A Practical Guide to Crisis Communications in Cyber Incidents

What CNI, Finance, and Manufacturing leaders must get right when communicating during a cyber crisis.

Crisis Communications is one of the five core strands of our Incident Management Service (IMS).

It is a critical part of effective incident response and one that too often gets sidelined amidst the technical work of containment and recovery.

For sectors where trust, operational resilience, and regulatory expectations are paramount, how you communicate in the first hours and days of a cyber incident can shape the entire public narrative and preserve trust —or permanently damage it.

Essential Principles for Cyber Crisis Communications

Recent cyber incidents in the UK retail sector offer valuable lessons, many of which are highly relevant for organisations operating in essential services, financial systems, and industrial supply chains.

Drawing from these examples, here are five core principles to strengthen your crisis communications playbook:

1. Frame Defences as Continuous

Communicate that cyber defence is a (hopefully) ongoing priority:
“We continuously invest in cyber defences. Upon detecting this incident, we immediately activated our response protocols.”

2. Be Transparent About Data Exposure

Acknowledge risk clearly:
“Personal data was accessed. There is risk of misuse, and we are monitoring closely and taking action.”

3. Avoid Ambiguity

Use precise language:
“No full payment card details or passwords were accessed. Any partial data was encrypted and unusable for fraud.”

4. Enable Action

Empower customers with clear steps:
“We recommend vigilance. Please monitor accounts, check credit files, and report suspicious activity.”

5. Reference Trusted Sources

Directing customers only to your corporate website may not inspire trust. It would be better to also reference national authorities, law enforcement, or statuary cyber resilience centres and resources.

Building Crisis Communications into Your Cyber Incident Response Plan

Cyber incidents are as much a communications crisis as they are a technical one. For organisations delivering essential services, financial stability, and industrial resilience, trust is everything.

How clearly and credibly your leadership communicates during an incident directly impacts regulatory scrutiny, stakeholder confidence, and market trust.

That is why crisis communications must be integrated into incident response planning and practiced at the leadership level.

For further insight on building leadership-led cyber resilience, see Navigating Cyber Incident Response

At NCD, we help clients refine these capabilities as part of our broader Incident Management Service because when a cyber crisis hits, words matter as much as actions. Contact Us.