decorative image

Tips for effective employee communication in the event of a cyberattack

Companies are on high alert for cybersecurity breaches from ransomware attacks to phishing schemes—cyberattacks are up as much as 148% over the last year. There is constantly some new threat to be on the lookout for, but even so not all organizations have a cyberattack communication and response plan in place. A third of organizations say they are not aware of or not sure about emergency plans for incidents such as cyberattacks and system outages.

Not being prepared for an attack can cause serious harm to both companies and their employees. A report by IBM found that the average time for an organization to detect a data breach was 280 days. In that time, significant damage and costs can be inflicted, and companies can't waste any time determining a procedure to follow up after the fact.

Just as a company would plan and practice what to do in the case of any other emergency (like a fire drill or active shooter incident), there should be procedures in place for cyberattacks. That response plan should prioritize emergency communication to employees to keep them informed and mitigate as much damage as possible. Read on for four tips to improve your organization's cybersecurity response plan.

1. Communicate quickly

If a breach occurs, there is no time to waste letting employees know what's going on, but getting in touch with everyone can be difficult if a server or network goes down. With many companies managing dispersed workforces, more information is accessed digitally (meaning more information is potentially at risk) and it takes longer to communicate with everyone in different time zones and on different schedules (meaning more time is lost).

To overcome these obstacles, companies should plan to communicate across multiple channels to effectively reach employees. Especially for a mobile, remote and traveling workforce, companies can no longer rely on time-intensive and manual methods, such as call trees. Instead, a mass notification system is needed to alert employees of cyberattacks, security outages and any other emergency. To reach as many employees as possible, who may have different work schedules, locations and communication preferences, companies should send out alerts via SMS, email, voice, desktop notifications and other channels.

Targeted messaging should be sent using incident response templates to notify specific recipients. Your IT response team should be alerted to assess the breach, take actions to fix the issues, and reduce the impact on your operations and your customers' businesses. Your executive team should be apprised of the situation to follow protocols for crisis response and communication. Your crisis communications team should monitor social media and public perception, determine how to keep control of the situation and when to issue external statements.

Employers need to be vigilant about communicating in the wake of a cyberattack so that employees are informed and know what steps to take to minimize the risk. Mass notification systems and other communication tools can send instant and targeted notifications quickly and efficiently.

2. Give clear, actionable information

Companies should provide clear and concise information so that there is no confusion about what has happened and what the plan is going forward. If there has been a breach, be proactive to let employees know immediately. Provide explanations as to what's happening and what systems have been affected. After all, you want them to hear the news first from you, not from media, social channels or other unreliable sources.

Provide them with clear instructions to follow to reduce impact on the operation of your business. Initiate your crisis communication plan and inform employees about internal protocols and external statements. For instance, if documents with sensitive information have been compromised, what is the expectation for how employees should handle that? If external stakeholders are not yet aware of the situation, making that clear can help minimize additional damage to the business's reputation.

Being honest and direct with what you know so far about the situation will reassure employees during an event that can be chaotic. Explain how the organization plans to handle the attack and be transparent so that employees are aware of the communication and response plan.

3. Keep employees updated

Immediately following a cyberattack, an organization may not know every detail about the event. Be open about the fact that the situation is evolving and be sure to follow up when new information becomes available.

Update employees on any changes to standard business processes. If it is not safe to use certain systems, give employees information on what is being done to restore normalcy. These continuous touchpoints will let your team know they are still in the loop throughout the process.

Employees should be receiving the most current information directly from their organization for a single source of reliable truth. If information is trickling through gossip networks or coming from external media, employees can quickly lose trust in their leadership. The news that employees get from other sources may be inaccurate and cause further confusion, so it's crucial to ensure information is up-to-date. Even if there isn't specifically new information, notifying employees that leadership is continuing to manage the situation will keep everyone composed.

4. Don't wait until a breach occurs to make a plan

Organizations need a communication plan in place before a breach occurs in order for it to be effective. If leadership wants to send a message to employees, but they don't have a system established to do it efficiently, valuable time will be spent coordinating outreach. This can all be avoided by proactively instituting a cyberattack communication strategy. Then, if a breach does occur, employees can have all the information they need to stay informed.

How an organization communicates with employees throughout a breach is representative of its preparedness and priorities. Employees need to be informed to do their jobs effectively, and leadership can minimize losses and alleviate concerns by providing updates.

Better preparedness for a cyberattack includes a communication and response plan that ensures your employees are informed, your teams are collaborating towards a quicker resolution and your organization is mitigating the impact to business continuity.

This article was written by Emily Payne from BenefitsPro and was legally licensed through the Industry Dive Content Marketplace. Please direct all licensing questions to


Voya is aligned with Department of Labor cybersecurity best practices

On April 14, 2021, the Department of Labor published information security guidance to ERISA plans. Voya’s information security program has been built on a foundation using recognized best practices and information security frameworks. It is aligned to the core standards highlighted by the DOL.

Read more about Voya’s alignment with DOL best practices.