InfoSec / Cyber

    You are here:  
  1. Home
  2. InfoSec / Cyber
  3. Effectively communicating during a cyber incident
A lady with a head in her hands with computer screens around her. A cyber incident response plan text. communication planning. data protection education logo
Information/Cyber Security

Effectively communicating during a cyber incident

📢 It's important to be prepared for when a cyber incident happens to you.  Part of that preparation should include having a Cyber Incident Response Plan, and part of that plan should include how to communicate, who does the communication and what they should say.
A cyber incident or cyber attack can be an extremely stressful situation for all parties involved.  The urge to resolve it quickly and get back to normal, can mean steps are missed and misinformation shared.  A clear communication strategy means effective communication both during and after the incident.  The NCSC has recently published guidance about this 👉Effective Communications in a Cyber Incident

In summary:

1. Prepare your communications strategy in advance
  • Outline roles, responsibilities and communication protocols.
  • Identify any external contacts you would need to inform and have their information available.  Don't forget your usual communications channels may not be open to you, so make a plan about how you will do this.
  • Test and review your plan by conducting table-top exercises.

2. Communicate clearly with different parties, and tailor your messaging where necessary
  • Transparency helps build trust and credibility.
  • You may need to manage media coverage, so have something pre-prepared.

3. Manage the aftermath
  • Provide regular updates on the incident.
  • Continue to engage.
  • Consider sharing insights and lessons learned.

Additional information for SLT/Head teachers/CEO's:

As head of the organisation it will likely be your responsibility for responding to a cyber incident. Further help and advice from the NCSC 👉 https://www.ncsc.gov.uk/guidance/ceos-responding-cyber-incidents

Do you have a cyber incident response plan?

Invalid Input

Amazing, you have ticked off an important item for cyber resilience.   Ensure that staff all know about the plan.  If the plan contains printed contact information, ensure it is stored in a secure way.  If you are a school, multi academy trust or college, then you should review the DfE Digital Standards for further cyber robustness.
For further help and guidance and access to the full checklist, please contact This email address is being protected from spambots. You need JavaScript enabled to view it..



The DfE Digital Standards advises schools and colleges that they should have a cyber incident response plan.  Review 👉https://digitalstandardstracker.co.uk/

Over half of small businesses have been hit by a cyber attack.

Harry the Hacker loves to take data that isn't protected!

 

Clipart cartoon with headphones on Please contact us for more help and advice about data protection compliance and cyber security standards: This email address is being protected from spambots. You need JavaScript enabled to view it. including the checklists and best practice. 

 

Try asking the data protection lead in your organisation, or SLT digital lead or contact your DPO:

We can provide help and guidance with data protection compliance, cyber security standards and records management: This email address is being protected from spambots. You need JavaScript enabled to view it. including the full checklist and best practice.
©2025 Data Protection Education Ltd.

Search

  • News