This blog is provided by the IPR Organizational Communication Research Center

How do organizations get in contact with clients and staff during a cyber-attack? And how do they keep up urgent operations? We know from research and practice that one of the main challenges during a cyber-attack is the loss of internal and external communication systems (such as phone-system, Systems Applications and Products (SAP), e-mail, intranet) and internal coordination among staff. Taking the risk of cyber-attacks into account, organizations need to be well prepared and to have the right IT system back-up to prevent an attack, but also need to know how to deal with communication when experiencing a total breakdown of all systems and communication. Professional communicators play a vital role in this area.

Fear of Cyber Attacks
Fear of cyberattacks is constantly increasing all over the world. In Denmark, fear among citizens has increased from 45% in 2017 to 57% in 2022 (Danish Emergency Management Agency, 2022). Cyber-attacks and terrorism are a top concern! This high awareness is related to the level of threats; Many organizations have already experienced data breaches or cyber-attacks, or they know about attacks on other organizations. In a huge cyber-attack on June 27, 2017, more than 230,000 computers in 150 countries were hit by the ransomware virus, PETYA. It caused a total breakdown of all administrative systems and communication in the attacked international firms, such as Maersk, FedEx, etc., and created chaos (Frandsen & Johansen, 2020).

Communication Professionals and Cyber-Attack Concerns
Cyber-attacks and problems with cyber-security have become a new normal. According to the European Communication Survey (ECM) 2020 (Zerfass et al., 2020), one of the major concerns of communication departments and agencies in the field of cyber-security is that «cyber criminals could hack their website and/or social media accounts, and close down their digital infrastructure.» In fact, 6 out of 10 practitioners confirm the relevance of cyber-security for their daily work in communication departments, and more than half of the communication professionals studied in the ECM in 2020 had already experienced attacks.

Internal Crisis Communication
Studies on internal communication during crises show that there is a huge need for creating sense and understanding of the situation and dealing with the strong emotional reactions among staff during a crisis (Frandsen & Johansen, 2011, Johansen et al., 2012). In such situations, both managers and employees are central communicators. Managers need to communicate, set directions, and listen to employees, as they may come up with expert solutions. However, when it comes to a total breakdown of communication and all administrative systems during cyber-attacks, how can organizations deal with employee needs?

Challenges and Key Learnings about Attacks
From our research (Frandsen & Johansen, 2017) and various case studies conducted in Denmark and the United States, we have learned about ways to deal with the loss of IT and communication systems during an attack among private companies (e.g., energy, financial companies) and public sector organizations (e.g., hospitals) (Stowman et al., 2022).

During a cyber-attack, the Crisis Management Team (CMT) will of course have to deal with the cyber criminals, the virus, and key IT aspects. However, in this blog post we will focus on the communication systems:

Improvisation and resilience
During a cyber-attack, improvisation and resilience are keywords. Improvisation is essential to uphold operations and communication with central stakeholders, and you need to rely on resilience: i.e., the capability of staff to find right solutions and to be ready for needed changes.

Next, it is important to get a first overview of which parts and to what extent the communication systems are hit by the attack, and to prioritize urgent needs for communication among key stakeholders. Thus, it is important for the CMT to quickly establish contact to each location of the organization. Not all staff (or external stakeholders) may have the same needs for communication during an attack. For instance, people in the production vs. people within sales and logistics may have different needs for communication as not all systems are necessarily hit to the same extent. Knowing the needs will make it easier to handle them correctly and efficiently.

Alternative communication channels

Staff and external stakeholders quickly learn that an attack is going on, and they start communicating and searching for information. Can we fulfill our orders? Thus, decisions about communication toward staff, clients, partners, supply chain, and distribution should be made quickly to inform staff on how to proceed to keep up, if possible.

For external communication, mail accounts beyond the company network must be established, and additional communication may be conducted via alternative channels such as social media (e.g., Facebook or LinkedIn), private phones, or networks, in addition to the regular communication system of the organization.

For internal communication, WhatsApp or other cloud-based solutions have proven to be reasonable alternatives to share necessary information and files, as well as to assure quick, reliable, and secure communication with all employees (Stowman et al., 2022, Hawkins, 2017).

During crises there is an urgent need for sensemaking and problem-solving among staff. Here, regular physical crisis meetings are an appropriate way to reduce misunderstandings and create sense around the challenges of the crisis, but also to invite new ideas and solutions. Front-line employees may be good at improvising and coming up with creative answers to challenges within their own area. Being able to strategically listen (Lewis, 2020) to staff and external stakeholders during an attack can be extremely useful to adjust corporate strategies and assure business continuity.

How To Prepare Communication for Cyber-Attacks
— Train staff in signal detection, cyber-security awareness programs, and conduct stress tests and simulations.
— Encourage a leadership and communication culture, where people feel free to speak up and suggest ideas.
— Identify key stakeholders and create an overview of alternative communication channels for both internal and external communication.
— Establish a cloud-based alternative platform for critical communication, and/or an independent ‘dark site’, as a parallel landing webpage for information to stakeholders.
— Do not just make the IT department responsible for clean up; make sure to include communicators in the CMT, and to have contacts in all important locations of the company.
— Prepare for improvisation and resilience!

Never underestimate the impact of a cyber-attack on your communication process. Professional communicators are strongly needed during these crises and will be better prepared for organizational interruptions by following these steps.

1.) Danish Emergency Management Agency (2022). National Risk Profile 2022. DEMA, DK—beredskabsstyrelsen/dokumenter/krisestyring-og-beredskabsplanlagning/2022/-national-risk-profile-2022-.pdf
2.) Frandsen, F. & Johansen, W. (2011). The study of internal crisis communication: Towards an integrative framework. Corporate Communications: An International Journal, 16(4), 347-361
3.) Frandsen, F. & Johansen, W. (2017). Organizational Crisis Communication. London: Sage
4.) Frandsen, F. & Johansen, W. (2020). Living in an age of risk and crisis? Cyberattacks, terrorism, hi-jacking, pandemics … What’s next? NORA Webinar, June 26, 2020, on Trends in the communication profession from a Nordic perspective, NORA, BI Norwegian Business School, Oslo, Norway.
5.) Hawkins, N. (2017). Why communication is vital during a cyber-attack. Network Security, March 2017, 12-14.
6.) Johansen, W., Aggerholm H. K., & Frandsen, F. (2012). Entering New Territory: A study of internal crisis management and crisis communication in organizations. Public Relations Review, 38, 270-279.
7.) Lewis, L. (2021). The Power of Strategic Listening. Lanham: Rowman & Littlefield
8.) Stowman, A. M., Cacciatore, L. S., Cortright, V., McConnell, J., Wilburn, C., Bryant, B., … & Kalof, A. N. (2022). Anatomy of a cyberattack: part 3: coordination in crisis, development of an incident command team, and resident education during downtime. American Journal of Clinical Pathology, 157(6), 814-822.
9.) Zerfass, A., Verhoeven, P., Moreno, A., Tench, R. & Vercic, D. (2020). European Communication Monitor 2020. Study conducted by EUPRERA and EACD.

Winni Johansen, Ph.D., is a professor of corporate communication and crisis management at the department of Management, Aarhus University, Denmark.

Marit Lott is a MA-student in communication and media at Augsburg University, working as a research intern at the department of Management, Aarhus University, Denmark.

Heidy Modarelli handles Growth & Marketing for IPR. She has previously written for Entrepreneur, TechCrunch, The Next Web, and VentureBeat.
Follow on Twitter