* [Blog](https://www2.paloaltonetworks.com/blog)
* [Security Operations](https://www2.paloaltonetworks.com/blog/security-operations/)
* [Must-Read Articles](https://www2.paloaltonetworks.com/blog/security-operations/category/must-read-articles/)
* Top 10 Best Practices for...

# Top 10 Best Practices for Cyberbreach Post-Crisis Communication

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fsecurity-operations%2Ftop-10-best-practices-for-cyberbreach-post-crisis-communication%2F)  
[](https://twitter.com/share?text=Top+10+Best+Practices+for+Cyberbreach+Post-Crisis+Communication&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fsecurity-operations%2Ftop-10-best-practices-for-cyberbreach-post-crisis-communication%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fsecurity-operations%2Ftop-10-best-practices-for-cyberbreach-post-crisis-communication%2F&title=Top+10+Best+Practices+for+Cyberbreach+Post-Crisis+Communication&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www2.paloaltonetworks.com/blog/security-operations/top-10-best-practices-for-cyberbreach-post-crisis-communication/&ts=markdown)  
\[\](mailto:?subject=Top 10 Best Practices for Cyberbreach Post-Crisis Communication)  
Link copied  
By [Mark Brozek](https://www.paloaltonetworks.com/blog/author/mark-brozek/?ts=markdown "Posts by Mark Brozek")  
Nov 03, 2016  
4 minutes  
[Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown)  
[Cortex XSOAR](https://www.paloaltonetworks.com/blog/tag/cortex-xsoar/?ts=markdown)  
[Incident Response](https://www.paloaltonetworks.com/blog/tag/incident-response/?ts=markdown)  
[incident response plan](https://www.paloaltonetworks.com/blog/tag/incident-response-plan/?ts=markdown)  
[SOAR](https://www.paloaltonetworks.com/blog/tag/soar/?lang=ja&ts=markdown)

According to an article appearing in AT\&T Cybersecurity Insights, 62 percent of all organizations surveyed admitted that they had suffered a breach in 2015. Furthermore, although 42 percent reported that the breach had a "significant negative impact" on their company, only 34 percent felt that they had an effective plan for responding to the incident. One critical element that is often lacking in an incident response plan is a clear strategy for communicating the cyberbreach with all parties requiring notification.

After a cyberattack, the following Top 10 best practices for managing your post-crisis communications can prove beneficial:

1. \*\*Silence is not golden after a cyberbreach.\*\*Organizations need to communicate quickly, but be wary of over-communicating. If necessary, issue a "hold statement" that conveys that the team is aware of the issue, is investigating the cyberbreach, and will provide more information as it becomes available.
2. \*\*Ad lib statements are not advisable.\*\*An effective incident response plan should include boilerplate prepared statements that have already been approved by stakeholders for use following a breach. Rely on these statements rather than off-the-cuff comments.
3. **Deliver communications in clear terms that avoid overly technical terms or industry jargon.** If the message lacks clarity, people might think the organization is hiding something. For similar reasons, avoid responding to questions with a terse "no comment".
4. **All communications should maintain the same voice.** This does not mean that only one person needs to handle all communications. It simply means that communications should deliver a consistent message and use a consistent tone.
5. **Focus on the people affected by the cyberbreach rather than the breached organization.** Breach notification should simply be a part of a customer relationship strategy, as well as a part of an incident response plan. Customers need to feel that the organization cares about the impact that the breach might have on them and that the organization will take care of their problems. Express concern for their inconvenience in a sincere manner without acknowledging any wrongdoing by the company.
6. **Do not overlook employees.** They need to be kept in the loop and provided with any guidance that they might need.
7. \*\*Have an effective means of communication.\*\*Consider dedicating a section on the existing website or creating a separate website where customers and the media can find current information. Organizations might consider using an intranet site for employees, vendors or others who already have access to the intranet.
8. **Take a proactive approach** to communicating the positive steps that the organization is taking to respond to the cyberbreach\*\*.\*\* Report on the recovery or corrective measures, as well as the progress of your investigation.
9. **Keep promises.** If an organization has promised employees that they will be provided with statements that they can use to respond to calls from customers, make sure to follow through. If a press conference has been promised at a specific time, ensure that the spokesperson is there. If customers have been promised additional information as soon as it is known, deliver it in a timely manner. Avoiding the press or your customers will only contribute to the suspicion that the company has something to hide.
10. **Maintain a comprehensive communication plan**. Last but not the least, the above points should be captured in a comprehensive communication plan which is available to all the stake holders inside the organization.

Cyberbreaches continue to occur at an ever-increasing rate. How a company handles communications after a breach can have a significant impact on public perception as well as customer relations. These communication best practices are critical for creating a positive perception about the company in time of crisis. It is also a must to have these processed documented and tracked to see if they are followed appropriately. Conducting mock exercise and analyzing the responses from different teams for these can help in being better prepared for when the real attack occurs.

This article was originally published on the Cyber Defense Magazine: [http://www.cyberdefensemagazine.com/newsletters/october-2016/index.html#p=52](http://www.cyberdefensemagazine.com/newsletters/october-2016/index.html#p=52)

*** ** * ** ***

## Related Blogs

### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown)

[#### Think Like a Hacker --- What CISOs and Executives Should Know About Cyber Risk](https://www2.paloaltonetworks.com/blog/security-operations/think-like-a-hacker-what-cisos-and-executives-should-know-about-cyber-risk/)

### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown)

[#### 6 Questions You Must Ask for a Successful Incident Response](https://www2.paloaltonetworks.com/blog/security-operations/6-questions-you-must-ask-for-a-successful-incident-response/)

### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown)

[#### 5 Steps to an Effective Data Incident Response Program](https://www2.paloaltonetworks.com/blog/security-operations/5-steps-to-an-effective-data-incident-response-program/)

### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown)

[#### Cortex XSOAR for Automated Ransomware Response](https://www2.paloaltonetworks.com/blog/security-operations/cortex-xsoar-for-automated-ransomware-response/)

### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Partner Integrations](https://www.paloaltonetworks.com/blog/security-operations/category/partner-integrations/?ts=markdown)

[#### Introducing Automated Firewall Management and Incident Response](https://www2.paloaltonetworks.com/blog/security-operations/introducing-automated-firewall-management-and-incident-response/)

### [Use-Cases](https://www.paloaltonetworks.com/blog/security-operations/category/use-cases/?ts=markdown)

[#### Ten Security Orchestration Myths and Clarifications](https://www2.paloaltonetworks.com/blog/security-operations/ten-security-orchestration-myths-and-clarifications/)

### Subscribe to Security Operations Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www2.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language