Bez kategorii

Cyberattack is a PR crisis: how to manage communication during data breaches

Explore the shift in hackers' targets from financial data to communication systems, and the critical role of PR in managing the fallout of these cyberattacks.

Zaktualizowano: 2025-11-19

When Hackers Attack Communication

Traditionally, cyberattacks were an issue for IT and security teams. Today, hackers have discovered something more valuable than financial data: communication systems. In the past year, 40% of attacks on companies targeted PR and communication systems directly—to maximize reputational damage.

In the first quarter of 2025, the UK recorded 769 cyberattacks out of a total of 3,081 security incidents. However, the numbers don’t tell the whole story—they show a strategic shift. Instead of stealing bank data (which may be insured), hackers now seek emails, internal documents, and investor communications to expose publicly.

IBM’s study indicates that during a cybersecurity crisis, PR and security teams often remain in conflict. PR pushes for fast, transparent communication, while security prefers to keep cards close to the chest to buy time for investigations. This tension can cost companies thousands of negative media reports.

The Golden Period Rule: 72 Hours Are Critical

When a data breach occurs, the first 72 hours are crucial. Why? Because how the incident is perceived in the following years depends on the narrative told during those first three days.

FTI Strategic Communications analyzed 150 cybersecurity crises between 2020 and 2025. The findings showed: companies that issued a full press release within 24 hours experienced on average 40% less negative media coverage in the month following the incident.

Companies that waited more than 72 hours allowed the media to shape their own narrative—usually one of confusion and cover-up, rather than decisive action.

Case Study: When Communication Saves a Company

In 2024, a large global retail chain experienced a data breach affecting 45 million customers. Within 18 hours (faster than the legally required 72 hours), it issued a detailed statement explaining:

  • What happened (type of data)
  • When it was discovered (exact date)
  • What immediate actions were taken
  • What customers can do (practical advice)

The result? Shares dropped only 3% on the first day—while in similar cases without rapid communication, drops ranged from 15–20%.

In contrast, another chain waited five days before issuing a statement. By then, media coverage focused on the “mysterious silence.” Even when the truth was finally revealed, the narrative was: “the company is hiding the truth about the breach.” Shares fell by 28%.

Communication Challenges: What to Say and What to Avoid

The Chambers and Partners guide on cybersecurity crises shows that PR teams must balance three competing goals:

1. Transparency for the media – The media want concrete numbers. How many customers were affected? What data was exposed? What risks do they face?

2. Security – don’t disclose attack vectors – Although the media demand details, revealing the method of attack can help other hackers.

3. Legal protection – avoid admitting fault – Admitting responsibility can be PR beneficial but may be used against the company in legal proceedings.

This requires collaboration between PR, legal teams, and security. PR News emphasizes that the best companies already have a crisis communication plan prepared—not created on the fly during a crisis.

Practical Steps for PR Agencies

For PR advisors, preparing for a cyberattack means:

Before the incident:

  • Build relationships with key IT and security industry journalists
  • Prepare a press release template (with fillable fields)
  • Identify all stakeholder groups (customers, investors, employees, regulators)
  • Develop communication plans for each group

During the incident:

  • Send the first statement within 4–6 hours, even if it’s only a confirmation of the incident
  • Provide daily updates (if new information emerges) or confirm none is available
  • Prepare media materials (factsheets, bios, interview availability)

After the incident:

  • Communicate remedial actions (over months or years)
  • Report to regulatory bodies as required
  • Security Magazine points out that ongoing security communication shifts the narrative from “we were attacked” to “we are learning and becoming safer.”

Building Trust After a Breach

The toughest phase for PR is post-breach—when trust must be rebuilt. Effective is consistent communication across multiple channels—press releases, customer emails, blog posts, social media, interviews.

Companies that manage this well can even turn a cyberattack into an opportunity to showcase their values—transparency, security, and empathy.

Udostępnij: