How to control the narrative during a cybersecurity breach

Today

In a cyber crisis, speed matters. But it's not just how fast you patch systems – it's how quickly and credibly you communicate. UK organisations have made massive investments in cybersecurity over the past five years, yet many still treat crisis communications as an afterthought. That gap can be reputationally catastrophic.

Cyber threats are no longer hypothetical. From NHS supply chain attacks to financial data leaks in the fintech sector, breaches now hit headlines before the IT team finishes its initial triage. And when customers, regulators and shareholders are watching, silence can be as damaging as the breach itself.

That's why leading organisations are turning to strategic partners like Impact PR to pre-build cyber comms frameworks that activate instantly when reputational risks spike. The PR agency in Auckland is staffed by award-winning journalists who support brands across the UK, ANZ, and Asia-Pacific with high-pressure media strategy and crisis messaging.

So what does a best-practice response look like from a communications perspective? And how can CISOs work more effectively with their PR and legal teams to stay in control of the narrative?

Here are 8 key principles drawn from our work supporting UK and ANZ-based organisations during live cyber incidents.

1. Build your comms framework before the breach

You wouldn't roll out a new endpoint solution without testing. Comms should be no different. Every incident response plan (IRP) needs a dedicated communications track:

Identify primary and secondary spokespeople
Draft holding statements for key breach scenarios
Pre-map internal and external notification protocols
Establish legal approval and escalation flowcharts

Don't assume you'll have time to write messaging under pressure. You won't.

2. Speak early, even without all the facts

The first few hours are critical. Your first public response doesn't need full technical details – it needs leadership.

That initial statement should:

Confirm awareness of the incident
Express concern for affected stakeholders
Share steps being taken (e.g. containment, investigation)
Commit to updates within a clear timeframe

If you stay silent, others will fill the void – and not in your favour.

3. Keep legal involved, but not in control

Legal and PR need to work as partners, not opponents. Communications must meet UK GDPR and FCA obligations, but should still sound human. Over-lawyered statements erode trust.

Smart organisations create dual-approval tracks: one for legal compliance, and one for message clarity.

4. Brief internal teams before going public

Leaks often come from inside. If employees aren't properly informed, they may post speculative content on social media or confuse customers.

Align your teams by:

Issuing an internal memo before public release
Providing Q&As and scripts to customer-facing staff
Making clear who is authorised to speak externally

The tone you set internally reflects how you show up externally.

5. Choose spokespeople with EQ, not just IQ

A cyber crisis isn't the time to debut a nervous executive in front of the media. Choose spokespeople who can stay calm, speak plainly, and show empathy.

Train them to:

Avoid defensive language
Handle aggressive media questioning
Balance technical depth with audience understanding

Media training shouldn't be optional. It's business continuity.

6. Monitor media and social channels in real-time

Your comms team needs active intelligence, not just inbound press queries. During a breach, assign someone to track:

Media mentions and sentiment
Hashtags related to the incident or brand
Emerging misinformation or data leaks

Platforms like Google Alerts are useful here. Real-time insight informs real-time response.

7. Tailor your channel strategy

Not everyone reads press releases. Depending on your audience mix, use:

Email updates for clients and partners
Website banners for service outages
LinkedIn posts for professional credibility
Twitter/X for fast public updates

Consistency across channels is crucial. Don't say one thing to media and another to customers.

8. Review and improve after every incident

Once the crisis ends, your learning begins. Hold a multi-team post-mortem and ask:

What worked in our messaging flow?
Were stakeholders kept informed?
Did our legal and comms teams collaborate well?

Update your playbook with clear next steps and assign owners. Don't just write a report – change something.

Why UK businesses must think proactively

The UK regulatory environment is tightening. With mandatory breach reporting under UK GDPR and the increasing scrutiny from Ofcom, ICO, and FCA, the reputational cost of a slow or tone-deaf response is higher than ever.

Equally, the public mood is shifting. Customers are unforgiving of brands that appear evasive or indifferent. Trust is earned in how you show up when things go wrong.

The good news? A strong communications strategy is just as deployable as a firewall.

"Too many firms treat PR like a fire extinguisher, only to be broken out when the flames are already high. In reality, it should be part of the wiring." - Mark Devlin, Impact PR

At Impact PR, we work with UK and global brands to pre-build messaging strategies that help leaders respond decisively in high-pressure moments.