In the face of an attack, the technical nature of a cyber crisis can destabilise even the most experienced communicators, dealing with features, challenges and ecosystems that are sometimes very far removed from their core business activity.
Focussing on the particular characteristics of a cyber attack, this guide aims to show that good cyber crisis communication is primarily a reiteration of all the tools and reflexes we commonly apply to any crisis communication strategy.
“When a cyber crisis occurs, the actions of communicators all too often take a back seat. This is a mistake. For global crisis management, it is essential that the communication response works hand in hand with the technical response.” Guillaume Poupard, Director-General of ANSSI
WHAT IS THIS GUIDE FOR?
Based on situations encountered by ANSSI since its formation in 2009 to provide assistance to victims, this guide aims to provide highly operational advice and recommendations in order to develop and then trigger the crisis communication component during a computer attack.
Although there is no magic recipe in crisis management, there are a number of reflexes and key concepts that can be integrated without delay by your organisation, whether private or public, in preparedness for a cyber crisis.
The recommendations in this guide are therefore also suitable for managing situations described as “sensitive”, which often precede a potential media crisis.
WHO IS IT FOR?
This guide is intended for all people acting in the role of communicator during the management of a crisis. Depending on an entity’s size and organisation, this may be a communication professional (Head of communications, communication officer or communication agency), but can also be other profiles (firm of professionals, legal expert, decision-maker), for lack of dedicated communicators. Depending on the situation, even the operational team can sometimes play the role of communicator.
While this guide is primarily intended for communication professionals, who have a key role to play in crisis management, it also aims to provide tools and advice to other technical and decision-making professionals called on to support our communicators.
WHAT ARE THE PREREQUISITES?
This guide aims to provide insight into the particular characteristics of cyber crisis communication, as perceived by ANSSI. Its purpose is not to go into detail about how to develop a crisis communication strategy in general. Ideally, this task should be carried out and tested
upstream in order to be able to adapt your organisation and tools to the specific nature of a cyber crisis.
This guide does, however, offer a few reminders of the basics of crisis communication to familiarise all readers with the concepts and key issues at stake for the communication function.
BY THE WAY, WHAT IS A CYBER CRISIS?
A crisis of “cyber origin” is defined as the immediate and major destabilisation of the day-to-day operation of an organisation (cessation of activity, inability to deliver services, heavy financial losses, major loss of integrity, etc.) due to one or more malicious actions against its digital tools and services (cyber attacks like ransomware, denial of service – DoS, etc.). This is a high-impact event, which cannot be dealt with by the usual processes and within the framework of the organisation’s normal operations. By convention, we will use the term “cyber crisis” from here on.
This guide is part of the « Cyber Crisis Management » collection, designed to help organisations prepare for and manage a cyber crisis. This collection is composed of three volumes: Organising a cyber crisis management exercise (available in French and English), Crisis of cyber origin, the keys to operational and strategic management (available in French and English) and Anticipating and managing your cyber crisis communication (available in French and English). This collection aims to provide a cross-sectoral expertise on all aspects of cyber crisis management.
 To which are associated the organisation’s IT systems and those of its service providers.