• Home
  • /Learn
  • /Post-Cyberattack Communication Plan for CISOs
background image


Post-Cyberattack Communication Plan for CISOs


As technology advances and more people join networks worldwide, the possibility of cyberattacks rises exponentially. The Global Cybercrime Statistics report states that in terms of monthly victims, the United Kingdom is number one with the most cases, followed by America.

Effective communication between CISOs and other team members is paramount when it comes to making informed decisions during a cyber incident. Although crafting an effective communications plan falls outside the direct scope of the CISO, it plays an immensely important role in cybersecurity preparedness. To ensure smooth communication post-cyberattack, CISOs should take proactive steps beforehand to ensure their teams are well-equipped for any potential incidents.

What is a post-cyber incident communication plan?

Cybersecurity incidents require careful coordination between in-house security professionals, an incident response team, and various external and internal stakeholders. Post-cyber incident communication can be verbal or app-based communication between different team members to contain the attack and respond to the threat. Although taking care of communication (through distinct channels) does not come under the purview of CISO, recent incidents have led security professionals and top business executives to believe that CISOs should consider post-cyber-attack communication in their planning.

Preparation against cyber incidents must include appropriate communication 

Communication is an essential part of exhibiting exemplary cyber preparedness. If a corporation experiences any attack, the security team must implement their incident response plan immediately and efficiently. This necessitates having proper communication procedures in place as a fundamental piece of one's incident response strategy; thus, CISOs must integrate suitable communication management into the plan for maximum effectiveness.

Eden Winokur, head of cyber at Hall & Wilcox, says, "Communications are a critical component of a good cyber strategy, and it should be prepared and practiced in organizations before an incident occurs."

He added, "Cyber is not just an IT risk. It is an enterprise risk, and a key part of cyber preparedness includes a communication strategy within the organization and with external stakeholders."

Since cyber incidents can pose severe damage to the enterprise, it is critical to engage with the right people, at the right time, who have thorough experience in dealing with cyberattacks. Bringing in experts to help help companies understand the implications of their communications and how the public or the media will receive certain things can be beneficial.

How communication support system is beneficial

After a cyberattack, businesses must ensure that their communication plan is comprehensive in order to communicate with different operational units and external teams smoothly. To help you prepare for such an eventuality, here are some of the operational units you may need to contact post-cyberattack.

  1. Contacting an outsourced Incident Response firm: Enterprises should immediately contact the third-party incident response firm chosen ahead of time to mitigate the issue.

  2. Contacting Cyber-insurance Company: The next company that should be contacted is the chosen Cyber Liability Insurance company (if applicable). Businesses can request advice on how to move forward. This will enable them to ascertain their insurance coverage, especially when accident costs amount to millions of dollars.

  3. Forensics teams: Enterprises often hire or outsource all forensics work to a third party. Some of the services they offer include analyzing compromised systems, restoring lost data, and helping enterprises understand how the attack happened in the first place.

  4. Communication to different stakeholders: Businesses have to ensure that their communication with all external bodies is clear, transparent and timely. Companies should share important information about the incident with customers and partners but must avoid revealing confidential information.

  5. Communication with customers, the media and other stakeholders: Keep the public informed with up-to-date information

  6. Cybersecurity firms: Once the breach or attack is over and systems are back up and running, it is crucial to reach out to a penetration testing company like Packetlabs to run a comprehensive pentest to identify all vulnerabilities so future attacks can be acoided.


Post-cyber attack communication is an integral part of successful incident response. It is vitally important that the necessary stakeholders are contacted promptly and effectively while still adhering to security protocols. This will enable organizations to promote positive public relations and gain customer and stakeholder trust. CISOs should ensure that post-cyber attack communication management is an integral part of their incident response plan to ensure the company's reputation remains secure.

Sign up for our newsletter

Get the latest blog posts in your inbox biweekly!