effective crisis comms

It is vital that every business, no matter how big or small, has a clear crisis communications plan in place for when the unthinkable happens. Cyber attacks can happen to any business – regardless of size. This is more relevant now in 2021 than ever before, as most businesses continue to operate remotely. Effective Crisis Comms is vital in a Cybersecurity Incident to mitigate against risks.

According to the National Cyber Security Centre, a cyber security incident is considered to be any adverse event that threatens the confidentiality, integrity, authenticity or availability of a network or information system.

While organisations are aware of GDPR and have operational structures in place to deal with a data breach, what is often forgotten are clear communication processes, and how to effectively communicate incidents to stakeholders.

From data breaches and malware attacks to email phishing and ransomware, while cybersecurity incidents may vary, the same fundamental crisis communications principles still apply. Here are our top tips to ensure your comms outreach manages and minimises any fall-out, without adding more fuel to the fire.

‘Failing to prepare is to prepare to fail.’

cyber attack data breach securityYou should always plan for the worst case scenario. An issue can occur at any time, from data breaches, employee issues and product/service failure to security problems and cyber-scares. Creating a cyber and data incident response plan can help minimise your reputational risk.

Top Tip:

Prevention is the best cure. A clear plan is the first step in preparing for a crisis. Having a plan in place means you have a guideline for you and your team to follow, to manage the issue and minimise the risk. Your plan should include names and numbers of your crisis team, media statement templates and a list of relevant audiences to be communicated with.

Mind your stakeholders

In times of crisis, communicating with the media is critical but there are other audiences you need to consider.

These include:

  • Staff
  • Investors
  • Suppliers
  • Consumers
  • Trade unions

In cases of a personal data breach, according to the Data Protection Commission (DPC), controllers are obliged to communicate to the data subject a personal data breach, ‘without undue delay’, where that personal data breach is ‘likely to result in a high risk to the rights and freedoms of the natural person’.

However, often it is not just “high risk” cases that need to be communicated to stakeholders. Depending on the situation, regardless of the risk level, it can be best practice to let your stakeholders know what has occurred and that you are dealing with it promptly.

Top Tip:

Ensure your crisis plan has relevant names and contact details for your stakeholders. This will ensure you can communicate with them in a timely matter, should the need arise.

Spokespeople and media training

Only the company spokesperson should speak in front of the media. If other staff are approached by the media, they should have a pre-prepared response ready, directing enquiries to the relevant person. Ensure that all communications are channelled through your PR and crisis comms team to the appropriate people, to control the situation.

Top Tip:

Crisis or none, ensure that you work with your PR team on media training for spokespeople. Springboard Communications regularly works with clients to prepare for interviews, identifying the questions that may be asked and discussing the most appropriate answers to those questions. And remember never communicate anything to the media unless you know it is 100% true.

Mind your social media

In times of a crisis, make sure that the digital team quickly removes any scheduled posts and ensure that you have a plan of action ready for any anticipated queries that may come your way.

Top Tip:

It is essential that you have a very clear social media policy in your workplace at all times. Staff should always be aware of what is appropriate to say online, on both company and personal accounts.


To find out more about  how to put a crisis comms plan in place for your business, contact info@springboardcommunications.ie or explore our range services. 

Post by
Susie founded Springboard in 2011, and has developed the business into a leading, director-led communications agency. She has worked for over 20 years in senior marketing and public relations roles.

For more stories like this sign up for our Insights newsletter ›



Join the conversation



Put a spring in your step, and sign up below to receive our newsletter

Springboard PR & Marketing
CRO 529581

15 South Terrace, Cork, Ireland
+353 21 4969000

The Greenway Block C, Ardilaun Court,
112-114 St Stephen's Green, Dublin 2
+353 1 8829983