Crisis Communication during Cyber Attacks

In 2019, the police registered more than 100,000 cyber attacks in Germany – 15% more than in the previous year. The total damage: over 100 billion euros. Every second company has been affected.

In recent years, such attacks have increasingly involved the targeted theft of sensitive data. Whereas a few years ago the main objective was to control IT systems, including ransom rackets for release, today the hackers focus specifically on the reputation of companies. Extensive data theft of company secrets and customer data is used to blackmail companies in a targeted manner. By gradually leaking individual data records in the darknet or feeding them directly to customers, the reputation of the affected company is deliberately played on.

In addition to IT forensic and legal expertise, communicative experts are always in demand in such cases. This is particularly true for companies that have not yet implemented preventive crisis communication management and are therefore not prepared for such cases.

We support companies in making the right communication decisions both preventively and in acute crisis situations through our many years of expertise in crisis communication.

Whether it is the drafting of a crisis communication manual as prevention for an emergency or ad hoc crisis communication. In this case, our crisis emergency team is on site within a few hours and takes over all communication tasks, from setting up a crisis communication room, establishing a communication cascade to planning, developing and implementing all internal and external communication measures.

Depending on your needs, we integrate our strong partners consisting of IT forensic experts, lawyers and providers of digital communication solutions.

Our Services

Crisis Prevention

(pre-crisis)

✔ Development & Implementation Crisis Communication Management
(analysis, strategy, manuals/crisis communication systems, flow charts, processes, resources etc.)

✔ Review of existing crisis communication systems
(risk scenarios, manuals/crisis communication systems, processes, resources etc.)

✔ Training of the organization
(media & conflict training, workshops & coaching, crisis exercises etc.)

+ Optional: IT audit and implementation of security solution
(Through our partners in the field of IT forensics, we can check and secure your entire IT infrastructure on request)

Ad-hoc Crisis Communication

(during the crisis)

✔ 24/7 readiness and monitoring
(within 6 hours on site within Germany, or 12 hours within Europe).

✔ On-site consulting
(situation and risk analysis, strategy and action recommendations etc.)

✔ Organizational crisis management
(resource management, crisis handling, support of the crisis team, etc.)

✔ Operational crisis communication
(monitoring, support of internal and external communication, press work, etc.)

+ Optional: Incident Response Management
(n addition to crisis communication, we can also offer the complete management of the security incident through our partners in the IT forensics sector)

Reputation Building

(after the crisis)

✔ Analysis of the loss of reputation
(Surveys, online research, evaluation of press articles etc.)

✔ Development & implementation of reputation campaigns
(strategy development, implementation and management)

Numbers

102.9 billion EUR

economic damage in 2019 due to sabotage, data theft & espionage

3.35 million EUR

is the cost for an average security incident in Germany.

75%

of all companies are affected by cyber attacks, tendency increasing.

Negative examples for Crisis Communication during Cyber Attacks

Yahoo

Yahoo
Uber

In 2013, the web service provider Yahoo fell victim to a (ransomware) hacker attack in which all user data of its more than 3 billion customers was stolen. Instead of informing those affected promptly, Yahoo concealed the incident despite its legal obligation to inform. After the incident became known and Yahoo attempted to conceal it, the value of the Web service provider’s business fell by $350 million as part of the pending acquisition by Verizon. In early 2020, Yahoo was also sued for an additional compensation payment of 117.5 million dollars, which the Web service provider must now pay out to its affected customers. The trust of customers and business partners has been permanently damaged.

In 2016, the driving service provider Uber covered up the theft of the data of around 57 million drivers and customers, despite the legal obligation to report it. The public only learned of the cyber attack in 2017 – a whole year later. Another explosive aspect of the security incident at Uber was that the driving service provider preferred to pay the hackers $100,000 to destroy the data again instead of reporting the incident to the authorities and informing affected users. In addition to the shitstorm on social media and the negative press reports in leading media worldwide, the cover-up of the incident now has criminal consequences for one of the responsible managers. The U.S. Attorney General’s Office is bringing charges against Uber’s former head of security, Joseph “Joe” Sullivan, for obstruction of justice and the cover-up of a crime.

Contact

Crisis Communication during Cyber Attacks

Your contact person

Jannik Hansen
Director

+49 (0)40 52 47 032-0

info@ziegler.company