The nature of the modern digital ecosystem means the probability of an organization falling victim to a cyber-attack is high.
However, just because the organization has been hit by a cyber incident, that does not mean that the reputation of the business – or the emotional wellbeing of the staff – needs to suffer
There are steps which cybersecurity and business leaders can take to clearly communicate what has happened during an incident and outline the action being taken to restore services to normal, to both internal and external stakeholders.
Key to that, according to senior cybersecurity leaders who have hands-on experience with reacting to major cyber incidents, is to ensure that the business has a strategy playbook in place which leadership can apply in the worst-case scenario.
The advice was given at Infosecurity Europe 2026 on June 3, during a keynote session, titled ‘Crisis Communications – Contingency Plans to Put in Place Now.
What to Put in a Cybersecurity Crisis Playbook: What? Who? How?
Nicola Hudson, partner and global cyber practice co-lead at Brunswick, whose was preciously director of policy and communication at the National Cyber Security Centre (NCSC), noted that a great playbook is not a hundred pages long, but instead concise and focused on three key components.
“One: What type of crisis are you dealing with? Two: Who are you going to have in the room,” she said. “And three: Understand responsibilities and trust each other, everyone needs to know what they are doing, no second guessing or getting angst ridden when you are tired and four days in.”
These three pillars can help set the tone for the rest of the crisis. Dealing with a cybersecurity incident is difficult, but can be made harder because in addition to being a stressful, high-pressure situation, decisions have to be made, even if only small amounts of incomplete information is available.
Ashish Shrestha CEO of Zyn Global and former group CISO of Jaguar Land Rover (JLR) said, “Playbooks don’t fail because of technology, they fail because reality doesn’t follow a script.”
“In the war room, you have immense pressure building. The Information coming to you is not just changing in minutes, sometimes it’s contextless and in fragments. That is the leadership moment: how do you take those fragments of data and start correlating the next steps,” he added.
Managing People During a Technology Crisis Essential
Cybersecurity leaders must remember that dealing with a cybersecurity incident is not just a technical problem, humans and the communications strategy around people need to be managed too.
Who is involved in the response? Who is responsible for what tasks? Who has the authority to make decisions? An organization will have less challenging time dealing with the chaos of responding to an incident if it sets out the structure for this in advance. Especially around internal and external communication
“What survives is your process. Who is doing what? How ae you going to do it?” said Hudson.
“What doesn’t survive in communications is a playbook with every statement you want to do. You have no idea what’s going to happen or what the threat actor will do,” she explained, adding that this is particularly the case if the attacker is in the orgnaization’s network or trying to exert pressure with demands and threats.
“It’s a live crisis communications playbook and you are tweaking it as you go along,” Hudson added.
It is not just external communications and expectations management which cybersecurity and business leaders need to consider. Following an incident, they must also take care to manage the needs and anxieties around their own staff.
For Shrestha, that comes down to insisting that the cyber responders are given the downtime required to stay fresh when dealing with an attack.
“You need to understand how long people have been working. People get tired. Have you practiced that in your playbook? How will you document that,” he said.
“Make sure they eat well. Make your they have a hotel to stay in. Make sure they have time to go home! These are things you need to bake into your human side. We had a roster than said you are staying offline at this time,” Shrestha said, referring to dealing with the major incident involving JLR in 2025.
“It’s an ultra-marathon so you need resilience,” he added.
