In the context of an increasingly digital world, the likelihood of organizations falling prey to cyber-attacks has escalated dramatically. As such, the repercussions of these incidents extend beyond mere technical failures; they can significantly impact the reputation of a business and the emotional well-being of its employees. However, it is important to note that an organization’s reputation does not necessarily need to suffer just because it has been affected by a cyber incident. Proactive steps can be taken by cybersecurity and business leaders to effectively communicate the occurrence and implications of an incident, restoring normalcy for both internal and external stakeholders.
At the heart of effective crisis management during cyber incidents is the establishment of a well-defined strategy playbook. This guidance comes from seasoned cybersecurity leaders who have extensive experience in navigating the turbulent waters of cyber crises. During a keynote session titled “Crisis Communications – Contingency Plans to Put in Place Now” at Infosecurity Europe 2026 on June 3, expert insights were shared regarding crucial preparatory measures that organizations should adopt.
Nicola Hudson, a partner and global cyber practice co-lead at Brunswick, emphasized that an effective playbook does not require extensive documentation but should be succinct, emphasizing three critical components: the nature of the crisis, the personnel involved, and a clear understanding of responsibilities among team members. Hudson articulated the first step as identifying the type of crisis being faced. For the second aspect, she reiterated the importance of knowing “who is going to be in the room,” while the final component involves fostering trust within the team. This clarification helps ensure that all members understand their roles, minimizing confusion during the high-pressure environment that accompanies a cyber incident.
Ashish Shrestha, CEO of Zyn Global and former Chief Information Security Officer (CISO) of Jaguar Land Rover, highlighted that while playbooks are essential, their effectiveness often hinges not on technological elements, but rather on how reality unfolds. He remarked, “Playbooks don’t fail because of technology; they fail because reality doesn’t follow a script.” Shrestha explained the intensive pressure felt in a “war room” scenario, where information is constantly evolving, and decisions must be made swiftly despite often incomplete data. This context illustrates the complexity of leading a crisis response effectively.
The management of personnel during a technology crisis is another essential element that cybersecurity leaders must bear in mind. It is vital to acknowledge that cyber incidents present challenges that extend beyond technical hurdles; human factors and communication strategies also need to be prioritized. Knowing who is charged with specific responsibilities, who holds decision-making authority, and how tasks are delegated can significantly mitigate the chaos typically associated with crisis responses. Hudson succinctly stated, “What survives is your process. Who is doing what? How are you going to do it?”
Moreover, Hudson cautioned against relying on rigid communication scripts. Anticipating every possible scenario is unrealistic when faced with unpredictable, evolving challenges. Attackers may leverage situational pressures, making it paramount for organizations to remain adaptable and responsive. Consequently, a more effective approach involves maintaining a “live crisis communications playbook,” wherein strategies are continuously updated based on the unfolding situation.
Notably, internal communications and the management of team anxieties cannot be overlooked. In the wake of a cyber incident, organizational leaders are tasked with addressing the psychological and emotional needs of their staff. Shrestha emphasized the importance of allowing cyber responders adequate downtime to recharge during critical periods. “You need to understand how long people have been working. People get tired. Have you practiced that in your playbook?” he queried, underscoring the necessity of proactively planning for personnel exhaustion in crisis scenarios.
This includes ensuring team members have access to proper sustenance, comfortable accommodations, and scheduled downtime. Shrestha referenced a major incident involving JLR in 2025, where careful planning provided the necessary support for his team. “It’s an ultra-marathon, so you need resilience,” he emphasized, pointing to the emotional and physical demands that accompany prolonged crisis response efforts.
In conclusion, as organizations navigate the ever-evolving landscape of cyber threats, it is critical that they adopt comprehensive strategies to effectively manage cyber incidents. By prioritizing clarity of communication, understanding team dynamics, and supporting the emotional well-being of staff, organizations can mitigate the negative repercussions of cyber incidents and preserve both their reputation and workforce morale.