In a cyberattack, your primary networks may go dark. Learn why fallback communication channels are essential for crisis continuity, resilience and compliance with NIS2 and GDPR.
You created a foolproof crisis communication plan, you ran the simulations and tests, and you trained your teams to execute it smoothly. But what if a cyberattack takes out your corporate networks and messaging tools? Or if hackers target telecom service providers, compromising both their security and that of any platform that runs on them? This is why you need fallback and out of band communication channels for when disaster strikes and you need to collaborate and interact with stakeholders reliably and securely.
What is Fallback Communication?
Fallback communication is a strategy that uses alternate, secure and reliable channels or methods for collaborating when primary systems are compromised or inaccessible. A fallback communication channel usually operates out-of-band or completely independent of the primary infrastructure, which ensures that it remains available at all times.
A fallback messaging channel supports real-time or asynchronous collaboration and coordination to prevent communication blackouts during emergencies. It is important for enabling quick, seamless dissemination of information to stakeholders during a crisis. A fallback communication channel is much more than just a backup – it is a crucial emergency support system that helps maintain continuity, reduces misinformation, builds trust, and improves resilience.
Why Fallback Communication Matters During a Cyber Crisis
Let’s consider two significant cyber breaches that exposed the vulnerability to communication systems and emphasized the need of fallback channels.
- In October 2024, Salt Typhoon, a China-sponsored advanced persistent threat group successfully hacked US telecom providers including Verizon and AT&T.
- They accessed sensitive national security information and data pertaining to US citizens including political leaders.
- While the threat was quickly neutralized, it exposed serious vulnerabilities in core telecom infrastructure.
Consider a situation where you use one of these service providers to run your business communication network. A cyberattack like the Salt Typhoon one could pose a significant threat to the security, integrity and even availability of your crisis communication channels.
- In March 2025, senior members of the Trump administration added a journalist to a group chat on a Signal group chat where they discussed sensitive military operations.
- The incident exposed how senior government officials were using a consumer-grade, inadequately encrypted platform for top secret discussions.
- It also showed that no secure fallback channel was available once the group was compromised.
Hacks like Salt Typhoon or human error-led breaches like Signalgate are only two of the myriad cyber threats facing organizations today. There is a 50 percent surge in cyber threats across the world with a significant jump in ransomware attacks - 2289 reported incidents in just Q1 2025, marking a 126 percent increase from the same time period last year. Distributed Denial of Service (DDoS) attacks are also increasing – a 358 percent year on year increase in 2025.
Cyber incidents like ransomware or DDOS attacks or DNS shutdowns can severely disrupt your business networks and leave your teams unable to coordinate their response efforts.
- Ransomware attacks often target corporate networks and communication channels like email, Slack, MS Teams, and Zoom, locking teams out of these essential tools, and slowing down the mitigation effort.
- Data center attacks can isolate critical infrastructure including primary communication platforms.
- DNS shutdowns can disrupt communication flow by rendering websites and email systems inaccessible.
These situations can prevent your teams from responding quickly and effectively to the evolving incident. And the absence of a strong, verified response from official sources, can lead to misinformation, miscommunication, confusion. Eventually, this can erode customer trust, result in lapses in regulatory compliance, and severely impact corporate reputation.
Fallback, out-of-band communication systems that operate independent of corporate servers and mobile networks are invaluable during crises. They allow teams to continue to quickly and securely share information, update key stakeholders and coordinate resources to address the crisis.
Use Cases for Fallback Channels
CNI Emergency Operations- Critical National Infrastructure (power grids, water supplies, telecommunication) need to be able to respond quickly to a cyber threat to ensure business continuity and resilience. A ransomware or DDoS attack that shuts down their primary communication channels can have disastrous, and widespread consequences. For example, a cyber attack on a power grid can lead to large scale black outs, accidents, disruptions in essential services like transport and healthcare and even looting, and crime.
Fallback, out-of-band communication is essential for organizations in these sectors to maintain control when systems go dark. They allow teams to disseminate real-time responses quickly and without interruptions, safeguarding public safety and minimizing operational downtime.
Boardroom-level updates – Senior leadership’s involvement in a crisis management effort is essential for ensuring strategic decision making and securing customer and stakeholder trust. Board oversight of incident response efforts is also a regulatory requirement under the NIS2 Directive. Leadership teams need timely updates to assess risks, authorize responses, and communicate with key stakeholders. Fallback communication channels offer a secure environment away from compromised corporate networks where teams can apprise management of the situation and share sensitive information without fear of further breaches. Leaders can leverage a fallback platform to ensure transparent, coordinated messaging internally and externally to reassure stakeholders and minimize risk of misinformation.
IT / Incident drill simulations – Organizations are increasingly running regular cybersecurity incident drills to test the effectiveness of crisis management plans. This is essential for assessing weaknesses or gaps in the plan and ensuring that teams are aware of their roles and responsibilities. The use of fallback channels in these simulations is important for testing the company’s ability to maintain uninterrupted messaging when primary networks and systems are unavailable. This improves resilience, reduces response time, and enhances coordination during actual events.
What Makes a Fallback Tool Secure and Reliable?
A robust fallback communication tool must offer:
Federation & self-hosting: Federation enables seamless and secure interoperability across communication platforms and servers. It allows secure interactions between different organizations without compromising sensitive data. Self-hosting enables companies to operate their own communication infrastructure without relying on third-party providers. A platform like Wire ensures sovereign data control in line with data privacy laws in the EU and across the world. It is interoperable with secure platforms which helps avoid vendor lock-in and it also ensures cross-entity secure messaging.
Cross-device support: An emergency can hit an organization at any time, and escalate in minutes. Teams need to swiftly access secure fallback communication channels from wherever they are. This means that the channel must be accessible and offer a seamless experience across devices – mobile, desktop, tablets. A fallback tool that works across platforms guarantees continuous access to communication tools regardless of the user’s location or device.
End to end encryption – When it comes to secure crisis communication platforms, especially for critical service sectors, basic encryption efforts are not enough. Any conversations, or files shared on the channel must be encrypted at the sender’s end and decrypted only when they reach the intended recipient. It must be encrypted at rest, and in transit. And the platform must also ensure zero-trust, role-based access controls so unauthorized actors cannot retrieve any data even if they manage to hack it.
Local control: The system must be fully managed by your security team, not a public cloud service. The platform must offer local control or give organizations direct ownership of encryption keys and data. This reduces exposure to external breaches and also addresses regulations pertaining to third- party data storage. This makes it easier to implement access control rules, and store and access data for audits and incident reporting mandated by NIS2 and GDPR.
Conclusion
In today’s volatile risk landscape, fallback communication channels are an essential part of an enterprise’s resilience strategy. A robust, fully encrypted, and out-of-band communication platform will enable your teams to act quickly and confidently in an emergency.
Find out how you can build a secure, and reliable crisis communication framework for your organization. Download our whitepaper and take the next step towards cyber resilience.
