Crisis management after cyber attacks

Next story
Olivia Storey

When a company suffers a cyberattack or data breach, the way they deal with and extinguish the situation speaks volumes to their staff and customers.

Cyber-attacks are becoming increasingly more common, and every company needs to be prepared and protected if there was to be a potential attack. However, in the event of a breach, external and internal communications are vital, and Mark James, ESET IT Security Specialist, explains how businesses should manage these, devise a crisis management strategy, and offers his best practices, do’s and don’ts.

“Sadly, these days’ data breaches are a very real threat no matter what size organisation you are, from the high street chain through to the multi-national organisation.

“With opportunistic and targeted malware working its way around our digital universe, it’s only a matter of time until you are the target.

“When it strikes the damage may be huge, it might go public, and it might even affect your company in such a way that you have to make the right choices to stay on top of it. One of those choices is the way you communicate what, when and how it happened.

“These days it’s not so unique, we read about it almost daily, and usually, only a few things will flag a concern: the amount of data stolen or the amount of time it has taken for the company involved to communicate to the victims.

Drawing up a crisis management strategy is an absolute must.

“Making sure honest, clear information is available for everyone involved, including stakeholders and at some point the public.

“Outlining what has happened, including what you have done, and what you intend to do moving forward for any victims involved.

“They need to know how they are affected, what they can do immediately and in the future, and how you will help.

“Of course the relative authorities need to be aware from the outset, and all the information should be made available for the technical team to understand how it happened and ensure that the immediate threat is contained.

“They will need to put measures in place to stop it from happening again.

“Affected public will almost certainly use social media to vent their anger or frustration. If possible have a dedicated team on hand to get information over clearly and precisely.

“Online or even video statements from a high profile member of the company could help to express your remorse and supply clear and concise answers to the questions being asked.  


Does your business have a crisis management plan in place? Let us know on Twitter @ESETUK.


Join the ESET UK LinkedIn Group and stay up to date with the blog. If you are interested in seeing where ESET has been featured in the news then check out our ‘In the news’ section.