All experts agree to say that this is the era of cyber threat. It is not “if” anymore but “when”.
Preparation, strategic communications and response time are critical to reputation management.
In the event of a cyber-attack, data leakage or any other sort of cyber security issues, the first thing to do is… keep calm! Do not panic. Over-reacting can lead to wrong decisions that can cause greater damages to the company.
First and foremost, is to investigate and validate the problem. When did this happen? How? What is the extent? The cause? How to resolve it. We recommend to bring a third-party organization early in the process to discover the scope and implications of the situation, as well as a demonstration that the firm is taking the problem seriously. The specialist will transparently help you discover what information has been accessed, compromised and will identify what vulnerabilities are in cause. This will remediate and prevent the issue of happening again.
This will determine the communication plan. Whether or not to go public or restrain the communication to the parties affected depends on the analysis and extent of damages. An experienced consultant in Public Relations may be of a tremendous value to coordinate the efforts, communication and to ensure that all parties such as IT, Legal, BOD and C level executives are in sync in their plan of action.
A single voice message must be developed for all potential victims, employees, customers, partners and the media. The statement must be open and sincere. Apologize, admit and accept responsibility for what happened. Explain the situation and be persuasive about the measures taken to avoid it in the future.
Announce the breach quickly and be ready for questions. Anticipate them and prepare honest answers or you will lose credibility. This will show your company as a reliable and transparent partner. It is the only way to maintain trust in such difficult circumstances and to limit rumors which is the key for survival after a cyber threat.