Key insights from our Cyber Byte: Crisis Communications Webinar

13.01.26

General

At the end of last year, we hosted a Cyber Byte webinar focused on cyber attack crisis communications, exploring how organisations can prepare for, respond to and recover from a cyber incident. During the session, we were joined David Gaffney, Senior Partner at Charlotte Street Partners, who shared practical insights based on supporting organisations through real, high-pressure situations.

A recurring theme throughout the discussion was that while cyber incidents are often technical in nature, the reputational impact is shaped by communication. What an organisation says, when it says it, and how consistently it communicates can all influence stakeholder trust long after the incident itself.

Effective crisis communication begins well before an incident occurs. David highlighted the importance of having a clear but proportionate approach to preparation; understanding likely risks, identifying key stakeholders, and agreeing decision-making roles in advance.

This level of preparation doesn’t need to be complex or time-consuming, and it isn’t limited to large organisations. Even small teams benefit from having a basic communications plan that can be activated quickly, helping to reduce uncertainty when pressure is high. Senior leadership and board-level involvement were also identified as important factors in ensuring plans are realistic and can be implemented without delay.

When a cyber incident is unfolding, organisations often face difficult decisions with incomplete information. One of the most common challenges discussed was the temptation to delay communication until all the facts are known. The session reinforced that early, clear acknowledgement of an issue – even if details are limited – is often better than silence.

Social media was highlighted as a space where misinformation can spread quickly, but also as a channel that can be used to provide consistent updates if managed well. Close coordination between communications, legal and technical teams is essential to avoid mixed messages and unnecessary delays during this phase.

Recovery doesn’t stop once systems are restored or headlines move on. Continued communication, internal engagement and visible learning all play a role in rebuilding confidence. Employees were highlighted as a key audience during recovery, as they are often trusted sources of information both internally and externally.

While no organisation would choose to experience a cyber incident, the session explored how a clear, transparent response and meaningful improvement can support long-term reputation and trust.

Many of the themes discussed during the webinar reflect what we see when organisations contact us during a cyber incident. Having access to the right support at the right time can make a significant difference to both response and recovery. Based on the session organisations should consider following practical steps:

If your organisation experiences a cyber incident, our free Incident Response Helpline is available on 0800 1670 623, offering immediate advice and guidance.

We’re also running a special membership offer in January 2026 for new members: 15 months for the price of 12 for small and medium organisations. Membership provides access to practical resources, expert support and guidance designed to help organisations prepare for and respond effectively to cyber threats. More information can be found in our community section here, or get in touch with Abby Hilson in our team at [email protected].