Cyber Incident Communications Checklist

January 12, 2023 | By IANS Faculty

This high-level communications checklist is designed with steps to be followed during the first 72 hours of a security incident. Use this response process as suggested guidance as the incident develops and tailor these adjustable steps to suit your company’s bandwidth and operations, as well as the circumstances of the incident.

Cyber Incident Communications Checklist 

  • Notify the Information Security Team 
    • Determine next steps 
  • Activate the Cyber Crisis Communications Team
    • Decide if a planning call or meeting is needed
    • Review team member roles and responsibilities
    • Involve the head of corporate communications or public relations
    • Confirm the process for drafting, approving and deploying communications materials 
  • Determine if social media monitoring and reporting should begin
  • Contact external advisors

Necessary advisors may include: 

  • Cyber-liability insurance
  • Third-party security vendors
  • Incident response forensics vendors
  • External counsel
  • Law enforcement, etc.
  • Develop a stakeholder notification plan

Be sure to include when each group should be notified and which corporate function is responsible for those communications. Common stakeholder groups include:

  • Leadership 
  • Legal
  • Insurance 
  • Compliance
  • Board of directors 
  • Employees (include media protocols, if necessary)
  • Customers (letter, email or phone)
  • Government regulators (SEC, GDPR, CCPA, NYDFS, etc.)
  • Key investors/analysts
  • Business partners/vendors
  • Community partners
  • Assess the need to scale up customer-facing channels

Necessary communications channels include:

  • Develop a microsite 
  • Assess social media channels
  • Set up an email mailbox
  • Set up a breach response call center 
  • Measure and, if needed, increase call center surge capacity
  • Finalize an external communications rollout plan

READ: Ransomware Response Exercises for Executives 

  • Begin drafting communications materials

Route communications through appropriate approval channels; typical materials include:

  • Media holding statement
  • Key messages
  • Tough Q&A 
  • Talking points for key stakeholder groups
  • Review current and future external communications

Be sure to include social media and marketing activities to determine whether they should be halted

  • Finalize communications materials
  • If the incident is non-public and material
    • Initiate investor notification process
    • Institute stock trading “blackout window” for employees
  • If there is significant customer impact
    • Finalize and post official statement to website and social media channels
  • Update organization statements
    • If additional/new messaging is required
  • Assess the need for daily media calls/briefings
  • Hold regular communications update meetings

The incident team should include:

  • Leadership 
  • Cyber-liability insurance
  • Legal counsel 
  • Other stakeholders (as necessary)

Although reasonable efforts will be made to ensure the completeness and accuracy of the information contained in our blog posts, no liability can be accepted by IANS or our Faculty members for the results of any actions taken by individuals or firms in connection with such information, opinions, or advice.

Access time-saving tools and helpful guides from our Faculty.

IANS + Artico Search

Our 2024-2025 CISO Compensation and Budget Benchmark Survey is Live!

Get New IANS Blog Content
Delivered to Your Inbox

Please provide a business email.