Experts increasingly warn it is a matter of ‘when’ not ‘if’ a company experiences a cyber security breach.
More and more frequently, organisations across different industries are experiencing them.
And the threat seems to be unabating.
Transport for London (TfL) is the latest organisation to be hit by one.
The organisation, which is responsible for most of London’s transport network, revealed this week it was dealing with an “ongoing cyber security incident”, through a statement to the media and an email to customers.
Specific details about the attack have not been revealed, but TfL has moved quickly to reassure customers their information has not been compromised.
Before we get into the details of what it has said, I wanted to highlight something that stands out about its response.
During our crisis communication training courses, we discuss how organisations typically revert to their CEO to lead crisis responses.
But it is not always the best approach.
Sometimes, subject matter experts may be better placed.
Cyber security is complex. It is specialist.
So, it feels right that TfL’s response came from its chief technology officer, Shashi Verma.
He said: “We have introduced a number of measures to our internal systems to deal with an ongoing cyber security incident.
“The security of our systems and customer data is very important to us and we will continue to assess the situation throughout and after the incident.
“Although we’ll need to complete our full assessment, at present, there is currently no evidence that any customer data has been compromised. There is currently no impact on TfL services and we are working closely with the National Crime Agency (NCA) and the National Cyber Security Centre (NCSC) to respond to the incident.”
The language in the statement is a little dry, particularly the “security of our systems and customer data is very important to us” line.
But it contains examples of actions taken to resolve the situation. And overall, it is reassuring.
A similar response was issued to customers by email – a good way of ensuring it reaches as many people as possible.
TfL 'dealing with cyber attack' as National Crime Agency launches investigation The Standard
TfL hit by huge cyber attack as millions of commuters sent important update Daily Express
SECURITY BREACH Transport for London hit by cyber attack as National Crime Agency launches major TfL probe The Sun
However, here is the crucial crisis media management question.
If customer data has not been stolen, and there is no impact on services, do you need to tell people?
Does telling them there has been a cyber attack in this instance cause unnecessary worry?
Or is it an excellent example of breaking your bad news and looking to control the narrative?
This is an odd message from @TfL IMHO - your data is fine and everything is working fine, but here’s an email anyway 🤔 https://t.co/rV6u0sEpAD
— Troy Hunt (@troyhunt) September 2, 2024
Anyone figure out why Transport for London did the cyber incident disclosure? They're still claiming there were no disruptions and no data was accessed...
— MikeTalonNYC (@MikeTalonNYC) September 3, 2024
Transport for London is sending out generic emails to some customers stating an ongoing cybersecurity incident, but then reverting that no data has been compromised and no impact to TfL services. 🤔 What's the incident then?#tfl #london #cybersecurity
— 0ne-nine9 (@0ne_nine9) September 2, 2024
Organisations are often reluctant to break their bad news – it’s a fear of negative headlines, widespread media interest, and not being in control.
Those concerns are understandable – nobody likes admitting something has gone wrong. But there are many advantages.
Shape the story
Being proactive with your bad news can give you greater control of the story.
If a journalist approaches you about the incident, they already have an idea of what has happened. They may have picked up on rumours and speculation on social media or possibly have spoken to an employee. And you will be on the back foot.
But break the news yourself, and you are in the driving seat. You can own the narrative.
Credibility
Breaking your bad news creates an impression of transparency, openness and trustworthiness – all crucial values that shape public perception.
It also shows you they are not only prepared to communicate when you have something positive to say.
Care
Being proactive can help show your customers you care and are acting quickly to resolve the situation.
Staying quiet until someone else breaks the story does not help to convey these sentiments.
And appearing unwilling to share bad news can break trust.
Media attention
In some cases, being proactive with your bad news will lessen the media interest.
And in most instances, the faster you respond, the more heat you can take out of the story and start to take control.
Reporters will be less inclined to think information is being covered up and that there is more to the story than has been released.
They are naturally suspicious when they believe something is being withheld and will attempt to investigate further.
Breaking the news will also help you avoid questions about why information was not released earlier.
When a crisis strikes, you must move quickly to protect your reputation. There is little time for planning your responses, fact-checking, or ensuring you have covered all the crucial bases. So, when the worst happens, wouldn’t it be handy to have a checklist you can follow?
So, what about TfL?
Well, I think it is a cleverly worded statement.
Look closely, and you will see plenty of wiggle room if the situation escalates further down the line.
“There is currently no evidence that any customer data has been compromised” feels reassuring.
But it is not a guarantee. And if the investigations subsequently find evidence data has been exposed, TfL has skilfully avoided the need for an embarrassing climb down.
Media First are media and communications training specialists with more than 35 years of experience.
We have a team of trainers, each with decades of experience working as journalists, presenters, communications coaches and media trainers.
Click here to find out more about our crisis communication training courses.
