Few companies have a communications plan in place for the possibility that they are hit by a cyberattack. A new study shows that smart communication and authenticity are required. We at the PR agency outline 5 key pieces of advice on how to avoid damage to your brand and handle a difficult situation gracefully.

When dealing with a cyberattack, companies face a difficult choice: should they take responsibility for what happened – or portray themselves as victims of external forces? Both strategies have a concrete chance of backfiring: taking full blame can signal incompetence, while playing the victim card can be perceived as trying to evade responsibility.

Research shows that communicating openly about being a victim of a cyberattack can often help the audience understand the situation and even spark compassion – especially if the company simultaneously shows empathy and decisiveness. In a crisis where the personal or financial information of clients and other stakeholders might be at stake, choosing the right words and tone is at least as crucial as ensuring the technology is working again.

5 pointers for getting the message right:

1. Don’t compromise your credibility: If the public perceives that the attack is due to internal shortcomings (e.g., weak IT security), not acknowledging the situation and playing the victim can backfire. Take clear responsibility for what has happened – and at the same time, show what concrete steps you are taking to prevent it from happening again.
2. Authenticity evokes sympathy: When correctly phrased, openness about being subjected to an attack can evoke understanding. However, steer clear of complaining or taking a defensive posture – facts, empathy, and accountability are key.
3. Different target audiences, different reactions: Customers, investors, and the media react differently. Therefore, it is important to carefully consider – and preferably test – messages before communicating broadly.
4. Consider your reputation and standing: Companies with a positive reputation, such as non-profit organizations or companies with a strong sustainability profile, find it easier to evoke sympathy as the victim of an attack. If your reputation is not positive, the strategy is much more precarious.
5. Timing and transparency are crucial: Quick and clear communication can mitigate the consequences – but too much or too little information can prove harmful. Say what you know, what you don’t know, and what you are doing to find out the rest. Avoid speculation, show that you are taking action.

Communicating correctly after a cyberattack is about maintaining trust – and even survival. Today, the public and the media understand that even a responsible company can be affected, but they do not accept excuses. That is why assuming a serious, proactive, and responsible role is crucial – passivity or defensiveness are a sure way to damage your reputation.

Would you like to read more about the research behind this? Here is the researchers’ article.

Would you like a robust response plan for a cyberattack – or to respond to a cyberattack that has already occurred? Contact us at the PR agency.