how to communicate effectively in a cyber attack
TRANSCRIPT
How to communicate confidently about cyber incidents
17th November 2016
LOST IN CYBER SPACE
2 | Regester Larkin © 2016
WHAT’S THE ATTRACTION FOR JOURNALISTS?
“The bedrock of most mainstream journalism is ‘crime stories’. Throw in the factors of being mysterious and new and it becomes a perfect story.”
“Cyber attacks are really interesting to me because they represent change and a new threat.
“When names like Tesco are involved it becomes the fall of the mighty. Big business failure is always a good theme.”
“Normal people don’t really understand what a cyber attack is. They know it matters and it’s one of the primary ways society could be plunged into chaos! That makes it terrifying and more interesting.”
“We can all relate to upset consumers –the ultimate ‘it could be me’ story. Even better when schadenfreude is a factor.”
“Spooks in real life… what’s not to love?!”
3 | Regester Larkin © 2016
• So much is unknown
• Fast moving and constantly changing picture
• Speculation and criticism is rife
• Police involvement may limit what you can say
• Great deal of misunderstanding about cyber
• Difficult to explain technical details in a simple, sympathetic, reassuring way
• Changing landscape
WHY ARE CYBER ATTACKS SO HARD TO MANAGE?
DO THE OLD RULES OF CRISIS COMMUNICATION STILL APPLY?
5 | Regester Larkin © 2016
1. DEMONSTRATE YOU’RE IN CONTROL
7 | Regester Larkin © 2016
DEMONSTRATE YOU’RE IN CONTROL
“I think we did the right thing to go out early and warn our
customers so that we could help make them safer, and
they could protect themselves”
11/11/15
8 | Regester Larkin © 2016
DEMONSTRATE YOU’RE IN CONTROL
Interview on BBC Radio 4 Today programme
Benny Higgins, CEO of Tesco Bank
07/11/16
9 | Regester Larkin © 2016
• Did either company appear to be in control?
• Was one more in control than the other?
• Why? What can we learn?
DEMONSTRATE YOU’RE IN CONTROL
10 | Regester Larkin © 2016
CAN YOU REASSURE CUSTOMERS YOU’RE IN CONTROL WHEN YOU DON’T KNOW WHAT’S HAPPENED?
• Communicate with confidence that you know your systems / infrastructure
• What data is held
• How data is stored
• Confidence in cyber terms and language
• What you’ve done to minimise chances of this happening
• Investment in cyber resilience
• What you’re doing in response?
• Doing everything in your power to rectify the situation (proof points)
• Speak confidently about your cyber response
• Who’s involved? What’s happening?
11 | Regester Larkin © 2016
CAN YOU BE IN CONTROL OF SOMETHING UNAVOIDABLE?
Interview on BBC Radio 4 Today programme
Benny Higgins, CEO of Tesco Bank
07/11/16
12 | Regester Larkin © 2016
CAN YOU BE IN CONTROL OF SOMETHING UNAVOIDABLE?
“We are spending a lot of time and resource and energy making our defences even stronger, we will continue to do that indefinitely.
This is a war of attrition between us and the criminals who are trying to break in. We will build higher walls, and they will build higher ladders and we will build higher walls and that is the way it is going to be forever.”
“We invest very heavily in preventative measures…
But in the modern world – we see it time and time again – it is impossible to be totally impregnable.
It is our absolute responsibility and something we take very seriously to put customers first…”
2. CONTAIN THE ISSUE
14 | Regester Larkin © 2016
CAN YOU CONTAIN SPECULATION?
15 | Regester Larkin © 2016
There are elements of this that look unprecedented and it is serious, clearly.
Andrew Bailey, Chief Executive, FCA
It is likely that either Tesco's internal systems, or its mobile application, have been hacked.
Ian Mann, Chief Executive, ECSC (cyber security service)
One estimate is that Tesco Bank could be fined nearly £2bn under GDPR rules for this incident.
Nigel Hawthorn, Chief European Spokesperson, Skyhigh Networks
CAN YOU CONTAIN STAKEHOLDER REACTION?
It is troubling. Banks have a long way to go to improve the resilience and security of their IT systems.
Andrew Tyrie MP, Chair of Treasury Select Committee
We identified these types of attacks months ago. The number of time we reached out to Tesco was shocking. Elad Ben-Meir, Cyberint
It will take a significant period of time to understand the incident given the technical complexities involved.
National Cyber Security Centre
I've not heard of an attack of this nature and scale on a UK bank where it appears that the bank's central system is the target.
Prof Alan Woodward, Ex-Security Consultant for Europol
16 | Regester Larkin © 2016
• It isn’t helpful “to assume the worst…”
• Point downwards at confirmed/expected numbers
• Point out what isn’t affected
• Use non-inflammatory language (cyber attack vs. data breach)
• Limit speculation about perpetrators, impact, motive etc
• Don’t give running commentary / fuel the fire
• Focus on what you do know
• Work closely with likely credible commentators
Set realistic expectations internally… you will receive criticism, there will be inaccuracies, there will be wild speculation.
Was Tesco Bank even hacked?
HOW CAN YOU CONTAIN THE PROBLEM?
3. DEMONSTRATE CARE AND CONCERN
18 | Regester Larkin © 2016
DEMONSTRATE CARE AND CONCERN
19 | Regester Larkin © 2016
DEMONSTRATE CARE AND CONCERN
“I’d like to apologise for the worry and the inconvenience that this issue has caused…”
“It is our absolute responsibility and something we take very seriously to put customers first…”
20 | Regester Larkin © 2016
CARE AND CONCERN
• Don’t play the victim card, it doesn’t work in cyber attack
• Remember that stakeholders may feel let down
• Show that you understand this is a personal and emotive issues
• Show regret and contrition
• Communicate directly with customers
BEING PREPARED: WHAT CAN YOU DO TODAY?
22 | Regester Larkin © 2016
PREPARE YOUR PEOPLE
People
Media train
Exercise
Discuss difficult issues
Engage IT
teams
Engage senior
leaders
"I've never been so scared
in a business context as I
was that first week. Really
properly terrified.... None of
my training had prepared
me for this.“
Dido Harding 2016
23 | Regester Larkin © 2016
PREPARE YOUR COMMUNICATIONS
Playbook
Map key risks
Checklists
Simple, effective message
List regulators
Key terms
24 | Regester Larkin © 2016
Ben Overlander
Director
020 3179 6000