • Where did confusion or delay occur?

Use findings to improve processes, training, and templates.

8. Use Plain Language and a Human Tone

Avoid jargon. Speak with clarity and empathy.

  • Be transparent (within legal limits)
  • Acknowledge concerns
  • Explain what happened and how you're fixing it

Tone can be the difference between trust and backlash.

9. Use All Relevant Channels

Don't rely solely on press releases. Reach stakeholders through:

  • Social media
  • Email updates
  • SMS alerts
  • Website banners or a dedicated crisis microsite

Centralise updates to avoid mixed messages.

10. Partner with Crisis Comms Experts

Cyber threats are reputational threats. A crisis communications partner can help you:

  • Prepare messaging in advance
  • Navigate complex scenarios in real time
  • Rebuild trust post-incident

At Impact PR, we help organisations communicate clearly and confidently before, during, and after cyber events.

Final Thoughts

Cyber resilience goes beyond firewalls - it's about leadership and communication when things go wrong. Silence and confusion can do more damage than the breach itself.

If your organisation needs support, talk to Impact PR - the PR agency Auckland businesses trust for strategic, timely crisis communications.

About the Author

Mark Devlin is Managing Director of Impact PR, a New Zealand-based agency that works with tech, finance, and government clients to manage high-stakes reputation risks - including data breaches and cyberattacks.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
SonicWall unveils cyber suite for MSPs with USD $2 million warranty
Exclusive: Cyber expert Louise Hanna warns education, proactive strategies lacking
Silent Push unveils Chrome tool for real-time threat response
AI-driven threats prompt IT leaders to rethink hybrid cloud security
Malicious memes: How cybercriminals use humour to spread malware
Top stories
Defending the Cloud from the Edge
Organisations boost AI security as data threats & risks evolve
BeyondTrust recognised as leader in secrets management
Sandrine El Khodry named new EVP of global sales at ALE
Gigamon survey finds AI drives hybrid cloud breach rise to 55%