By: Gareth Lloyd, Cyber Security team
When cyber hackers aim the crosshairs at any high-flying corporation, it never takes long for the frantic “Mayday!” call to reach newsrooms.
Cyber attacks are a big deal for publications because they fill column inches like any natural disaster or political scandal. Hacks treat journalists to not one, not two, but three stories: A trio of chapters belonging to a bigger narrative that unfolds over days, weeks, months or even years.
The newscycle of any data breach never halts at the first headline. There is always wider public interest in the motives behind the attack, before an inquiry about the fortunes of the company (and its stakeholders) in question.
For businesses rattled by ransomware, the novel-like lifespan of a cyber hack can feel like prolonged agony - with the firm suffering reputational damage on top of financial harm. But understanding the newscycle of a hack empowers businesses to implement the correct PR strategy at the pertinent moments - mitigating the overall harm, managing expectations, and ultimately rescuing a brand name from being dragged through the mud.
Here’s how the three-part story typically develops…
Chapter One: Breaking News
The most jarring moment for a business isn’t always the hack itself - but the media attention that arrives hot on its heels.
Sometimes, news of an infiltrated system will be leaked to journalists. On other occasions, a member of the public will report visiting an infected site, or receiving a spam email. Hackers themselves have also been known to shout about their handiwork across social media platforms before the media have even had a chance to discover it.
As the headlines leave a breached company in hot water, the crisis management teams both internally and from PR agencies are summoned into action. Damage limitation is required here - as affected companies are flooded by further journalist enquiries hungry for more information. Honesty, integrity and cool-headedness is required to make it through the storm.
This first step of the newscycle is often the one that travels furthest, with some publications moving on to other stories when the initial furor dies down (particularly if the breach is only partially successful or shut down at the first attempt).
But in most instances, journalists will want to dive deeper - writing another chapter that explores why the hack occurred and what this will mean for the business.
Chapter Two: Reflection and Analysis
After a company is brought to its knees, everyone begins to ask the question: How did this happen?
Hiding the attack from the public is immoral and even illegal - but an immediate, panicked, divulge-it-all statement containing too many details can cause just as many problems.
For example, new laws issued by the Security and Exchange Commission in the USA require any company hit by a cyber attack to report it within 96 hours - or risk further punishment at the hands of the government. However, this has led to backlash from cyber experts - who have pointed out that it can take far longer than 4-days to truly understand what the breach has done, how it has impacted the business and what the ramifications will be. Rushing to announce an attack to the wider world could - in theory - cause more harm than good, as it may expose a vulnerability in software that others could exploit.
Effective PR is necessary in these instances to determine which details are necessary for public disclosure and what still requires further consideration. Those affected by any data leak, for example, need to be told. But publishing details of the access points in which hackers used to open the door is just akin to copying a bunch of keys for more cyber burglars to target other firms.
Chapter Three: Recovery and Impact
Once the worst is over - the cyber attack story moves onto how a wounded business is going to find a way to return to action.
Often, the recovery process can take much longer than anticipated. Take the example of The British Library - a seemingly odd target for hackers but proof that absolutely everyone is at risk - which is still gingerly attempting to restore itself to full fitness following a breach way back in November 2023. A statement on the official website admits that “disruption to certain services is expected to persist for several months”.
It is during this phase that institutions need to make a decision about what they are going to say to journalists about their recovery and what the true impact on their consumers has been. Again, executing the right PR approach in these instances is vital - and in every case it is valuable for businesses to consider two key questions: What did we learn? What can be done to stop this from happening again?
Every breach is different. Some are performed for monetary gain, others just to prove a point.
But most cyber experts continue to endorse the same ideology: Don’t wait for a hack to happen, act like you already have a target on your back, and exercise the utmost caution with regards to access and security.
Assuming the worst can often result in the best case scenario should a hack occur. And if the cybersecurity thought leaders are to be believed, it almost certainly will hit your business at some point soon.