#TEISS17: What to tell the media after a cyber security breach -TEISS® : Cracking Cyber Security
IoT / #TEISS17: What to tell the media after a cyber security breach
22 December 2016
It is imperative that businesses hit by data breaches speak to the media – but they must avoid making excuses for cyber incidents, according to a communications expert.
Speaking to Business Reporter ahead of TEISS 2017, Media Mentor course director Paul Murricane said that becoming defensive is “the main mistake any business can make”.
He compared the effect of a data breach to the fallout of the financial crisis for banks – trust in the affected organisations fades and they must fight to win it back.
“The only reason to speak to the media is to rebuild trust,” he said, adding that any attempt to provide an explanation “will sound like an excuse”.
“What the public expect to happen is that organisation will clam up and say as little as possible. That suggests to them that they are hiding something. To show that you are trustworthy, you have got to signal to the public that you are communicating.”
Murricane explained that there are three things all organisations must do if they are breached. The first is to “establish clarity” and acknowledge that they are taking the public’s concerns seriously. The second is to “put the record straight” by sticking to some carefully chosen facts and refusing to accept any speculation by the media.
“There will be a lot of misinformation out there,” he said. “People believe everything they read online or see on social media and therefore you have got to put the record straight. You have got to only deal with the facts.”
The last thing that affected firms must do is to be clear about what action they are taking, even if the first instinct of many legal teams is to stay quiet.
“You must not come across as being paralysed by the situation,” Murricane said. “You do have to communicate, and if you phrase it in the right way you will not admit blame or guilt but you will position yourself as sorting it out – being part of the solution, not the problem.”
This might seem a lot to consider in the aftermath of a breach, but good planning – even down to the level of specific phrases for spokespeople to use – can help businesses to deal with an incident effectively and come out on top.
“Always remember that in a media interview, the questions aren’t that important. Your answers are important,” Murricane said.
See Paul Murricane speak alongside other industry experts at The European Information Security Summit 2017, taking place in London in February.