Five Golden Rules for handling a cyber-attack

Wednesday 17th May

Cyber attacks were headline news this weekend as the NHS was crippled by a Ransomware attack. So what should do you do if your organisation is hacked? Ellie Riddles explains Pagefield’s five golden rules for handing a cyber attack…


On Friday, news broke that the NHS and multiple organisations across the world were victims of a large-scale cyber-attack, which crippled 60 NHS trusts across England, Wales and Scotland and has caused ongoing disruption including cancelled operations and patients being turned away from hospitals. The NHS is one of a growing number of organisations who have been subject to a large-scale cyber-attack in recent years. One of the most high profile victims to date is TalkTalk, who in 2015 had sensitive data of 156,000 customers stolen, causing the company to lose £60m in revenue and over 100,000 customers as a result.

With so much at stake both cases demonstrate the importance of being prepared for a cyber-attack – not only from an operational perspective but in terms of communications. While tactics deployed hackers and the severity of an attack can differ significantly, below are Pagefield’s five golden rules for organisations to live by ahead of, during and after a cyber-attack.

  1. Prepare, Prepare, Prepare

This is the first and most important rule. Never presume that ‘it won’t happen to us’ and plan accordingly. Attacks vary significantly in terms of size and impact and often affect different people related to your business (such as customers, staff, shareholders) in different ways so plan for a range of scenarios.

For this process, it’s imperative to involve people from all aspects of the business. A cyber-attack will impact IT, HR, marketing and the senior executive team so all should be present and input into the communications planning process and ensure that procedures and statements are understood across the organisation.

  1. Work quickly to understand the scale of the problem

Unlike other traditional crises that affect organisations, an added challenge with cyber-attacks is that information about the full extent of the damage done may not be available for days, or even weeks. Indeed, the NHS is still battling against the Ransomware software that held its IT systems hostage five days after the attack happened. Working within these challenging confines it is crucial that you push internally for a full understanding of the problem as quickly as possible.

The worst-case scenario for an organisation is saying ‘you’ve identified and fixed the issue’ for it to turn out that the attack affected more people than initially communicated. This would impact your reputation in the long term so make sure you know what is going on at all times and be crystal clear on the facts before going public.

  1. Be transparent

With an ever-constant media spotlight and live-news being tweeted every second of the day, businesses can no longer sweep a cyber-attack under the carpet and neither should they.

It’s crucial to be transparent and take ownership of the issue at hand. This will help prevent others filling the news-void with fabricated details of the attack or customer complaints.

Finally, don’t forget you own staff. They are often contacted by media who are digging for inside information so it’s important that everyone, from the receptionist to CEO, understands the company response and adheres to it.

  1. Ensure your spokespeople are briefed and strike the right tone

Your spokespeople are the mouthpiece for your organisation. Their tone needs to be jargon-free, genuine and human. Whether they are apologising or explaining the situation, it’s important to avoid sounding like your statement has been written by lawyers.

Choosing your spokesperson is an important consideration which needs to be judged carefully. During the TalkTalk attack, some commentators admired the leadership of Dido Harding, the group’s chief executive, while others labelled her as a “lamb put to slaughter” because she repeatedly quoted incorrect figures in interviews. This undoubtedly shook customers trust in TalkTalk’s ability to accurately explain what had happened and fix the problem.

Depending on the severity of the situation IT staff, who are closer to the technical details of attacks, can also be a sensible option for a spokesperson. Putting forward your chief executive should, generally speaking, be reserved for a severe attack when customers are affected. Whoever you use speed of response is key – he or she must be on hand very quickly to take control of the situation and show your organisation is on the front foot.

  1. Don’t panic

Finally, don’t panic. Whilst a cyber-attack crisis is undoubtedly stressful, staying calm is crucial to handling the issue in the correct manner. As these types of attacks increase in prevalence, make sure you have a plan in place and be ready to enact it – after all you could be the next organisation to get hit.

Pagefield offers crisis scenario training for organisations as part of our Pagefield Academy. To find out more information, click here.

Related News & Insight