Cyber Crisis Communication Plans: What Works and What to Avoid (Part One of Two)

Every cyber incident does not result in a far-reaching compromise or disclosure of personal or confidential information, but even a small incident can erupt into a major high-profile cyber event depending on whether and how it becomes public. The publicity surrounding these events can render them more serious than just the technical problem itself and raises the stakes on how companies respond. Because of the damaging effects press coverage can have, companies should be prepared with a thorough communications plan that contemplates more than just technical answers, experts told us. This first installment of our two-part series on breach communication plans discusses identifying key stakeholders and their roles, key playbook components and the benefits of advance planning, and offers advice on how to approach internal communications during a cyber crisis event. Part two will cover how to control and coordinate with a third-party vendor, strategies for handling external communications to the media, regulators and other stakeholders, and how to overcome common pitfalls and challenges. See also our three-part guide to developing and implementing a successful cyber incident response plan: “From Data Mapping to Evaluation” (Apr. 27, 2016); “Seven Key Components” (May 11, 2016); and “Does Your Plan Work?” (May 25, 2016).

To read the full article

Continue reading your article with a CSLR subscription.