Proactive cyber preparedness

Keys to building a communications plan that successfully prepares companies for a cyber incident

By Lauren Odell, Partner and COO; Michael Landau, Senior Vice President; Ashley Grund, Vice President, Gladstone Place Partners

The prevalence of disruptive and costly cyber incidents has been growing in recent years as hacking groups become increasingly sophisticated in their use of advanced technology and aggressive, deceptive tactics. Cyber criminals are adept at stealing and exfiltrating data, embarrassing companies, taking down applications and causing significant business damage. As such, cybersecurity is a top business risk that keeps security leaders, boards and C-suites up at night. This raises the urgency and importance of having a proactive plan to effectively manage a cyber incident before it hits. Often, the focus of preparedness is on the technical aspects. While these elements are critical, many organizations tend to overlook the important role of communications both before, during and after a breach.

In the last six months alone, there were a number of data breaches at large organizations, including The University of Pennsylvania, Microsoft SharePoint, Kering, Jaguar Land Rover and the Washington Post. The numbers were further exacerbated by the U.S. government shutdown in October 2025, which saw an approximate 85 percent increase in cyberattacks compared to September.

The stakes are high, both financially and reputationally. In 80 percent of cyber incidents investigated by Microsoft’s security teams, attackers sought to steal data for ransom. In addition to financial impact (loss of revenue), there are also severe reputational consequences. A company’s response is put under intense scrutiny by the media and key stakeholders, including employees, customers and regulators. Public companies have additional important considerations, such as SEC reporting obligations and policies with making a ransom payment.

It’s a question of when—not if—a cyber breach will occur. Communications professionals, who are often the first line of defense, sit at the nexus between several key organizational functions and are well-positioned to be a proactive, strategic partner. Comms. leaders can bridge the gap between different areas of the business, identify weaknesses in plans and assemble a team to ensure readiness to manage a potential breach.

Here are four keys to building the foundation to successfully prepare for a cyber incident.

Assemble a core team and identify key advisors

A simple but often overlooked step is identifying and establishing the key players who should be involved in the preparation phase and identifying roles and responsibilities for these individuals in the event of a cyber incident. While the group will look different at every company, it should, at a minimum, include leaders from each line of business, select members of the C-suite and the legal team, including the General Counsel and lawyers who handle SEC reporting obligations. Some companies may choose to involve the CEO in preparation conversations or align first and then brief the CEO and Board members.

The team should select a leader in the event of a real incident and discuss an appropriate meeting cadence—doing this in the preparation phase will help with coordination and developing a clear understanding of roles.

In addition, the core team should define and disseminate core principles to guide the company’s approach to managing all aspects of a cyber incident—such as protecting reputation over business performance—to ensure alignment and provide a structure for addressing key considerations.

In the planning phase, it’s helpful to identify the external advisors who would be involved in a potential cyber incident, as this can be more difficult to do in the moment. This includes outside communications advisors and legal counsel, cyber insurance carriers and forensic accountants.

Map key stakeholders

Effective stakeholder mapping ensures no constituency is overlooked in a crisis while providing the communications team with clear pathways to reach each group. It’s important to consider who the stakeholders are, how they normally receive communications, anticipated questions, mandated disclosures and main messages. In the event there isn’t an established medium to reach a specific stakeholder group, the business can identify this and stage an appropriate channel or venue to communicate with this group.

Mapping key stakeholders will help identify others that might need to be brought into the fold, highlight potential challenges/sticking points and inform key parts of the communications plan.

Develop a communications scenario plan

Given the likelihood of a cyber incident occurring, it’s imperative that companies have a communications plan—contemplating several different scenarios—that could be activated quickly. It’s likely that most companies have a cybersecurity plan from an IT perspective, but it’s paramount that there is a full user-friendly plan that includes stakeholder messaging, key constituent communications and channels used, media statements and contact information for team members. Ideally, this would also be reviewed by the core team so there is a solid foundation to build on during a real incident. While it’s impossible to predict exactly how a breach could unfold, doing the critical work beforehand to develop a detailed communications plan that has buy-in from all key decision-makers will go a long way to providing clarity, comfort and stability for senior management.

Stress-test response and align on decision points in a tabletop exercise

The most actionable way to test preparedness is by simulating a live incident in a tabletop exercise. These exercises are effective in identifying gaps in the company’s response strategy, aligning as a group on key decision points and establishing a holistic incident response and communications plan that the company can quickly put into motion in a real situation.

The exercise should be as realistic as possible, surrounding a breach, exfiltration or ransom note and should target a specific platform or product that the company uses for critical business operations. Public company leaders can have conversations around the materiality of information breached, timing for alerting key stakeholders and regulatory requirements regarding disclosure.

A tabletop exercise creates the space for testing the team’s collaboration, ability to make quick decisions and discuss the thornier issues that may come up in a real situation, including a ransom payment. It forces conversations on the company’s stance on communications as well as legal and ethical matters.

The tabletop exercise can also help surface any perceived weaknesses in the company’s current strategy and close gaps in the current plans. Following completion, companies will be better positioned to utilize the materials, plans, assets and programs in place—there should be a regular cadence of the group meeting again to evaluate any changes and to stay in contact on this topic.

Looking ahead, companies should expect a proliferation of financially motivated attacks, including data theft, extortion and ransomware this year, according to Google Cloud Security’s Cybersecurity Forecast 2026. However, there are several ways that the communications function can bring people together to prepare the company for a cyber incident. In partnership with other areas of the business, communications professionals can move the needle on shaping a plan and bringing key decision makers to the table. At the end of the day, leaders will sleep easier knowing that there’s a well-developed plan and strategy at the ready.

Click "Read More" to view our Article highlighted in O'Dwyer's Magazine

Back To News