Search
PerspectiveCrisis Communications Litigation

Why companies need to be prepared for a cyber-security crises now more than ever

2 June 2024

There is no doubt the rapid migration of digital technologies that took place at the height of the pandemic accelerated the rate of cyber-attacks exponentially.

MediSecure and Ticketek are the latest large companies to have the personal data of millions of their customers hacked.

As the risk of falling victim to these breaches continues to grow, it is crucial for companies to have strong plans in place to communicate with key stakeholders in the event of an attack.

The latest Annual Cyber Threat report released by the Australian Cyber Security Centre shows attacks on average are occurring every 6 minutes in Australia.

According to the report, in 2022-23, 94,000 cybercrimes were reported in Australia, which is a 23 per cent increase on the previous year. Of these, 30 per cent came from Queensland alone.

Data is also showing that the average cost of cybercrime per report is up 14 per cent and medium businesses pay a disproportionately high price of nearly $100,000 per report.

These statistics highlight why companies should have cyber-security front of mind and be prepared with comprehensive cyber-attack response procedures in place.

The importance of communication for cyber-attack responses

When companies are hit with data breaches, many fail to respond to speculation and commentary surrounding them quickly enough – or respond with “no comment”.

As history has shown, this can be detrimental to their reputations, impacting client and customer acquisition and relationships with key stakeholders.

Organisations experience a range of negative outcomes during and after a cyber breach, which can be exacerbated by poor stakeholder communication, including:

  • Erosion of trust
  • Potential loss of intellectual property
  • Reputation damage
  • Loss of customers/clients
  • Significant inconvenience or harm to stakeholders
  • Lower market value
  • Increase in stakeholder complaints
  • Increased scrutiny (regulators, government)
  • Potential litigation and compensation payments.

Preparing for these incidents through strong crisis communication strategies can help manage these issues and risks.

Based on our extensive history in developing crisis communication frameworks for clients across a range of industries, we have outlined three principles to improve cyber-attack messaging.

Three principles to help optimise your cyber-attack messaging

1. Use of leaders or subject matter experts

The nature of cyber-attacks is highly dynamic and increasingly complex.

When disclosing a cyber-attack incident, it is important for companies to state the situation in a way that is both factual and empathetic covering what happened, how it affects key stakeholders such as customers and partners and the steps you are taking to protect stakeholders going forward.

It is important, at this point, to be both factual and empathetic, using clear, jargon-free messages to show your support for the stakeholders and your willingness to find a solution.

Put yourselves in the shoes of the affected stakeholder and use phases such as, “we are deeply sorry this happened”; “we understand the gravity of this situation”; “we recognise the significant concern this has caused”; “we are conducting a review to ensure this never happens again”; “we will continue to keep you informed once we know more”.

The involvement and support of subject matter experts is highly encouraged to ensure response messaging for these procedures stays accurate and specific.

2. Stay ahead of the terminology and knowledge divide

Every person involved in the response to a cyber-security incident requires a basic understanding of IT security.

Companies should work towards building a cyber-aware corporate culture. Not only will this increase the efficiency of incident response but will also contribute towards its prevention.

To do so, companies are encouraged to regularly educate and test employees, establish cyber-security as a holistic responsibility through continual reminders and training and implement and test breach response plans.

3. Keep abreast of cyber security trends

Cyber-attack methods are perpetually evolving in response to regularly updated security systems and procedures. Consequently, the preferred forms of data breaches are constantly changing, making them highly unpredictable.

To ensure companies are prepared, leaders must be educated on the various forms of attack, and they must regularly stay on top of those most currently prevalent.

In co-operation with our global partnership, Worldcom Public Relations Group, we provide regular insights relevant to the most prevalent global trends and developments – including cyber-related issues.

Contact us

We can train your spokespeople to be prepared and confident to handle a crisis. For comprehensive media and crisis training, please contact Andrew Buckley.

Related reading

6 tips for surviving your next virtual media interview

Categories

Let's Work Together

Level 3, 201 Charlotte Street
Brisbane QLD 4000

+61 7 3230 5000






Phillips Group respectfully acknowledges the Traditional Owners and Custodians of Country throughout Australia
and recognises their continuing connection to land, water and community.
We pay our respects to Elders past, present and emerging.

© 2024 Phillips Group