When a cyberattack strikes, it often compromises the very systems organisations depend on to coordinate their response. Email servers may be encrypted, monitored, or entirely inaccessible. Employee contact directories—typically stored within the compromised network—can vanish at the moment they’re needed most.
This breakdown creates a dangerous communication vacuum, delaying incident response and increasing the risk of misinformation, confusion, and operational paralysis. Follow this guidance to help mitigate some of these challenges:
Effective crisis communication demands options beyond the default toolset. To stay connected when core systems fail, resilience teams should establish redundant, out-of-band communication capabilities. Consider the following methods:
1. External Staff Information Portals
A cloud-hosted, externally managed staff webpage can serve as a trusted, always-on source of guidance during a cyber incident. It should offer real-time updates, FAQs, and role-specific instructions—accessible from any device. Crucially, it must reside outside the organisation’s compromised infrastructure.
2. Secure Emergency Hotlines
Pre-established toll-free numbers can provide either recorded updates or direct lines to designated response personnel. These Hotlines should be protected with access codes and included in staff training materials. While they rely on staff to initiate contact, they are invaluable when digital systems are untrusted or offline.
3. Call Trees for Structured Escalation
Call tree frameworks allow structured, manual information dissemination through designated contacts at each level of the organisation. When configured in advance and kept up to date, they enable scalable outreach without overwhelming individual channels or people.
4. SMS Alerts and Secure Messaging Apps
When mobile numbers are available, SMS via a mass notification platform provides rapid reach. Secure messaging apps -like Sentinel PiNG - with end-to-end encryption can also be used—provided they are vetted, tested, and adopted organisation-wide in advance. Staff must be trained to recognise legitimate alerts to mitigate the risk of social engineering during crises.
Disclosing the right amount of information at the right time is a strategic challenge. Oversharing can amplify panic or expose exploitable details, while insufficient communication may erode trust or hinder coordinated response. Organisations must communicate clearly on what’s affected, what staff should do, and what support is available—without compromising security or situational control.
The success of any cyber crisis communication strategy hinges on preparation. CISOs and resilience leaders should ensure the following are in place:
In a ransomware event or major cyberattack, communication is both a tactical necessity and a strategic asset. Organisations that prepare alternate channels, train staff, and rehearse crisis protocols will respond faster, reduce confusion, and maintain operational control.
Ultimately, resilient communication upholds business continuity, protects stakeholder trust, and reinforces the organisation’s capacity to weather even the most disruptive incidents.