While high-profile cyber-attacks continue to hit the headlines, for every incident you see in the press, there are many more that – thanks to a good crisis communications response – never become public.
Our Crisis and Issues Management team has spent an awful lot of time working with companies to prepare for, respond to and rebuild reputations from ransomware attacks. Here they share some emerging trends.
Changing perceptions of ransomware
Ransomware attacks have become depressingly familiar to UK companies.
It is all too common for an organisation to discover all its computers are encrypted and the only file that will open is a ransom note left behind by hackers, demanding a payment in exchange for the decryption tool.
In the first seven months of the year, 85 percent of cases that we responded to involved ransomware and nearly 60 percent of the time data was stolen by the attackers. This adds a second extortion element – not only is a system encrypted and unavailable, but hackers are also threatening to leak the data they’ve stolen onto the dark web.
Every incident poses different challenges and, as these attacks have become more common, our communications approach evolves. Certain sectors, particularly financial services and education, are developing a far greater understanding of cyber threats so the word ‘ransomware’ is no longer such a scary concept. Honesty and transparency about an incident can generate goodwill or sympathy, as opposed to the panicked reactions from employees, clients or customers we saw a couple of years ago.
What hasn’t changed is the immediate demand for information from the people affected – either by operational disruption or because their information is now at risk. However, it is vital to first establish some fundamental facts about the incident. It is easy to damage relationships if you can’t answer basic questions about what happened and the potential impact. It is also important to understand how the incident could develop and avoid saying something that could later turn out to be wrong.
Evolving the communications
Ransomware groups are continuing to evolve, merge and rebrand.
As each group becomes more experienced, their tactics become more streamlined and sophisticated. This makes the communications response more complex. Phone calls to senior executives, emails to employees and contacting a company’s clients are all increasingly common tactics used by different ransomware groups to ramp up the pressure on an organisation.
Unfortunately, these new techniques aren’t likely to go away, so the typical communications response must evolve. Wherever possible, companies should make sure that their stakeholders hear about the incident from them, rather than through a third-party rumour or an unsubstantiated allegation. This communication must walk a fine line; being proactive and realistic, while avoiding being overly reassuring.
How we can help
Quick and effective communications can limit reputational exposure from a ransomware attack.
Preparation, such as creating a playbook with template communications materials, and practising via a simulation in advance of an incident, are tactics that organisations can implement to make sure they’re putting their best foot forward and presenting the right narrative to stakeholders.
As well as working with progressive organisations to prepare for incidents, we also have extensive experience in advising companies through the communications response process once an incident happens.
We work closely with legal and forensic teams to align communications to contractual, regulatory, and technical developments – as well as the primary goal of keeping customers, clients, staff, partners and other parties informed with the right information, at the right time.
Finally, after an incident, there can be considerable work to rebuild relationships and restore trust in the organisation. While this can be challenging, we are well versed in enhancing an organisation’s reputation and getting them back to where they were (or beyond) before the incident.
