Media engagement during a cyber crisis
Dealing with cyber incidents, from accidental outages to ransomware attacks, is an unfortunate reality for modern businesses. When things go south, however, it’s not just IT that needs to respond but the comms team. While communications during a cyber crisis need to include and account for all relevant stakeholders, one party needs a dedicated approach – the media. We explored this at our event at the Churchill War Rooms alongside law firm Taylor Wessing and journalists Nick Huber and Beth Maundrill. You can read the full summary here, or stick around for a deep dive into how to handle media engagement during a cyber crisis.
Responding to a breach in the media
Trade and national journalists are tremendously influential, so it’s crucial that cyber attacks are clearly communicated to them. If, when and how the media reports on a cyber event greatly influence public, partner and customer perceptions. Managing the media during such an event requires skilled spokespeople, consistent and clear messaging and, ideally, existing relationships with journalists.
How do stories of cyber incidents break in the media?
When breaches hit the headlines, the sources that journalists rely on can vary greatly. These include official reports from companies or authorities, messages from customers alerting them of incidents, social media, or even company insiders. Reporters will naturally look to verify these reports if they haven’t come directly from an official channel.
Journalists are especially wary of trusting claims about attacks that come directly from hackers themselves. Beth explained that hackers often claim attacks on their website or via social media, and while these claims can be valid, they usually aren’t. Hackers might generate fake data and claim it is stolen to extort companies. They might also make false claims about an attack, such as claiming responsibility for an attack or outage that had nothing to do with them.
After all, hacking groups like ransomware gangs are their own businesses – they have employees, KPIs, and their own reputations to consider. Journalists, therefore, need to be highly sceptical of these claims and not always take them at face value.
Three rules of media engagement around a cyber incident
So, what advice did our journalists have for companies engaging with the media during a cyber crisis? Beth suggested looking at specialist security companies who have suffered a breach themselves for examples of best practices. For example, LastPass suffered a major incident at the end of 2022 involving the breach of customer data and its internal systems. In response, LastPass issued several updates as the situation unfolded, giving a full breakdown of what happened. Its report included what happened, what data was accessed, what actions it had taken, and advice and guidance about what customers needed to do to protect themselves.
Beyond this, the journalists outlined three things to bear in mind.
Be accurate: Don’t share information or updates that aren’t true, including unintentionally. If you are not entirely sure of the facts, sharing details with the media that could later be found to be untrue can damage your reputation more than not saying anything.
Add value: When you respond, you need to say something – don’t just make empty statements. Tell the media and, by extension, the public what’s happened, how you’re dealing with the issue, and who’s affected. Nick advised brands to “give the impression you’ve got it covered” and suggested doing so was far better than not doing anything: “Silence tells its own story.”
Don’t panic: Finally, our journalists advised that while organisations should take these events seriously, they shouldn’t panic. Most large organisations have suffered some kind of cyber breach or attack in their history. Nick argued that it’s not the ‘badge of shame’ that it was a decade ago. So, respond swiftly and concisely, but don’t panic and send the wrong information or message.
Proactively engaging with the media
During a cyber crisis, the goal is often to manage or minimise media coverage as much as possible. However, when it’s business-as-usual, PR is crucial for building brand awareness and establishing a voice in the market to help you stand out from your competitors.
We asked our guest journalists what they’re looking for during the daily news cycle and how best to secure coverage in trade and national media outlets.
What stories are cybersecurity media looking to cover?
When engaging with the media, it’s crucial to be aware of the current stories and broader trends being covered across the industry. Trade and national press have distinct needs, but both are likely to cover significant topics and high-profile cyberattacks. Trade journalists, however, tend to delve into more technical details and engage with a broader range of issues. When asked about the key cybersecurity trends and themes they are looking to cover in 2024, our journalists pointed to the following topics:
Artificial intelligence
AI has dominated the headlines since the end of 2022 with the launch of ChatGPT. While it has enormous significance across many sectors, it raises unique questions and concerns for cybersecurity. Nick and Beth described the massive influx of AI-related pitches they are now receiving and advised PRs to ensure they aren’t just adding to the noise. Nick explained how he was “getting sick of weak AI bandwagoning stories.” He instead wants to hear about tangible AI developments for security and defence, but is finding good case studies challenging to come by – certainly something to bear in mind!
Law enforcement takedowns
As global levels of cybercrime continue to ramp up, security and prevention solutions can only do so much to halt the tide. This is why governments and law enforcement agencies are becoming more proactive, collaborating internationally to track down bad actors and disrupt operations. Just weeks after the event took place, we saw one of the largest-scale takedowns, ‘Operation Cronos’, bring notorious ransomware group LockBit to its knees. Infosecurity Magazine’s writeup of the story featured commentary from several spokespeople across the industry – showing the value of ‘news hijacking’ or ‘issues jumping’ for breaking news stories.
Ransomware
Ransomware has been ubiquitous across the industry for several years. However, as Beth put it, it “really isn’t going anywhere.” Alongside breaking stories of ransomware attacks, journalists want to hear about new developments in attack and defence, stats, and research that quantifies threat levels and industry trends.
The Golden Rule
Above all, says Nick, journalists covering cyber are looking for the same things as journalists in any other sector. They’re looking for stories. They need the ‘so what?’ that captures the attention of readers and moves the conversation forward. New angles, new perspectives, and new updates are critical. Nick used the analogy of buying a brown leather jacket. You won’t be interested if you’ve just bought one and someone comes to sell you the same thing. Essentially, don’t try to sell the media something they already have.
What types of comments do journalists want on a breaking incident?
When distributing reactive commentary on a cyber incident, our journalists’ first piece of advice was to know your audience. Nick and Beth write for different audiences – national and trade – so are looking for different things. With trade media covering the industry for the industry, you can afford to get more technical, but with nationals, it’s better to keep it high-level and tailored to a general audience.
Either way, both agreed that as journalists writing for any outlet receive such a high volume of commentary around attacks, statements, and spokespeople must have something to add to the conversation. This starts with ensuring you’re putting the right spokesperson forward in the first place – job titles matter here. It also means your comments must add value and move the conversation forward. Provide context (what’s happened), expertise (what does it mean), and a healthy pinch of opinion (what’s likely to happen next?)
What makes a good spokesperson?
Finally, what are journalists looking for from spokespeople themselves? What separates a ‘good’ spokesperson from a ‘bad’ one? Nick says that most subject matter experts will have excellent knowledge of what they’re talking about, but that’s not always enough. The key is that they can communicate well about these topics and explain complex situations in simple terms, which is particularly important for national publications. Losing the jargon and providing relevant examples, anecdotes, or even metaphors can help spokespeople come across well and stick in the mind.
So there you have it. To learn more about reputation management during a cyber crisis, particularly for internal stakeholders including customers, partners and employees, be sure to check out our full debrief of the event. If you want to learn more about how Babel can help with media engagement year-round, get in touch info@babel.com!
Holly Abbott
Senior Campaign Manager
