Beth Maundrill, Editor at Infosecurity Magazine, Jenny Davey, Partner at FGS, and Adam Speker, Barrister at 5RB, sat down to discuss the topic, “Protecting your reputation during a cyber-attack – a discussion on how to effectively manage your reputation during a cyber-attack to preserve relationships with major stakeholders via PR, communications and the courts”.
Here's some takeaways from the discussion.
Question 1: What are the top three things to keep in mind when communicating with stakeholders to protect reputation?
- Cyber is the number one most feared crisis as it hits businesses operationally, financially and reputationally.
- It is usually much worse than you think, so do not say too much, too soon.
- Never promise timescales for fixing a crisis (particularly key if customers are involved or there is a public impact).
- It is important to work in a joined up way - incident response should include legal, forensics and communications.
Question 2: Which stories are the media looking for?
- Beth explained that as a journalist, she is looking for the who, what, why, where, how and so what.
- Conflicting messages elongate stories for journalists, which is why communications around the incident are so important.
- Threat actors will use social media to tell their story. Remember that they are a business and operate as such, although do not believe everything they say.
- Think about the messages you are sending to different stakeholders - if you have communicated about a breach to customers, this becomes public information and is how journalists get their stories.
Question 3: When you are hacked, it amounts to a breach of confidence. And one remedy is an injunction. What is this and how useful is it?
Adam spoke about how there was a report by Beth or a colleague, and the headline was [company] goes to court to obtain injunction to stop threat actor disclosing documents – someone retweeted the article on X saying “good luck with that!” The general feeling is that hackers are criminals so they will not comply with an injunction.
Adam then ran through the reasons for obtaining an injunction:
- You serve the injunctions on third party websites that might be unwittingly hosting the data. A strong letter from Taylor Wessing might do the same.
- Put people off from going to look for the data – eg if litigation documentation might be tempting to look for it, but an injunction puts them off doing that.
- Pressure from staff, clients and stakeholders, as you can then say you have done everything including obtaining an injunction. This shows you will take any steps you can to protect the data.
- It is fairly straightforward to do as it's a clear breach of confidence.
Question 4: What shouldn’t you do in response to a breach?
- Cyber breaches are no longer unusual, so everyone is at risk. It is not what happens that defines you, but instead how you respond to it.
- Communicate in a timely manner what you know, carefully. The Crowdstrike issue led to lots of speculation about it being a cyber attack because they did not initially communicate what had actually happened.
- Consider the other stakeholders you are communicating with and whether one group has been informed before the others, which might cause tension.