Cyber intrusions are no longer a matter of “if” but “when.” As organizations build stronger defenses and response teams, one critical and often underestimated element remains: communication. How a company communicates during a cybersecurity incident can either strengthen its reputation or amplify the damage. Over time, people tend to remember how events made them feel, rather than the specific details of what happened. This is why, when handled poorly, the communication response to an incident can have more lasting consequences than the breach itself

Why Communication is Crucial

A cybersecurity incident is not just a technical issue—it has business, legal, and reputational impacts. The speed, tone, transparency, and accuracy of an organization’s communication can influence customer trust, market confidence, regulatory scrutiny, legal exposure, and media coverage.

Instinctually, communications teams may want to shy away from disclosing an incident, due to some of the above impacts. However, customers, employees, investors, regulators, and the media all want answers. They are quick to recognize when companies lack transparency and are less tolerant of misleading responses than ever before.

Handled well, communication can preserve relationships and reduce long-term damage. If mismanaged, it can lead to confusion, regulatory fines, and a lasting hit to reputation. When an incident affects the broader supply chain, delayed or vague messaging can hinder response efforts across partner organizations—potentially putting their customers at risk as well.

What to Say:

When it comes to communication during a cybersecurity incident, clarity and honesty are paramount. Here are some considerations:

• Acknowledge

In a hypothetical scenario where a threat actor is publicly threatening to leak data they claim was stolen from your company, issuing a statement along the lines of, “We are actively investigating claims of a breach” is better than silence or an outright denial. This shows awareness and initiative.

• Be Transparent

Share verified information, not guesses. If the breach is under investigation, say so. Let stakeholders know that updates will follow as facts emerge.

• Show Empathy

If customer data may be compromised, express genuine concern. People want to know that your organization takes security and data privacy seriously.

• Outline Actions

If possible, detail what’s being done to contain the breach, what steps are being taken to protect affected individuals, and how the company is cooperating with investigators or regulators.

• Provide Guidance

If users need to reset passwords, monitor accounts, or take other actions, communicate this clearly. Make it easier for customers to find additional information or access help.

What Not to Say:

Missteps in communication can worsen the fallout. Here’s what to avoid:

• Downplaying or Denying the Incident

Attempts to minimize the breach or delay disclosure often backfire. The truth will likely come out, and when it does, it erodes trust.

• Absolute Statements

Avoid absolute statements such as, “No data was accessed” unless you’re absolutely certain. Cyber forensics can take time, and premature conclusions can lead to retractions.

• Blaming Others

Avoid pointing fingers, whether it’s a vendor or threat actor. Focus first on containment and recovery.

• Technical Jargon

Your stakeholders may not be familiar with certain terms like "zero-day exploit.” Use plain language that people without a cybersecurity background can understand.

Timing Matters

Timing is a delicate balance. Waiting too long can look like a cover-up; moving too fast risks sharing information that could open your organization or others to further compromise. As soon as possible, it’s best to acknowledge if an investigation is underway. As the investigation continues, you can share facts, outline response efforts, and offer support channels for those affected. Providing regular updates helps keep customers in the loop, even just to reaffirm that the investigation is ongoing. After the incident, it may be wise to communicate lessons learned and highlight security improvements.

Final Thoughts

As the dust settles from a cyber incident, communication is one of your most powerful tools. It's not just about managing a message—it's about maintaining trust, demonstrating leadership, and showcasing accountability. The best crisis communication plans are proactive, practiced, and part of your broader incident response strategy. Organizations that get it right understand that in the face of a cybersecurity crisis, people remember how you responded just as much as what happened.