Hospitals across the country were hit last week in what has been said to be the biggest ransomware outbreak in history.
Around 40 NHS organisations and some medical practices were affected, with operations and appointments cancelled.
But it was not an incident which was confined to the UK. Globally there were 75,000 attacks in 99 countries, including to the German railway network, Spanish telecoms and the Russian interior ministry.
The incident has put cyber attacks firmly on the media agenda and exposed cyber security vulnerabilities.
Understandably, much of the focus has been on what could have been done to prevent the attacks.
But it is also important to consider how organisations should handle the media interest in the event of something similar happening.
Here are our tips for managing a crisis media management incident caused by a cyber-attack:
Prepare
The starting point is to have a specific crisis media management plan. You should have an overall crisis communication plan, but dealing with a crisis caused by a fire, industrial accident, product recall or power failure is very different to managing one caused by a cyber-attack. Although some of the principles will be the same, it is likely that in a cyber-incident it will be less easy to determine exactly what you are dealing with. Breaches are often reported by people outside the organisation, immediately putting organisation’s in a reactive position, and they can take place over a long period of time.
Prompt
Once it is clear your organisation has become a victim of a cyber-attack, it is crucial you respond promptly to the incident to show you are aware of the issue. Even if there is little you can say at that point, it is important you confirm there is an issue and that your customers know you are working to understand and resolve the problem. This will help to position you as an authoritative source of information and help prevent rumours and conjecture. Acting slowly or with uncertainty, on the other hand, will cause you to lose trust.
Spokesperson
Think carefully about the spokesperson you want to put up in front of the media. Many organisations will naturally default to their CEO in a time of crisis, but does your CEO really know enough about IT security to get your messages across and withstand potentially hostile interviews? Do you want to expose their lack of expert knowledge? It needs to be someone senior, so perhaps the IT Director would be a better option. It is crucial your spokesperson comes across as both credible and knowledgeable. They need to have previous media experience and recently been on a media training course.
One voice
This does not mean you should only use one spokesperson – if media interest in the incident continues over a number of days you will certainly need more. But you need to ensure that your spokespeople deliver the same message.
Apologise
If customer data has been compromised, or, as in the case of the NHS incident, services they depend on have been affected, you need to start your media responses and interviews by apologising. Be sincere and human and show your customers they are upmost in your thoughts.
Blame
Don’t make excuses or blame others, such as third party suppliers in your media work. You are responsible for selecting these suppliers and working in the best interest of your customers. Blaming others also suggests controlling the incident and preventing it from happening again is out of your hands. Own the issue and take responsibility.
Informed
Keep customers informed both through direct communication and through the media and communicate regularly so they continue to see you as the main source of information throughout the crisis. Ensure you are open and honest with them
Channels
Use the same channels as your customers – if your customers are raising concerns and asking questions on Twitter, for example, it’s important you also use that channel to make them aware of what you are doing to resolve the problem.
Media interest
Be aware a journalist could contact anyone in your organisation for information about the attack. Make sure your employees know where to direct any media interest and are properly trained.
Media First are media and communications training specialists with over 30 years of experience. We have a team of trainers, each with decades of experience working as journalists, presenters, communications coaches and media trainers.
Subscribe here to be among the first to receive our blogs.
