top of page

Planning for cyber-crisis communications

  • Writer: Kristin Dispenza
    Kristin Dispenza
  • Jun 13
  • 3 min read

Cyber-crises are a unique type of crisis and therefore require specific steps during your organization’s crisis planning.


You’re probably aware that AOE encourages all organizations to develop a crisis plan—a guidebook that can lead your team during an unforeseen situation that has the potential to impact your reputation and/or operations. (For more on general crisis planning, read our FAQ sheet here.)


A wide range of disruptions can be considered crises. But special considerations come into play when you’re dealing with a cyber-crisis.


All the usual recommendations apply. You'll need to be sure your crisis communications are set up to be transparent, concise and factual. They will need to have a focus on people and reflect your organization's core values. To ensure this happens when it’s “crunch time,” your planning phase should include assembling the team, considering the channels you will use to announce your messaging, and creating building blocks such as templates and example Q&As. Since cyber-attacks generally affect a broad group of people and include potential security risks, however, there are a few specific things you should do to prepare for this type of crisis.


For any cyber-crisis, the key is to regain trust, since security breaches can be very damaging to how your organization is perceived and how much it is trusted. To regain trust, frequent, thorough communication is the key. Your organization should be the first to announce the crisis, not be caught reacting to announcements that come from the outside. Plan on sending out a number of updates about the steps you are taking, even if the results aren’t visible yet. Make sure you consider in advance all the stakeholder groups you’ll need to communicate with, and draft content accordingly. Keep in mind, it is always important to own your mistakes (within legal guardrails) during any crisis, but this is especially true during a cyber-crisis.


Cyber-crisis planning deliverables

Most crisis plans will include creating drafts or concepts for social media, press releases, and staff updates. For a cyber-crisis, consider adding in a list of internal questions that will help your team navigate the technicalities. A strategy map can also help with this.


Consider in advance how detailed or technical your communications will be. It may not be a good idea to immediately announce specifics about the cyber-attack. One reason for this is stakeholders and the audience will not necessarily understand and interpret the information correctly. Another reason is that your organization’s leadership and IT team may not immediately understand the scope of the attack, opening the door for errors in early communications.


Unique to cyber crises, regulatory agencies such as The Federal Trade Commission (FTC), the Securities and Exchange Commission (SEC) and others will likely step in if you have an incident. This means team members responsible for communications will bear additional legal risks during a cyber-crisis and will need to balance these risks against maintaining transparency. It is a good idea, as you are developing your Q&A banks and preapproved statements, to consult with your legal department to get guard rails in place. This will ensure your outgoing communications don’t jeopardize your organization’s legal considerations.


Recovering from a cyber-crisis

There are three phases to any crisis: pre-crisis, during the crisis, and post-crisis. Pre-crisis is the time for training leaders and setting expectations. During the crisis, you will be implementing the playbooks you’ve created. It is the post-crisis phase that offers the opportunity to steer the organization’s culture and enhance its reputation. This is because there are lessons to be learned from any crisis. Steps can be taken to build out aspects of the organization, whether that means improving technical infrastructure, providing new services to customers, or building community relations. These steps are important not only because they rebuild trust…they are important because at the end of any crisis, your organization finds itself again at the pre-crisis stage of the next unforeseen event!


AOE has deep expertise in developing crisis plans and will work with you to help build optimal communications. For more information, reach out to us today.

Brian Gallagher

Marketing Committee Chair, National Steering Committee

"The 2025 Concrete Industry Management (CIM) Auction at World of Concrete shattered all previous records! Our partners at AOE were essential in helping the National Steering Committee promote the Auction. For more than 17 years, we’ve counted on AOE to help support our public relations, social media and marketing efforts to promote the Auction and the CIM program. The AOE team was, and continues to be, an important part of our success."

CIM social post image.png
AOE starburst logo.

© 2025 by AOE. 

View our Privacy Policy

Accessibility

  • Facebook
  • Linkedin
  • Instagram
  • Youtube
  • Spotify
bottom of page