A crisis can hit an organization in a matter of minutes and cause significant damage if not addressed effectively. The true test of resilience lies in how well you can manage its impact, minimize damage, and recover. To do so organizations must be equipped with a clear action plan and be able to respond swiftly.
In this article, we will explore some of the key components of a robust incident response framework that will help you immediately action effective mitigation strategies.
What is a Crisis Communication Plan and Why Does It Matter?
A crisis communication plan is a strategic blueprint of all the tools and processes that a company must use to address emergencies. A robust roadmap can help you to respond quickly to an evolving situation and disseminate verified information to internal and external stakeholders.
Effective emergency coordination is also increasingly becoming a regulatory expectation. The European Union’s NIS2 Directive deals specifically with cybersecurity and mandates robust response and management protocols as part of the enterprise’s risk management blueprint. It requires organizations to maintain detailed records of incident response collaboration and assess their impact. Crisis communication is no longer a nice-to-have back-up approach; it is a vital piece of corporate strategy that determines its resilience and drives regulatory compliance.
Read more about how to achieve NIS2 Compliance.
The 5 Essentials Every Modern Crisis Communication Plan Must Include
The first 72 hours after a cyber incident are critical. Your framework must be comprehensive and outline the tools and protocols teams will use to address the situation.
1. Crisis Communications Team & Roles
Who within the organization will spearhead the response effort? Who will take charge of which tasks? Who will be the face of the company to external and internal audiences? These are critical questions to address early in the preparation stage.
- Create a cross functional response team who will be primarily responsible for coordinating during the emergency.
- The team must include the CEO, CISO, and heads of departments.
- It must also have representatives from departments like legal, IT, HR and Public Relations.
- Define roles for each member and assign specific responsibilities.
- Designate a team lead to oversee the response effort and a spokesperson for conveying timely updates to key stakeholders. This ensures coordinated efforts and accountability during incidents.
2. Communication Tree & Escalation Paths
Establish a clearly defined communication tree that specifies roles, channels, and how information should flow during a negative event. This includes:
- Secure channels and tools for coordinating a response
- Framework for drafting public response as well as internal information exchange
- Escalation paths for situations where initial efforts prove ineffective
Escalation paths ensure that appropriate resources and expertise are mobilized to address the crisis effectively:
- They qualify the conditions under which an event is to be escalated
- They include a clear chain of command and coordination protocols
3. Secure Messaging Tools & Fallback Channels
Emergency management, coordination and information sharing should never take place on unsecured channels and tools. As the SignalGate scandal demonstrated, consumer grade messaging apps pose serious security risks. Even many enterprise messaging platforms lack strong security features. A hack, a leak, or an unauthorized participant added to the group chat can exacerbate a bad situation. Encrypted, safe communication channels are also a regulatory requirement under the NIS2 Directive.
Protected messaging and coordination during an emergency require:
- Enterprise grade channels that ensure end-to-end encryption to protect files and information while in transit and at rest
- All correspondence – chats, group chats, video and audio calls, files and documents – should be encrypted at the source and decrypted only once it reaches the intended recipient
- This ensures that unauthorized individuals or hackers cannot access the data even if the platform were to be hacked.
- It should also operate on a no-trust architecture that continuously verifies users and enforces role-based access controls
- An easy-to-use tool with an intuitive interface can ensure quick adoption and help prevent the creation of a shadow IT with teams turning to unauthorized tools for convenience
- You also need fallback, out of band communication channels that can function independent of corporate networks
- They should even work asynchronously without relying on service providers who may be compromised
4. Pre-written Messaging Templates
Quick responses and updates are invaluable for reassuring stakeholders, ensuring there is no miscommunication or speculation, and maintaining trust. It is a good idea to templatize certain routine messages and holding statements to be used quickly during a crisis:
- Include key messages, clearly define who sends each message, identify the target audience, and specify the channels for dissemination
- Include directions for those seeking further information – a helpline number or a portal / channel that is updated regularly
- All message templates must be pre-approved by legal and Public Relations teams as well as the CEO to ensure consistent messaging and compliance
5. Simulation, Testing & Updates
You’ve done the work and created a robust crisis coordination strategy. But can you be sure it will work in practice and that all team members are well versed in their roles and duties?
- It is important to conduct regular simulations and tests to assess the effectiveness of the response, identify gaps, and update protocols accordingly
- Much like a fire drill, conduct a full run-through of all processes, test the tools and platforms
- This helps identify gaps in processes, inefficiencies, and areas for improvement, allowing you to revise the framework accordingly
- This proactive approach enhances preparedness and resilience
Common Pitfalls (and How to Avoid Them)
Inadequate Planning and Testing - Your response framework must be clear and unambiguous. Every team member needs to know their responsibilities. They should know the protocols and be able to easily access copies of the roadmap. Train them to use the tools available for coordinated response. Any gaps in planning will lead to delays, confusion, and miscommunication which only make the situation worse. Test all messaging channels regularly to ensure they are reliable and secure. Periodic simulations are critical to ensure smooth implementation.
Inappropriate Collaboration Channels - The Trump administration faced a serious security lapse in March 2024. Senior cabinet members inadvertently added a journalist to a Signal chat group where they discussed military operations. The journalist remained undetected, and was privy to sensitive information shared. Using consumer messaging apps like WhatsApp or Signal may be convenient but they have significant security gaps that can be exploited by malicious actors. Even many enterprise platforms have inadequate data protection measures in place. It is crucial to deploy fully encrypted channels that also enforce role-based access controls.
Difficult to use platforms – Effective emergency management demands quick response and seamless coordination. A highly secure but difficult to use channel will slow teams down. And they may turn to unauthorized consumer applications to collaborate. This creates the risk of further breaches which will only make the situation worse. Enterprise communication channels must be intuitive by design and allow users to quickly leverage them in an emergency.
Insufficient debrief and analysis – Crisis management efforts don’t end when the incident is resolved. It is crucial to conduct a detailed debrief of the situation and analyze the response effort. You must identify what worked well and what could be improved, and update the blueprint accordingly. Ensure that your messaging platform stores detailed logs and records for audit and regulatory submission.
Checklist: Audit Your Current Plan
Do you have a crisis communication plan in place already? Does it cover all the essential elements we have listed here? Map it against these questions to see how effective it is, and identify areas of improvement:
- Have you created a designated incident response team with defined roles?
- Is everyone on the team aware of their responsibilities? Have they received focused training on crisis management?
- Are hierarchies and escalation paths established?
- Are secure and fallback messaging tools in place?
- Is your messaging tool fully encrypted? Does it ensure role-based access?
- Are all team members familiar with the platform?
- Do pre-written, customizable, templates exist for various scenarios? Have they been approved by the relevant authorities?
- Is there a schedule for regular testing and strategy updates?
- Does the approach comply with relevant regulations, such as NIS2?
Know more about creating a robust crisis communication strategy.
Download Wire's whitepaper here.
