SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Australia
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware
Search
Story image
#
CX
#
Breach Prevention
#
Cybersecurity

How to keep public trust when systems go down

Yesterday
By Mark Devlin, Director, Impact PR

When a cyberattack hits, it doesn't just compromise systems – it can derail reputations, investor confidence, and customer loyalty. While IT teams rush to identify and contain the breach, one aspect is often overlooked: communication. Failing to manage the public narrative during a cyber event can leave customers in the dark, media in a frenzy, and trust permanently damaged.

For IT professionals and business leaders, cybersecurity preparedness must include a strategic communication plan. This article outlines how to embed crisis communications into your cyber response strategy, with advice drawn from frontline experience.

Failing to get ahead of the narrative can lead to a loss of stakeholder trust, customer churn, regulatory penalties, and long-term brand damage. This is where a robust crisis communications plan becomes mission-critical. Preparation, combined with expert guidance from a crisis-tested PR company Auckland businesses trust like Impact PR, can help ensure that your public response is as resilient as your technical defences.

Below is a step-by-step guide to managing crisis communications during a cyberattack.

1. Treat Communications as a Critical Component of Your Incident Response Plan

Many organisations develop detailed technical response plans, but don't formalise who will communicate, what they will say, and when. This gap leaves space for confusion and reputational risk.

Your incident response plan (IRP) should include a communication framework that:

  • Identifies who is authorised to speak externally
  • Provides pre-drafted holding statements tailored to potential scenarios
  • Details internal notification protocols
  • Outlines stakeholder engagement, including regulators and media

Tip: Use templates, flowcharts, and pre-approved messaging to act swiftly under pressure.

2. Pre-prepare Holding Statements and FAQs

When systems go down, stakeholders want immediate reassurance. Pre-approved holding statements allow you to:

  • Acknowledge the incident
  • Provide assurance that it's being addressed
  • Outline next steps and expected updates

Develop FAQs for customer-facing teams to avoid inconsistent or speculative messaging.

3. Align Your Spokespeople

Spokespeople shape public and media perception. Ensure designated individuals:

  • Are media-trained and confident
  • Have aligned talking points
  • Know how to respond under scrutiny

One misstep on camera can undo a carefully planned response.

4. Lock Down Internal Communications

Internal leaks often reach social media or journalists before official statements. Protect your brand by:

  • Briefing staff early
  • Supplying internal Q&A material
  • Making it clear who can speak publicly

Internal alignment is crucial for consistent messaging.

5. Map Regulatory and Legal Coordination

Clear communication is important - but so is legal compliance. Your comms and legal teams must work in tandem to ensure:

  • Statements meet disclosure obligations
  • Privacy regulations are followed
  • Escalation protocols for legal review are established

6. Monitor the Narrative in Real Time

Cyber events unfold quickly, especially on social media. Use monitoring tools to:

  • Track brand mentions and sentiment
  • Identify misinformation early
  • Respond to trends before they escalate

Assign a dedicated monitoring lead during active incidents.

7. Post-Crisis Review: Don't Waste a Good Crisis

After the dust settles, review your response:

  • Were stakeholders adequately informed?
  • Did the media coverage reflect your message?
  • Where did confusion or delay occur?

Use findings to improve processes, training, and templates.

8. Use Plain Language and a Human Tone

Avoid jargon. Speak with clarity and empathy.

  • Be transparent (within legal limits)
  • Acknowledge concerns
  • Explain what happened and how you're fixing it

Tone can be the difference between trust and backlash.

9. Use All Relevant Channels

Don't rely solely on press releases. Reach stakeholders through:

  • Social media
  • Email updates
  • SMS alerts
  • Website banners or a dedicated crisis microsite

Centralise updates to avoid mixed messages.

10. Partner with Crisis Comms Experts

Cyber threats are reputational threats. A crisis communications partner can help you:

  • Prepare messaging in advance
  • Navigate complex scenarios in real time
  • Rebuild trust post-incident

At Impact PR, we help organisations communicate clearly and confidently before, during, and after cyber events.

Final Thoughts

Cyber resilience goes beyond firewalls - it's about leadership and communication when things go wrong. Silence and confusion can do more damage than the breach itself.

If your organisation needs support, talk to Impact PR - the PR agency Auckland businesses trust for strategic, timely crisis communications.

About the Author

Mark Devlin is Managing Director of Impact PR, a New Zealand-based agency that works with tech, finance, and government clients to manage high-stakes reputation risks - including data breaches and cyberattacks.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Super fund cyberattacks highlight risks to Australian savings
Radware secures record cloud security deal with US financial giant
It’s the end of passwords as we know it
A future with no passwords: Why passwordless authentication is key for cyber-resilience
Cequence enhances platform to protect agentic AI interactions
Top stories
Businesses intensify efforts to secure data in cloud computing
Australian firms lag in attack surface risk management tools
Revolut reports record profits in Australia & globally for 2024
ANZ to launch password-less web banking with enhanced security
Lumify Group wins top cyber security training award for 2025