By Gerard Braud, CSP, Fellow IEC
Cyber threats, cyber hacks, denial of service attacks, and cyber ransom events should be one of the top things you focus on when it comes to crisis communications and the Five Steps to Effective Crisis Communications system.
Each one of these has the ability to damage your organization’s revenue, reputation, and brand. Each of my crisis communication plans have up to six pre-written news releases designed to address the various types of cyber threats and attacks. I have sent out three new updates to my clients since January.
Cyber issues have generated the greatest number of calls I have received in the past 12 months from organizations that want to update their crisis communications plan and crisis communications strategies. Cyber issues are a perfect example of the types of issues you should discuss during Step 1 of Effective Crisis Communications, which is your quarterly Vulnerability Assessment. The nature of cyber threats changes daily as hackers adopt new methods to take your system down.
Daily, there are news stories about cities, counties, and states that cannot function because hackers have taken over their system. Daily there are stories of companies that get hacked and can’t serve their customers until their systems are back up. Massive class action lawsuits happen when an organization loses control of personal information.
What goes unreported is that many of these organizations have not spent the money needed to keep their systems safe, which means they are spending a small fortune to try to recover their systems.
Cyber Ransom and Cyber Insurance
Most hackers are happy to restore your system for you, if you simply pay a ransom. The hackers are wise enough to request an amount of money that is less than the cost of losing business or paying experts to restore your system and end your cyber crisis.
This requires organizations to have a discussion about both cyber insurance and whether or not you would pay a ransom. As a policy, most organizations will firmly say they don’t pay ransoms because they fear the hackers will attack a second time. But the reality is, many cyber insurance companies will pay the ransom because it costs less than to manually restore a system. Trust me – the hackers know this.
What Should You Do?
If you follow the Five Steps to Effective Crisis Communications,
Your responsibility is to:
- Hold a Vulnerability Assessment to include all of the latest forms of cyber attacks.
- Update your Crisis Communications plan to make sure it covers cyber scenarios.
- Write new Pre-Written News Releases for every type of cyber issue.
- Train your spokespeople to talk about cyber issues in a news conference.
- Pick a cyber attack as a great crisis drill scenario.
If you need to schedule a free strategy call or if you need ask about any of the Five Steps to Effective Crisis Communications, please use this link to schedule a free 15 minute strategy call with me.
Crisis communications and media training expert Gerard Braud, CSP, Fellow IEC is based in New Orleans. Organizations on five continents have relied on him to write their crisis communications plans and to train their spokespeople. He is the author of “Don’t Talk to the Media Until…”
More crisis communications articles: