close

Vuelio Blog

You are here: Home / PR / ‘Cyber crisis is a completely different animal’: Advice on planning a c...
Back to all

‘Cyber crisis is a completely different animal’: Advice on planning a cyber secure comms strategy

September 4, 2025 by
/ /
Preparing for a cyber crisis

‘The thing to remember: it’s not a normal crisis’ – that’s Joanne Gill’s advice for comms teams. And Joanne would know: her organisation Cyber Crisis Readiness & Response is geared towards helping comms teams who are faced with cyber security crises.

And in today’s climate, every comms team is at risk. Any organisation with an internet connection could be subject to a cyber attack, a data leak, or a deep fake of their c-suite in today’s climate of increased danger. According to Panorama report ‘Fighting Cyber Criminals’, there were an estimated 19,000 ransomware attacks on UK businesses in 2024, and that number is only set to grow.

‘You have to have a separate part of your crisis comms plan, a separate process, a separate mind map. Don’t fall back on your usual muscle memory, because it’s not going to work for you,’ adds Joanne, who equips organisations across the UK with the confidence to withstand and recover from the dangers of a cyberattack.

Read on for what to learn from recent crises that hit the headlines; practical steps for getting started on your plan; and where comms can get particularly complicated…

Lessons to learn from the 2025 summer of cyberattacks

‘All comms teams need to be prepared for something like this to happen to them, and other organisations in their sector. Identify stakeholders, have statements that are ready to go,’ advises Joanne.

Cyberattacks are on the rise

‘The key thing that’s different with a cyber crisis is, how do you actually distribute that? If all of your systems are down (for example, M&S had to revert to pen and paper), how do you distribute your statement to journalists?

‘There’s that added complication of having a distribution list that is not attached to a system which might go down. Ask yourself – do I know how I’m going to contact people? Where am I keeping that information? If I’ve got a crisis communication plan, do I have a paper copy of that? Do the people who are involved in that have a paper copy of it? And how are we going to communicate and actually do our jobs, get approvals for things that we put out when our systems are all down?’

Cyber crisis versus crisis

‘The additional element with a cyber crisis is that you need to be a good corporate citizen. With a cyber crisis, you’re not the sole victim. Your suppliers are potentially victims – it’s going to cost them money, one way or another.

‘All the usual things that you would do in a crisis need to be considered – how do we shore up the reputation of the company? How do we reassure people? How do we say sorry? But you also need to also look at how to be a good corporate citizen, preventing further harm to all of the people who are in your business ecosystem.

‘That is about communicating with CISOs (Chief Information Security Officers), telling them what the solution is to this problem, and how they can prevent contagion to their own systems. You’ve got a whole load of communication that has to happen before anybody even thinks about what to say to the media.

‘The media isn’t going to drive how a company recovers. That’s going to be how you deal with your stakeholders – the media is just a route to communicate with those stakeholders.

‘A cyber crisis is a different animal to other crises.’

Practical steps for planning your response

‘Ensure that you have those stakeholder distribution lists and that you’ve done some analysis in advance about who you need to communicate with, and what to do if all your systems are down.

‘Make sure that you’ve got all of the suppliers, all of your ecosystems, chief executive security officer details so that you can contact them, so your technical people can write to them. And that’s very different messaging to that of reassuring your customers.

‘It’s about segmenting, making sure that you’ve got that information available outside of your usual systems.’

CEO statements: Always a solid comms strategy?

‘As a comms team, you know whether your chief exec is somebody that you want to put forward – it’s what companies traditionally do for crisis comms. You do the media training, emphasing the need to be apologetic, to be empathetic.

‘But I don’t know… the other element with cyber issues is that the more content you have of your senior team in the public domain, the more opportunity there is for criminals to use AI deep fake tech. To do some social engineering, and then use that to get access to your systems. Nobody is going to argue with the CEO if they call a help desk in the middle of the night and say “reset my password”.’

Extra complications to consider

‘It’s so complicated because you’ve got things like GDPR, there are potential fines coming further down the line. Cyber crisis is a multi-layered, complicated thing.

‘Comms teams who come into this thinking that it’s going to be like a regular crisis will come unstuck very quickly.’

For more on planning your strategy, watch Vuelio’s webinar ‘Cyberattack Crisis Comms’, or read our overview of the key points covered here.

Leave a Comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Post Comment

Try it for yourself

See what Vuelio can do for you with a free demo. Request a call back using the short form below


Request a demo
Get Pricing
0203 426 4125

Request a Quote

Contact our representatives for a customised quote or alternatively take a few moments to fill out the short from below.