As high-profile cyberattacks continue with increasing frequency, one of the biggest challenges facing cybersecurity communications professionals in the next year is the speed at which companies will be forced to respond during a cyberattack. There has been a rapid acceleration of media coverage and public panic in response to the latest high-profile attacks, which will place increased pressure on communications teams to prepare, gather information and orchestrate a meaningful response without exacerbating the crisis at hand.
It’s no longer sufficient for communications professionals to simply monitor social media for keywords and hashtags or rely on law enforcement agencies for official statements. The responsibility of responding with information has shifted from external communicators to internal crisis managers and their teams. This shift has been happening over the past three years, but it will continue to accelerate in the next few years as we see more cyberattacks that cause widespread disruption within a community or industry.
All eyes are on communications professionals as they coordinate their teams to craft content that is transparent and accurate while also addressing the interests and privacy concerns of consumers, employees, shareholders and business partners. They must also help shape the organization’s message so that it resonates with a variety of people using different channels — and all within seconds.
As threats like ransomware become more sophisticated, communications experts need to anticipate the ways these threats will evolve — and prepare for them accordingly.
Here are seven predictions on what we will see in cyber communications in 2022:
- The best communications offense is a good defense: The proliferation of devices and channels — from mobile to voice, video, email and social media — has made customers more demanding in the way they want to be communicated with, and threat actors are using these same channels to monitor and possibly engage with customers. In 2022, communications teams will consider how to use communications tools, including social media, to gain insights into the motives, methods and vulnerabilities of threat actors, so they can better defend their organizations against them.
- Communications could be weaponized, and threat actors will be more brazen: We’ll see more communications leaks than ever before in the year ahead. Cyber communications leaders must act as if all communications to employees will be read by threat actors, and assume that threat actors will communicate directly with customers and other stakeholders in an effort to undermine the company’s position and further damage its reputation.
- Companies will invest in communications channel redundancy: Competitive pressures will drive companies to invest in redundancy, including backup communications tools and platforms that arm their teams with the ability to communicate when their primary platforms, such as email or instant messaging, are down during a cyberattack.
- Communications teams may be caught in the middle: Negotiations with threat actors will weigh heavily on communications teams, who will be torn between their conflicting responsibilities to be as transparent as possible with stakeholders while still managing their responsibility to protect the company’s reputation. In every cyberattack situation, communications leaders will need to be prepared to counsel the company C-suite on the pros and cons of paying ransoms, how to communicate news of the attack to key stakeholders and the public, and how to report details to law enforcement as needed.
- Cyber communications planning could become a requirement: Expect new regulations around communications management because cybersecurity incidents have become such a significant economic detriment both quantitatively and qualitatively. New requirements may focus on incident management processes, communication plans, metrics, documentation and reporting processes, and allocation of internal resources (including both personnel and budget).
- Cyber communications will become integrated: Truly effective cybersecurity communications programs will be integrated into an organization’s public relations plan as part of a broader approach to risk management and crisis communication. At present, cybersecurity communications is not yet widely accepted as a practice or discipline for many organizations, but that will change as demonstrated need increases and legal requirements emerge.
- Cyber communications will become a team sport: In 2022, we can expect more open communication surrounding cybersecurity, and increased collaboration between different communications operators and vendors. Users will increasingly demand greater use of digital tools for remote work, shopping, streaming and learning, which will increase their exposure to cyber threats, but will also create more opportunities to educate them about how to protect themselves from data breaches. Companies will spend more time educating networks of employees, customers and vendors on cybersecurity preparedness, and chief information officers will share post-breach information and playbooks with each other more readily, all in an effort to combat future attacks.
Cybersecurity is no longer just a technology issue; communications now play a central role in preparing for and responding to cyberattacks. As more companies face the reality that these events are inevitable, we expect more investment and attention to be paid to the communications function and its preparedness to respond to future breaches. It’s up to communicators now to make sure we’re ready for it.