Skip to content
iQ 360
An integrated communications agency
360
  • Home
  • Our Work
  • Capabilities
  • About
  • Join Us
  • Blog
  • Contact
We build + protect reputations

Cybersecurity Extends Beyond the IT Department

10.12.22 | by iQ Staff
  • Share via
Communications, Crisis Communications, PR
  • Share via

Technology is always changing. We’ve updated this article to reflect the latest best practices. (Originally published on October 14, 2020.)

The U.S. Department of Homeland Security and the National Cybersecurity Alliance have designated October as National Cybersecurity Awareness Month, and cybersecurity is currently top of mind for companies spanning virtually every industry. Unfortunately, communicators know that when it comes to data compromises, it isn’t a matter of “if” but “when.” It is never too early to think about how your company will communicate both internally and externally in the event of a breach.

A recent survey queried business owners and IT professionals about their 2022 cybersecurity plans, priorities, and budgets. Findings include:

  • Only 50% of U.S. businesses have a cybersecurity plan in place
  • Of those, 32% haven’t changed their cybersecurity plan since the pandemic forced remote and hybrid operations
  • The most common causes of cyberattacks are malware (22%) and phishing (20%)
  • Cybercrime cost U.S. businesses more than $6.9 billion in 2021, and only 43% of businesses feel financially prepared to face a cyber-attack in 2022

Cybersecurity communications often gets lumped in with crisis communications given the urgent nature of a breach and the heightened potential for high-profile reputational risk. However, when a company is compromised from a cybersecurity standpoint, the communications team will likely need to engage with an entirely different universe of players and may need to trigger additional protocols.

 

“…when a company is compromised from a cybersecurity standpoint, the communications team will likely need to engage with an entirely different universe of players and may need to trigger additional protocols.”

 

Think through your cybersecurity communications strategy in advance. Use your existing crisis communications approach as a base, and layer on a cybersecurity-breach framework with the additional details. Keep the following in mind when tackling your cybersecurity communications preparedness plan:

 

Potential Scenarios

Sit down with your CISO (chief information security officer) or CSO (chief security officer) and discuss the possible scenarios that pose a threat to your company. Think through each possible threat and identify the internal and external audiences who will be impacted. Whose data was compromised? Your colleagues on the technology side (led by your CTO), might already make it a practice to run through these scenarios to test their systems infrastructure. If possible, get a seat at the table for the next drill to be more familiar with the teams and the protocols.

 

Legal Obligations

A cyberattack could trigger a host of disclosure protocols that the communications department will not fully understand without talking to the legal department. Does law enforcement need to be notified? Is it a ransomware attack, and can the criminals be tracked? Is the breach part of a larger campaign being perpetrated globally? What are the guidelines in terms of public disclosures? What is the timeframe for notifying customers during an investigation? Think through these questions now because when the breach is upon you, some actions will have to occur immediately.

 

Tech-savvy Spokespeople

Cybersecurity attacks could merit positioning spokespeople who are not typically the face of the company in a crisis. The CISO may be better suited to field technical questions and concerns about the future security of the company than the CEO. Or, it may be best to utilize both the CEO and the CISO depending on the media outlet and the gravity of the situation. Prepare spokespeople in advance who can address the technical security questions. This means formal media training, and also engaging in low-stakes practice interviews as often and as early as possible. You don’t want the spokesperson’s first interview to be the one where everything is on the line.

 

Vendor Relationships

It is likely that your company’s threat management, detection, and response initiatives are bolstered by a team of vendors behind the scenes. Be aware of these entities and how they work with the technology experts at your company. It is likely that these vendors will be major players when something goes wrong, and you’ll need to understand the relationships and, in some cases, have a point of contact there to coordinate and clarify messaging for internal and external communications.

 

Conclusion

A solid cybersecurity communications strategy is one of the most important weapons you have to deal with an attack. Be prepared by taking your crisis communications plan and training to the next level. Be knowledgeable about the players and protocols to stay one step ahead of the inevitable data breach.

  • Share via

Top Picks for You


March 29, 2023

iQ Interview Series: Marie Kennedy on Corporate Boards and DEI →

February 15, 2023

2023 Super Bowl Commercials: Our Top Picks →

Post navigation

 Calling All ESG Moderates
Embracing ESG in a Weakening Economy 

Categories

C-Suite
Tactics & Tips
Visual Communication
iQ Insights

Must Reads

March 11, 2020

Communicating During Times of Uncertainty →

April 15, 2020

Why Internal Communication Should be Your Top Priority →

October 9, 2019

The Real Value of Diversity in Marketing →

Stay in the know with our quarterly newsletter
Loading...
iQ 360

We believe in the power of communication to change the world

808.536.2729
Privacy Policy | ©2023 iQ 360 Inc. All rights reserved.
We are a certified minority- and woman-owned business.
iQ 360

We believe in the power of communication to change the world

808.536.2729
Privacy Policy
©2023 iQ 360 Inc. All rights reserved.

We are a certified minority- and woman-owned business.

Privacy Policy

Last updated on June 5, 2018.

 

This privacy policy explains our collection, use, disclosure, retention, and protection of personal information collected through our website, www.iq360inc.com (the “Website”).

 

  1. Information We Collect

We collect personally identifiable information about you, including your name, email address, and phone number, when you send an inquiry to us on the contact form on the Website.

 

  1. How We Use Your Information

We will use your information only to respond to you regarding the reason you contacted us. We will contact you by the means by that you have consented to us contacting you, as you indicate when you submit an inquiry to us via the Website.  We will not share your information with any third party outside of our organization.  We do not send any promotional emails; however, we may contact you via email in the future to tell you about changes to this privacy policy.

 

  1. Cookies

 

  1. Storage of Information

Personally identifiable information that you submit to us via the Website is processed and stored, if at all, in the United States.  We will not keep your personal data for longer than is necessary for the purposes for which it was collected.  We determine the retention period based on the purpose for which the information was obtained, our legal obligations, and our technical and business requirements. 

 

  1. Your Access to and Control Over Information

You have the right to opt out of any future contacts from us at any time. You may do the following at any time by contacting us via info@iq360.inc.com or 808-536-2729:

  • See what data we have about you, if any.
  • Change/correct any data we have about you.
  • Have us delete any data we have about you.
  • Express any concern you have about our use of your data or if you feel that we are not abiding by this privacy policy.

  

  1. Security

We take precautions to protect your information. When you submit sensitive information via the Website, your information is protected both online and offline. Only employees who need the information to perform a specific job (for example, customer service) are granted access to personally identifiable information. The computers/servers in which we store personally identifiable information are kept in a secure environment.

 

  1. Updates to This Statement

This privacy policy may be subject to updates.  Any material future changes or additions to the processing of personal information as described in this privacy policy affecting you will be communicated to you through an appropriate channel.  For example, we may email you to let you know about updates to the privacy policy.

 

 

Subscribe

Emails collected through this form will be used for marketing and business updates. We are the sole owners of the information collected on this site. We only have access to information that you voluntarily give us. We will not sell or rent this information to anyone. You may opt out of any future contacts from us at any time by contacting us via the email address or phone number given on our website. Please see our privacy policy for full details.