Full Service Marketing for Higher Education, Health Care & B2B Marketing


After a Cyberattack: Communication Best Practices

Bill Stamats

Share On  

It’s a common refrain in the world of cybersecurity: There are only two types of organizations: those that have been hacked and those that don’t know it yet. While that thought is unsettling, there are steps everyone can take to both minimize the risk of cyberattack and mitigate the damage.

In my previous post, I interviewed Bill Barthel, Stamats Technical Integration Manager. Bill shared tactics schools can employ to increase data security and decrease risk of cyberattack. In this follow-up post, I’d like to dig a little deeper and explore how organizations of all types can communicate sincerely and succinctly when a data breach happens.

Though presented in the context of a cyberattack, the best practices outlined below can apply to any crisis communication strategy. Consider these tips a starting point for developing an effective communication plan that can protect your organization, clients, and brand.

Managing a Security Breach: Communication Best Practices

Follow State Notification Protocols

Firstly, each state has its own laws about who must be alerted in the event of a cyberattack (government agencies, individuals impacted, etc.). Know the data breach notification laws in your state and follow all protocols for the type of breach you’ve experienced.


In challenging moments, unity matters more than ever. Bring organizational leaders together and encourage everyone to echo the same message both internally and externally.

Additionally, funnel all information through a single point of contact (ideally, an experienced staff member who’s already serving as media liaison or communication lead). Remember: Messaging should be authentic, timely, and consistent.

Be as Transparent as Possible

Criminal activity thrives in darkness. Help demystify cyberattacks by shining a light on your experience.

Though some details may need to be withheld as part of an investigation, share what you can honestly and directly. Remember: Communication needs will vary for internal and external audiences. If you’re unsure about what you can/can’t communicate, consult a data security professional.

Offer Solutions

Data breaches can impact operations immediately and indefinitely. Offer solutions to those you serve. What short-term workarounds can you offer? What services can be provided while systems are offline?

If the breach has put personal data at risk, consider providing employees and clients with free credit monitoring or other identity protection services.


Turn the situation into an educational opportunity—for your own organization and for others. In general terms, explain how your teams are working to prevent future breaches and what others can do to minimize the threat of security incidents.

Start a Dialogue

Finally, cyberattacks are a universal threat. Use your organization’s experience as an opportunity to raise awareness and start a larger, solutions-focused conversation. Chiefly, engage clients, partners, security experts, and the media as you talk about the source of the breach and examine proven security strategies others can use.

From audience research to strategic messaging, Stamats can help you communicate clearly, intentionally, and far more successfully. Email us to learn more about our wide range of communication services.

Ready to Get Started?

Reach out to us to talk about your strategy and goals.

Email Us