The effects of a cyber-attack can be devastating on an organisation’s ability to continue every-day business in the short-term, not to mention the longer-term reputational risks and potential for a breakdown of trust with stakeholders.
We’ve all witnessed some high-profile cyber-attacks in 2025 and their effects on businesses including Ticketmaster, the Co-op and Marks & Spencer. These have shown that it’s not just the operational preparedness that’s important, but also the way an organisation communicates during a cyber incident that can make the difference in how well it is handled.
Being prepared with a communications plan and the right team in place will provide confidence to manage such an incident and mitigate impact on the business, its customers, employees and other stakeholders.
Prepare now
This sounds like stating the obvious, but the best time to consider and plan a response to a cyber-attack is before it happens. Consider a Q&A of all scenarios to clarify where the organisation might be most vulnerable, where any gaps exist, and the position of the organisation in its key lines of business.
This should also consider all audiences who could be affected. A stakeholder mapping exercise would be helpful to clarify what may be most important to different audiences. Internally, involve the relevant teams in communications, legal, HR, health and safety and IT to ensure the messaging will be aligned and consistent. I also covered preparedness for a cyberattack in one of my previous posts on crisis planning in the age AI.
Test the plan
It is advisable to test the crisis plan against a range of possible scenarios to see the reality of such a threat and its effects.
A test should assess the response of the team and its leaders in key areas including media handling, financial implications, operations, employee communications and how you inform partners and stakeholders.
Communicate quickly
As you move into operational mode, clarify what you are dealing with and start communicating as soon as practically possible with priority audiences. While you may not be able to provide all the answers, be as open as possible with stakeholders about how long this may go on and your plan to ensure it is resolved.
Consider your channel strategy
Consider different channels of communication depending on the audience. The website will be helpful as a central hub of information and updates for most audiences but remember that some communications channels may be compromised as a result of the cyber-attack, and alternative ways of communicating may need to be found.
Customers may need something more tailored depending on how they are impacted by the cyber-attack, while employees will also need something bespoke and direct to them to provide clarity and reassurance.
Regular media statements containing known facts when relevant will help keep journalists updated while social media can support this information at speed.
Demonstrate responsibility
Make sure that updates show that you care and that you’re doing everything possible in the circumstances. Emphasise that you are working with experts internally and externally where relevant, and that you will provide more information as soon as possible. Be proactive in updating stakeholders on the situation, rather than letting questions go unanswered. Be prepared to update, even when there is no update to give.
Review and learn
Once the cyber-attack has been resolved, and while still fresh, review the operational performance of the plan with the response team and assess lessons that can be incorporated to support the management of future crises. It is also a good idea to continue the cycle of scenario tests and to compare how much you have learned through the experience and reality of a cyber-attack.
Freshfield has been advising established and growing businesses on crisis planning for over 25 years. For more information or to speak to one of our team, please get in touch.
