Damage Control: How to Rebuild Your Reputation After a Cyber Attack

Your organisation has been the victim of a cyber attack and everybody knows it. Losing your data doesn’t have to mean losing your reputation, though. Kate O’Flaherty compiles advice for reputation preservation

It’s a widely accepted truth (not to mention a cliché) that cyber attacks are a matter of when rather than if. Therefore, the focus often needs to switch to how to rebuild your reputation after a breach has occurred.

This question became all too evident for IT provider SolarWinds in 2020, when it fell victim to a supply chain attack that allowed nation-state adversaries to infiltrate multiple organisations and government agencies. Firms including JD Sports, Ferrari, Twitter and Royal Mail have faced a similar reputation challenge after high-profile breaches put their reputations at risk.

Spur-of-the-moment decisions can have long-term consequences. Take the example of Uber, which was hit with a data breach in 2016 and kept it secret for over a year. “They lost the trust of customers and regulators, who accused them of covering up the incident,” says Matthew Metcalfe, MD of Holker IT.

Experts agree that clear, concise and transparent communication is the key to limiting the damage to a firm’s reputation following a cyber attack, but it’s not easy to get right.

The good, the bad and the ugly

Responses to data breaches range from the good to the bad and the ugly. Let’s start with the good. The 2023 Ferrari breach is an example of sterling post-attack communications, says Lisa Forte, founder at Red Goat Cyber Security. “When [Ferrari] was breached in early 2023, it composed a series of brilliant client communications signed by the CEO. The organisation demonstrated how vital it is to be open, honest and transparent without oversharing: Things you don’t yet know can cause panic too.”

 The FireEye breach in 2020 was another example of a good response, says Craig Jones, vice president of security operations at managed detection and response provider Ontinue. “After discovering a breach tied to the SolarWinds attack, FireEye proactively disclosed the incident and worked with partners to mitigate the threat. Their transparency and leadership helped maintain their reputation as a leading cybersecurity firm.”

“Their transparency and leadership helped maintain their reputation as a leading cybersecurity firm” Craig Jones, Ontinue

Another example of exceptional post-attack communications is JD Sports, praised for cooperating with the UK regulator, the Information Commissioner’s Office, to investigate the attack and outline its approach to preventing similar breaches in the future, says Trevor Dearing, director of critical infrastructure at Illumio.

When DLA Piper was hit by the NotPetya ransomware in 2017, the law firm was transparent about the attack. “It actively communicated with clients and shared its experiences to help others in the industry,” Jones says. “This transparency and proactive communication helped minimise reputational damage.”

At the other end of the scale, the 2020 high-profile Twitter hack compromised accounts, including Joe Biden and Elon Musk. “Initial communication from Twitter was vague and insufficient, leading to confusion and concern among users,” says Jones. However, he concedes that the company later provided detailed updates on the investigation, helping to alleviate some of the reputational damage.

Some firms are able to turn things around. Let’s take Garmin as an example. The GPS device company suffered a ransomware attack in 2020. Initially, poor communication and a slow response frustrated customers and impacted its reputation, but the firm later provided updates and assurances about how it was keeping user data safe. This helped restore confidence, says Jones.

The 2020 SolarWinds attack was also a hit-and-miss affair, partly due to the high-profile nature of the breach. “SolarWinds’ transparent communication and collaboration with industry partners and government agencies helped limit reputational damage,” says Jones. Yet the scale of the breach and its impact on national security led to “intense scrutiny and long-term reputational challenges”.

Rebuilding your business

Following a cyber attack, rebuilding trust to avoid long-lasting reputational damage is crucial.

There are two significant challenges when communicating a cyber attack: When to communicate and what to confirm, says Kate Brader, senior MD and crisis communications expert at FTI Consulting. “The most common mistakes are saying nothing to customers and trying to downplay the extent of the issue. People will forgive you for making a mistake, but they won’t forgive you for not trying to put it right.”

Understand the concerns of your stakeholders, says Forte. In addition, she says, keep people updated—even if all you can say is, “We are working on it”.

Meanwhile, don’t put out ‘faceless’ communications. “Put a name to them, ideally the CEO, CFO or COO as it’s more sincere,” Forte advises. “Reputational damage is hard to quantify, especially in the turbulent economic times we find ourselves in. But if you use a cyber attack as an opportunity to practice your comms ‘improv skills’, you will end up in deep trouble. What you say is as important as what you do in an incident.”

“People will forgive you for making a mistake, but they won’t forgive you for not trying to put it right”Kate Brader, FTI Consulting 

Be transparent about what happened, the steps taken to resolve it, and the measures being implemented to prevent it from happening again, advises Jones. “Invest in cybersecurity improvements and communicate this to stakeholders. Engage with customers, partners and regulators to rebuild trust and demonstrate a commitment to security.”

Brader says that much of rebuilding trust can be done in direct communications and engagement with customers, clients and partners. This can vary from daily update calls to sharing indicators of compromise, she says. “We have worked with clients that went on to update their crisis and cyber response frameworks and then demonstrated to partners how they would use this to rebuild trust.”

Metcalfe says it’s essential to communicate proactively when you talk to customers and partners. “Communicate regularly via email, social media, or other channels your target audience use, with timely updates on your progress in handling the situation.”

Planning is fundamental, says Will Richmond-Coggan, a partner at the law firm Freeths. “An incident response made up as you go along will never be as effective as one that has been carefully planned and thought through ahead of time.”

He recommends that organisations send a “prompt targeted notification to those affected” by the breach. “This can tell them what has happened and the implications, as well as detailing the steps put in place to safeguard affected information or mitigate against any risks.”

While this level of planning can be challenging, the boost in customer loyalty and confidence will more than makeup for it, Richmond-Coggan says. “The reduction in threats to your reputation, such as regulatory intervention and legal claims, more than repays the effort.”