Is your team ready to respond to a cyber comms crisis?

Cyber incidents are a growing risk for organisations across all sectors in today’s digitally-connected landscape. Comms team must be prepared for the possibility of a malicious hack, an accidental leak, or a phishing attempt that could not only impact their organisation’s reputation and bottom line, but also the trust and safety of their stakeholders.

To help comms teams with readying a strategy, Vuelio’s latest webinar ‘Cyberattack Crisis Comms’ offered an overview of the dangers as well as practical pointers on how to plan a response.

Watch the webinar recording here.

Read on for insight and advice shared by Vuelio’s Head of Insights Amy Chappell and Comms & Content Manager P-J Boyd.

Cyber crisis: A growing problem for organisations, across every sector

This has been a summer of cyberattacks for the UK retail sector, with high-profile stories surrounding the bad fortunes of a number of high street brands. But cyber crime isn’t just a problem for retail.

It’s a problem for the Government. ‘The battlements are crumbling’ was the summary from Public Accounts Committee chairman Sir Geoffrey Clifton-Brown when speaking on findings from the ‘Government cyber resilience’ report, which estimated that outdated IT systems make up 28% of the public sector’s IT estate.

Cyber crisis is a risk for public bodies, with the London Borough of Hackney, Oxford City Council, and Glasgow City Council all experiencing their own crises over the last few years. And these dangers don’t just come from outside of organisations (as highlighted by reporting around the Afghanistan Response Route – and what led to the need for its creation) – accidental leaks from within teams are also a possibility, and can lead to real danger.

Speaking to Panorama for its recent ‘Fighting Cyber Criminals’ report, Jamie MacColl from the Royal United Services Institute predicted that ‘‘If [cyber crime] continues on its current trajectory, there is probably the risk of a national emergency incident at some point’.

The National Crime Agency’s Suzanne Grimmer also had sobering words for organisations without a cyber crisis plan in place, warning that 2025 will be ‘the worst on record for ransomware attacks in the UK’.

To highlight the increasing risk, and the growing concern among the press and public, Vuelio tracked mentions of cybersecurity attacks in online news, on social media, and on Google Search over the last year:

As to be expected, the media, social media, and Google Trends lines all mirror each other — especially during high-profile incidents. Together, they indicate how visible this topic is across both public and press spheres.

Google Trends data can signpost whether an issue has broken through to mainstream public interest, and all three indicators sharply rose around the time of the UK retail cyber incidents. The message for comms teams is clear – a topic can move from a niche concern to a national talking point quickly… and that’s when your response needs to be ready, visible, and consistent.

And crises can spread. What we’ve seen repeatedly this year is that when one organisation experiences a cyberattack, the ripple effects often extend far beyond them.

We call this crisis contagion — not because the breach itself spreads, but because the fear of it does. Once a high-profile attack hits the headlines, media coverage quickly shifts from what happened to that company to what this means for everyone else like them. In Co-op’s cyber incident media coverage, M&S was name-checked in over 70% of articles — partly because M&S was the first victim and was referenced for context, but also because journalists were already telling the wider story.

It’s a pattern the Vuelio Insights team has tracked repeatedly in media analysis: one incident quickly becomes the lens through which an entire sector is examined.

And this has big implications for comms. Even if your organisation hasn’t experienced a breach, you might still be expected to comment, to proactively reassure, or to explain what protections you have in place.

This is where monitoring matters. Knowing what’s being said about your sector — and whether you’re being mentioned by association — helps you respond before a narrative takes shape without you.

What does the media want now, and which comms approaches are working?

When working on the Vuelio report ‘Retail cyberattacks & the UK press reaction’ back in May of this year, we found that over 70 requests related to cyberattacks and cybersecurity had been sent to comms people via the ResponseSource Journalist Enquiry Service since April. Interest in the topic has only grown—since the start of June, over 300 cybersecurity-related requests have been submitted by UK journalists researching stories.

Where the cyber crisis story sparked interest and press coverage in the national press, and business and technology trade titles earlier this summer, it has since been picked up by a variety of sector-specific outlets – from HR to maritime, travel and logistics to consumer lifestyle. The media will continue to care about this story, as will the public, and your stakeholders.

BBC Breakfast also featured one of the impacted organisations recently, inviting Co-op’s group CEO Shirine Khoury-Haq onto the sofa. Following write-ups showed that the interview struck the right tone: calm, transparent, and focused on both customer reassurance and action.

Here, Co-op was shown to be transparent, available to the media, and consistent with messaging — three qualities that our analysis shows make a big difference in the recovery phase of a crisis. This helped the organisation move the narrative forward, from ‘what went wrong’ to ‘how we’re responding’ — a transition that doesn’t happen on its own. It is driven by leadership and comms working in sync.

Comms checklist for a cyber crisis

1. Create a Cyber Crisis Comms Team
Define everyone’s roles and responsibilities in the event of a cyber crisis, and empower them with the information and tools they’ll need to do their job. You might not have a full team, you might be the only PR person at your organisation – make sure you have what you need before a problem arises.

2. Ready your assets
Press releases, spokespeople, and media lists – have templates ready to go, and know which sectors of the media your stakeholders will be paying attention to.

We have seen plenty of examples where press coverage has not only been neutralised when assets are easy to use and readily available, but also where publications engaged with tend to report more positively.

3. Assess crisis metrics that will work best in the heat of the moment
Which metrics are you regularly reporting on that your internal stakeholders will understand? And which metrics are relevant in a crisis, helping you contextualise coverage and, importantly, understand how the issue is playing out across the media landscape?

Set up a crisis coverage dashboard in advance to be able to quickly track coverage spread, tone, messages and social reaction as the story unfolds.

4. Keep your different stakeholders front of mind
One approach won’t work for everyone. Pre-segment your stakeholders and make sure your strategy will work for all of them.

Want more on mapping your stakeholders? Check out our previous webinar on building a stakeholder playbook and this downloadable guide.

5. Monitor for potential crisis
Track media and sentiment around competitors, regulators, and critical partners. Contagion risk is real — especially if your sector is being discussed as a whole.

6. Take a proactive approach to the press
Remember just how quickly journalists need to get their stories out – monitor how quotes are being picked up and make sure journalists that utilise LLMs aren’t using them incorrectly, or spreading misinformation with your spokesperson’s name attached.

7. Consider collaborations with other organisations working towards a more cyber-secure future
Like Co-op partnering with The Hacking Games – this can help to build back trust, highlight proactivity, and fight against a future of cyber crime.

8. Assess whether to proactively communicate your cybersecurity position
You may want to consider whether your organisation should proactively speak about cyber security, instead of waiting for a breach to talk about your commitment to it. With consumer trust low, transparency builds credibility – not with technical jargon, but with clear, confident messaging that shows leadership.

Get prepared: Extra homework for comms teams

It’s not all doom and gloom – there are plenty of resources to help you tool up for a potential cyber crisis.

– Check out the National Cyber Security Centre’s cyber essential scheme and get your organisation certified.
– Take notes from the NCSC’s ‘Guidance on effective communications in a cyber incident’
– Test your team on its readiness for a crisis – organisations like the PRCA, CIPR, and Polpeo offer crisis simulations and extra training.
– Monitor for potential issues before they arise: Knowing what’s being said about your sector — and whether you’re being mentioned by association — helps you respond before a narrative takes shape without you. Make the most of media monitoring solutions and media intelligence at your disposal.

Check out more Vuelio webinars for the PR and comms, public affairs, political, and media industries here.