Responses to recent cyber breaches suggest organizations can struggle to get the message right in the midst of an incident. While managing the communications around an incident is outside the direct purview of the CISO, having an existing communications plan in place is an essential element of cyber preparedness.
“Communications are a critical component of a good cyber strategy, and it should be prepared and practiced in organizations before an incident occurs,” says Eden Winokur, head of cyber at Hall & Wilcox, which helps companies with cyber incident management among other things.
Cyber preparedness should include a communication plan
Winokur’s advice is to err on the side of transparency, while ensuring accuracy when it comes to responding to a cyber incident. “Cyber is not just an IT risk. It really is an enterprise risk, and a key part of cyber preparedness includes a communication strategy within the organization and with external stakeholders.”