With major retailers and institutions being targeted for cyberattacks daily (most recently, Canadian bookseller Indigo Books and Music was forced to rebuild its website due to a breach, which impacted employee information and took the site down for two weeks), cybersecurity and post crisis messaging is key.
Although much is made of responding to the attack directly, thinking about post-crisis communications can be the difference between a measured response and scrambling publicly. “You want to be the one out there, planting that narrative flag first,” Andrew Moyer, executive VP and GM with crisis communications firm Reputation Partners, told CSO Online. “What you don’t want to do is say something with such specificity that you risk having to walk it back and you lose credibility.” He suggests using terms that provide an idea of scale, rather than specifics, for this reason.
Although many articles recommend having a communications team and plan in place well before any incidents, Moyer also recommends having a team externally who can advise adjustments to messaging if they are likely to cause more harm than good to a company’s reputation post-incident.
Stress-testing the plan (and upper management, regardless of potential embarrassment) is also crucial, says Paul Black, partner in KPMG’s forensic services, in the article. “The best outcome is if that organization walks out with 100 gaps identified and everyone’s got a list of 20 action items that they need to fix,” says Black. “That means collectively you’ve identified where the response capabilities are not up to scratch, can address them and then uplift your capability.”
Source:
