January 2, 2020

A cyber security crisis plan is a smart New Year’s resolution

By Chris Forrest

As communications professionals begin a new year, inspired by resolutions to produce more engaging content or perhaps reinvigorate their approach to customer or employee engagement, it’s also a perfect time to take a good hard look at our vulnerabilities and exposure in today’s digital world.

What’s the plan if your website is held hostage? How will you communicate effectively with your customers and stakeholders if your social channels are hacked? What’s your response protocol if your supposedly secure customer data is accessed and shared with the public?

The state of cyber security in 2020

The capabilities and sophistication of cyber hackers only continues to increase – with devastating impacts to brand trust, costly ransoms paid out, and lawsuits for negligence and breach of privacy. In 2019 we saw continued and escalating attacks and exposures: Facebook had more than 540 million user IDs, account names, likes and comments exposed on a publicly accessible server; 200 million Epic Games Fortnite user accounts were accessed; the records of 15 million Lifelabs customers were compromised; First American Financial saw as many as 885 million files related to mortgages exposed; and the list goes on – from hospitals to department stores and government institutions.

It goes without saying that every organization should have a crisis communications plan in place that is regularly updated and rehearsed with senior leadership, but current trends warrant the addition of a special section on cyber security breaches. Agricultural and agri-food companies are particularly vulnerable as they often deal with sensitive customer data spread across remote branch offices and complex supply chains comprising dozens of stakeholders.

With respect to customer data and confidential business information, a cyber security breach is a specific type of crisis situation that requires immediate and professional communications management with support from IT experts. When properly managed, the impact from a crisis can be greatly mitigated and the duration of its lifespan significantly shortened. More importantly, crisis preparation and risk mitigation provide an opportunity for organizations to demonstrate leadership in protecting customer and business data.

Take the necessary steps to avoid a crisis

Your employees and partners should have a clear picture of their role in preventing a cyber or data breach – that includes proper password management, understanding when to flag suspicious communications to IT, and methods for sharing sensitive information. Ensure these policies are included in employee handbooks and refreshed with employees often to reduce vulnerabilities.

While you can work to lower your risk, we understand that breaches happen, and it is far better to have a detailed plan in place than to be left scrambling when a crisis does strike.

Developing a crisis communications plan

A cyber security crisis communication plan clearly outlines the roles, responsibilities and response protocol that will guide corporate action in the event of a cyber or data crisis situation. This unique area of crisis response requires close collaboration between your organization’s IT experts and their security vendors.

A cyber crisis plan should outline the following:

  • Audit of potential vulnerabilities and crisis scenarios (risk review and mitigation)
  • Roles and responsibilities of the crisis management team
  • Key audiences and stakeholders
  • Response protocol to route communications before, during and after a crisis event
  • Channels for communication
  • Sample holding statements
  • Platform for annual training, testing and review


As with any type of crisis that threatens an organization’s reputation, the guiding principles in the event of a cyber security breach should be to:

  • Respond immediately and efficiently to mitigate impact
  • Communicate all facts as early and as clearly as possible to all stakeholders
  • Ensure the safety of data that is held in our trust
  • Deploy all necessary resources to ensure the continuation of business activity
  • Be open, accountable and accessible at all times

As hackers and malware continue to seek new victims, those responsible for organizational communications should dust off the crisis communications plan to ensure it includes special attention to cyber-related incidents. Trust and reputation are invaluable in the corporate world. While we can’t always control whether we are targeted by those with malicious intent, we can determine how quickly and professionally we respond.

Need help with your crisis communications?

AdFarm communications specialists have successfully managed dozens of high-stakes crises in the agriculture and agri-food industry and regularly train companies in crisis management and response. Talk to Chris for more information on how you can make sure your company is prepared for the worst.