Cybersecurity remains a major topic worldwide. Around 600 million cyberattacks are carried out worldwide every day, doubling compared to 2023 according to Microsoft’s annual report. The number of cybercriminal activities is also increasing in Belgium.
While many companies and governments are committed to protecting their IT systems, employees often remain the weakest link. Hackers regularly target private devices of key individuals to gain access to sensitive information or critical systems. A common tactic is email spoofing, where attackers use a fake email address to send messages that appear to come from trusted individuals.
To illustrate the seriousness of these issues, cybersecurity company Cyberwolf conducted research into the vulnerability of CEOs of companies in the Bel20 index. What did it reveal? A whopping 70 percent of these CEOs are at risk of such attacks. But what if you are faced with data leaks? How do you communicate this news effectively both internally and externally? Our expert Evi Coune shares five tips.
1. Communicate quickly
Although the approach may vary depending on the situation, the rule is: break bad news yourself, preferably as soon as possible, even if you don’t have all the details yet. Let them know that you are investigating the data breach or cyber attack and that you will keep everyone involved informed of the latest developments. This way, you keep control of the story and prevent others from speculating themselves.
2. Be transparent
When communicating, don’t sugarcoat the issue. Clearly explain what happened, what data may have been leaked, such as personal data, and what steps you are taking to fix the situation. You don’t have to reveal every technical detail, but the people involved should know what they are getting into. So, share information that is relevant to them.
Avoid speculation, as ambiguity can lead to more panic or misunderstandings. Transparency ensures that you control the narrative and do not risk others filling in the story for you.
3. Gather the troops
Make sure to involve your IT team, legal colleagues, and outside experts when going public with information. This will ensure you’re sharing the correct facts and avoid miscommunication. It’s important to get everyone on the same page before you go public with the news so you don’t make unintentional mistakes or provide information that needs to be corrected later.
Additionally, you must report the data breach to the appropriate authorities , such as the police. By reporting a cybercrime to your local police station, you are taking the first step in the official process. Local police work with the Regional and Federal Computer Crime Units (RCCU and FCCU), which specialize in combating computer crime. By contacting the appropriate authority, you ensure that the incident is thoroughly investigated, and the appropriate steps are taken to limit the damage.
4. Empathy takes you a long way
Show understanding for the concerns of your employees, customers and partners. A data breach can create a lot of uncertainty, and it is important that you acknowledge these feelings. Apologize for the impact and, most importantly, explain what steps you are taking to prevent a recurrence. It is not enough to just say you are sorry; be specific about how you are addressing the situation and what measures you are implementing to prevent future incidents. This will not only help you restore trust but also show that you are taking responsibility.
5. Evaluate and adjust your tactics
After the data breach, it is important to reflect: what went well and what could have been improved? Take the time to evaluate the entire process so that you can learn from what happened. Use these insights to improve your crisis plan and ensure that your team is well prepared for the future. Regular training keeps your employees sharp and ready to act quickly if necessary.
If the hack happens to a CEO or other key figure, focus extra on cybersecurity awareness among management. They need to know how to protect themselves online but also understand why a strong cybersecurity policy is crucial for the entire company. Prepare your leaders well, so you reduce the chance of a successful attack in the future.
From crisis to control
Data breaches often come unexpectedly, but with the right preparation and a well-considered communication strategy, you will be much stronger. Responding quickly, communicating transparently and showing empathy are important building blocks for maintaining trust and limiting reputational damage. Anyone who also takes the time to adjust afterwards will emerge from a cyber crisis with more knowledge and a stronger plan.
Do you want to better arm your organization against cyber incidents? We are happy to help you move forward. Whether it concerns ad-hoc support during a crisis, drawing up a crisis communication plan with detailed scenarios, crisis media training or simulation exercises: we ensure that you stand firm when every second counts. Contact us and let experienced crisis experts guide you.
