Hackers claim they have breached a large company and stolen millions of sensitive files. The victim initially stays silent, then denies any breach. Journalists receive evidence confirming the hack, yet the tech company insists it is not as it appears. Onlookers are confused and suspicious: is the company justified, or merely stalling?

Days later, the company emails customers with a vaguely worded confirmation of a data breach, lacking details. The message downplays the incident using ambiguous technical language to soften the admission. The company assures users it is nothing to worry about, but concerns persist. Was this a notifiable breach? Is my data affected? Answers should be straightforward, yet in many real-world cases, they are elusive.

Welcome to a world where truth collapses under disinformation, hearsay, and claims and counterclaims. Nobody knows what to believe, which might be the point. However, evasion and denial carry costs.

Playing for Time
From the breach report to acceptance, two weeks elapsed, leaving customers uninformed and at risk. Attackers exploited stolen data freely . Speculation wasted time, and social media amplified reputational damage. This imaginary example is a blueprint for poor cyber incident handling. Suffering an attack is not failure, but denying it has occurred against all evidence, then admitting it later, erodes trust long-term. What can organisations learn to improve their responses?

Breach Response Playbook: A Guide to Smart Communication
Cyber attacks burden today’s digital economy. As organisations move their operations online, this offers numerous opportunities for criminals to breach their infrastructure, which is one of the key reasons why cyber crime is surging today. Criminals gain more targets, fuelling cyber crime growth. Defending through continuous monitoring and state-of-the-art security tools is vital, but preparing for breaches and knowing obligations is equally important.

Here are best practices for managing and communicating cyber attacks:

Transparency is Paramount
Transparency builds trust. Communicate clearly and promptly if a breach is suspected or confirmed. While not all information can be publicly shared, it’s best to let shareholders and customers know upon breach discovery, especially if they could be impacted.

Don’t Deny Unless Absolutely Certain
Avoid blanket denials unless 100% sure no breach occurred. Premature denials damage credibility, undermine security perceptions, and expose stakeholders. Often, it is better to stay silent until understood, or state that claims are being seriously investigated.

Run Forensics to Understand Scope
Running effective forensics quickly is essential, as this is critical to understand how attackers got in, what they touched, if they are still present on the network and what needs to be done to mitigate their access.

Inform Regulators
Understand the regulatory requirements for reporting personal data breaches for all the regions the business operates in. In the UK, it’s essential to report personal data breaches to the ICO within 72 hours; failure invites fines and added costs.

Have Well-Rehearsed Incident Response Plans
Maintain rehearsed plans for response, recovery, and service resumption. These should allow service disruptions if needed, with technologies configured for worst-case scenarios and strong detection.

Provide Informative Updates
Provide timely, accurate updates to customers, partners and investors. Don’t leave stakeholders guessing and always ensure the information provided is applicable to the audience it’s being delivered to. Consumers don’t always need to understand the technicalities or how a breach unfolded and technical jargon will confuse them. Ensure communications are regular, informative and stamp out misinformation and speculation, which can cause reputational damage.

Document Everything
Document every action taken during the breach response. This helps with regulatory reviews, internal audits and post-incident analysis.

Learn for Future Survival
After the incident is resolved, conduct a post-mortem review. Identify what went wrong, what worked and how your security and response strategies can be improved. Assess successes, improvements, and strategy changes. Lessons learned should be holistic, not just negative-focused.

Cyber attacks are a reality in our connected world, offering criminals more vulnerabilities to exploit. Yet a breach need not be disastrous. Those delaying, denying, or deflecting face lasting consequences. Remember, breach response affects the long term beyond initial crisis. While public attention fades, effects linger. A breach is bad news but a weak response worsens it. Organisations that respond swiftly, honestly and strategically will emerge stronger.