How to PR your way through a cyber-attack

New research from UK-based internet service provider, Beaming, has uncovered that cyber-attacks on UK businesses have increased by 30% in the first quarter in 2020, compared to the same period in 2019.

It is too early to tell just how much the Covid-19 pandemic has contributed to this rising statistic, but evidence would suggest it has. Italy, one of the countries most affected by the virus at the beginning of the outbreak, saw a spike in attempted cyber-attacks at the same time as the Covid-19 outbreak, notably targeting employees who had started working remotely.

Cynet, a leading cybersecurity technology firm who specialise in breach protection, ran some research which revealed that in March 2019 just over 20 cases of phishing were reported in Italy, whilst between 15th February – 15th March of this year, over 70 cases have already been recorded.

Switching focus back onto the UK, we’ve seen two of the biggest businesses on the block taken down by cyber-attacks in just the last week alone. First, Elexon who control Britain’s energy system fell victim to an attack – thankfully, the key system used to govern the electricity market wasn’t affected.

Whilst just last week, easyJet admitted that they were hacked in January and travel details of nine million customers were stolen, which included over two thousand customers who also had their credit card details “accessed”.

There’s no questioning it, cyber-attacks are on the rise. Maintaining your reputation during a pandemic like this is crucial, so, when it comes to an unsuspecting business who finds themselves a victim of an attack , possibly with a data breach, how can they make sure that a crisis doesn’t turn into a PR disaster?

We’ve taken a look at five key focus points that should be at the heart of your crisis communication strategy, if you do find yourself in this position.

Swift response

As soon as you’re positive that your company has been attacked, time is of the essence to communicate what you know with your customers. Even if at the time you don’t have all the details, you still need to let your customers know that you are aware and monitoring the situation.

This will help maintain trust with customers and help to quash any rumours or untrue stories emerging on social media or in the press. And although consumers might be disgruntled and worried about their data, in the long run they will appreciate you being upfront with them.


Identify within your business who are going to be your key spokespeople. Where possible, the response should be fronted by the most senior figure – a CEO or Founder – who has always been the face of the business, to maintain consistency and demonstrate strong leadership and responsibility. Do ensure however that they fully understand the situation completely before putting them forward for interview.

Whether it is one spokesperson or, as can sometimes be the case, a whole team of people who are being thrusted into the media spotlight to answer questions,, make sure they have all been correctly briefed beforehand and they understand what they should and shouldn’t be saying. One further point on this is that if you have multiple spokespeople, make sure they are all united in what they are saying in their responses – consistency is key.


Regardless of how the attack was allowed to happen, as a business you must clearly demonstrate sympathy and support towards your customers.

Whether you are making a statement on TV, radio or on your businesses’ social media channels, it’s an opportunity to show your customers that you value their privacy and are concerned about how the data breach took place, and will do everything you can to make the situation right. Make a commitment to finding out how it happened and make it a priority to improve security so that it cannot happen again.


In 2020 it is so easy to share content and communicate updates with your consumers and the public. There really isn’t an excuse as to why you can’t keep your consumers informed throughout the process. Don’t just use one channel to communicate your message though, make sure to use all the social channels you normally would, to ensure your message is seen by more of your audience regardless of how they usually interact with your business. Ensure what’s on your social media channels regarding the attack and your response is communicated on your website, and vice versa.

Learn from the past

Finally, once your crisis is over, it’s imperative that you reflect on it and how it was handled. Were you communicating quickly and clearly enough? How did your customers react to your statements? Are there any details you should have shared earlier or differently? In reviewing what happened, you can create a pre-emptive crisis communications plan to future-proof yourself, so that everything is in place to react quickly and smoothly if a new crisis does occur.  This plan should include things like: a ‘chain of command’ regarding who communicates what and who needs to approve content before it’s released publicly, template crisis statements that you can tweak to fit the specific situation, an FAQ document, and any other potential scenarios that could arise.

Would you like to talk through your media relations crisis strategy with an industry expert? Get in touch today to find out more how we can prepare you for the worst.

Get in touch with the team