Kent research has contributed to a new, practical framework that will help businesses, cyber security teams and corporate communications professionals respond more effectively to cyber security attacks.
With the likelihood of data breaches increasing over time due to advancing technology, it has never been more important for companies to recognise the need to engage with customers, partners and other stakeholders to ease concerns following a cyber security incident and manage the associated risk of substantial reputational damage.
The framework, published in Computers & Security Journal, includes a guide for planning ahead of a potential cyber crisis as well as a crisis response plan which takes cyber security, corporate communication and public relations (PR) professionals through a process flow chart. Users of the framework are provided with guidance and considerations on disclosure messaging, when to disclose, who should face the media, and by which channels to best communicate with stakeholders – including the customers and business partners. Furthermore, it guides professionals on how to deal with responses or backlash from stakeholders. It also reminds businesses to prepare for the reality of opportunistic cyber criminals that would attempt to capitalise on the data breach (e.g., through phishing attacks, scams and other cybercrimes).
Dr Jason Nurse of Kent’s School of Computing examined the efficiency of crisis communication and public relations professionals following cyber security incidents, through real-world case studies and academic literature. He worked alongside Richard Knight (University of Warwick) to develop the comprehensive playbook to support companies in their preparation and response to such events. Interviews with senior industry professionals – including Directors, Chief Security Information Officers (CISOs) and Crisis Management Specialists – and a critical assessment against relevant practice and research, provided further validation on the crisis guide.
Dr Nurse said: ‘Through this research, we have captured and defined best practices for effective corporate communication and public relations after cyber security incidents. This is the first grounded, comprehensive and evaluated proposal of its kind. This framework can complement security incident response and management in businesses, which is so important to reputation recovery following a data breach. This type of playbook is exactly what many companies today need.’
The research paper titled ‘A Framework for Effective Corporate Communication after Cyber Security Incidents’ is published in Computers & Security Journal. DOI: https://doi.org/10.1016/j.cose.2020.102036. The article is freely available for 50 days through this link on ScienceDirect.
Dr Jason R.C. Nurse is an Associate Professor (Senior Lecturer) in Cyber Security at the University of Kent’s School of Computing and the Director of Public Engagement of the Kent Interdisciplinary Research Centre in Cyber Security (KirCCS) and the Institute of Advanced Studies in Cyber Security and Conflict (SoCyETAL). His research focuses on cyber security, privacy and trust from an interdisciplinary perspective.