This is the new reality.

It starts with a ping—a frantic message from IT, a cryptic alert from a security system, or, worse, a call from a journalist who knows more about your company’s data breach than you do. In today’s digital reality, the question for business leaders is no longer if a cyber crisis will happen, but when—and how prepared they are to communicate when it does.

The cost of complacency

The numbers are staggering. In Germany alone, cybercrime results in an estimated €267 billion in damages each year. Globally, the average cost of a data breach reached $4.9 million in 2024. These aren’t theoretical risks; they are existential threats that can cripple operations, erode trust, and send share prices tumbling.

Consider the recent case of a global automotive supplier. It took more than three months to comment on a major data breach. The delay left customers, partners, and regulators in the dark—and the company’s reputation hanging by a thread.

Or take the example of a multinational legal services firm cited by Kekst CNC: “The ransom negotiations have just been leaked online.” Suddenly, the crisis became about more than data—it was about narrative control, trust, and demonstrating competence under pressure.

Why cyber crisis communication is different

Traditional crisis management playbooks don’t cut it when the adversary is untraceable, the facts are incomplete, and the threats evolve by the hour.

Cyber incidents are uniquely fluid. Threat actors are unpredictable, and the internal and external pressure to respond often arrives before leadership even fully understands what has happened.

Unlike a product recall or a natural disaster, a cyber crisis is usually shrouded in uncertainty. Hackers may still be inside the system. Regulators, law enforcement, and stakeholders are demanding answers immediately. Sympathy is in short supply. The public no longer sees companies as victims. They expect transparency, speed, and accountability.

Delaying or obscuring the truth can quickly widen a trust gap that’s difficult to close.

The anatomy of a cyber crisis response

Effective cyber crisis communication is not a solo act—it’s a coordinated team effort.

A strong and effective Crisis Incident Response Team (CIRT) should include senior leadership, cybersecurity and forensic experts, legal counsel, insurance providers, and—critically—strategic communications professionals.

This multidisciplinary team must be prepared to:

• Instill readiness: Preparation allows for a coordinated, rapid response. Unfortunately, this step is often neglected. Cost is commonly cited as the barrier. But the cost of inaction is much higher. That business case must be made.
• Identify and understand all stakeholders: Direct, tailored communication to priority audiences—not just the media—is essential during a crisis.
• Guard against narrative failure: Cyberattacks are stressful, and communication infrastructure may be compromised. Managing the public narrative and internal communications is vital to prevent speculation and contain reputational damage.
• Close the loop and learn: After the dust settles, companies must shape a new narrative that restores trust. A thorough after-action review identifies critical learnings and mitigates future risk. Yet many organizations skip this step, relieved the attack is over—unwittingly setting the stage for the next one.

In one instance, a global enterprise learned the hard way: “The hacker has disabled our systems again—and this time, the data is gone.” Speaking too soon, or too vaguely, can backfire. Clarity matters. Precision matters. Timing matters.

The human factor: internal audiences and the dark web

Cyber crises don’t just affect customers and regulators. They directly impact employees, suppliers, and entire industries, such as healthcare or higher education.

Kekst CNC’s experience shows that empowering internal audiences is vital. When staff are left in the dark, they may unintentionally leak information via their own social channels or lose confidence in leadership.

Meanwhile, the crisis doesn’t only unfold in war rooms and newsrooms. Threat actors are communicators too—leaking stolen data, negotiating publicly, and even reaching out to employees directly. That’s why real-time monitoring of online chatter and the dark web is a core requirement, not a luxury. Monitoring social media is by far not enough.

Preparation: the missing link

Despite the stakes, only 49% of companies have a formal crisis communications plan in place, according to the consulting firm Capterra. For highly regulated sectors—like financial services under the EU’s Digital Operational Resilience Act (DORA) or the NIS-2 regulation—such plans are no longer optional; they’re a legal requirement.

Kekst CNC recommends that every organization, regardless of size or industry, take the following steps:

• Define and connect the crisis management team: Know who's in charge and how to reach them in an emergency.
• Establish clear protocols: Document roles, escalation paths, and responsibilities.
• Set up failsafe communication alternatives: Prepare for scenarios where traditional channels like email or messaging tools may be compromised.
• Map stakeholder communication: Identify who needs to be informed, what they need to know, and by whom.
• Run scenario-based rehearsals: Develop, test, and refine template materials—such as holding statements, Q&As, and media responses—under simulated pressure.

Lessons from the field

Real-world incidents never follow scripts.

Kekst CNC has supported clients dealing with everything from leaked negotiation emails to ransomware gangs calling employees’ personal phones with threats.

One infrastructure provider learned that paying the ransom isn’t a quick fix. The reputational backlash was as damaging as the technical breach. A packaging and logistics company discovered that a fragmented, siloed response team hindered their effort to respond effectively. And an international hotel brand realized the power of customized communication—language that resonates with regulators may not reassure guests or investors.

The new boardroom agenda

Cyber risk is no longer just an IT problem. It’s a strategic, reputational, and financial issue. Cyber crisis communication is now a core capability for today’s leadership. The way a company manages its worst day may impact its future more than the event itself.

In a world where 309,000 new malware variants emerge daily, the only constant is uncertainty. The winners won’t be those with the best products or the deepest pockets. They’ll be the ones who are prepared: who practice, act fast, and communicate with leadership, resilience, and empathy.

When the hackers come calling, your systems aren’t the only thing at risk. Your reputation is, too. Will you be ready to answer?