Stakeholder Management in Crises

During critical security incidents, effective stakeholder management is as important as the technical response. Clear, transparent, and timely communication maintains trust and enables informed decision-making at every organizational level.

Identifying Stakeholders

C-Level and Board: Informed about business impact, financial risks, and reputational risks. They need an overview and strategic options.

Technical Team: Kept aware of the scope, progress, and challenges of the response. Technical feedback is crucial for decisions.

Legal and Compliance: Assess legal, regulatory, and contractual implications. They advise on notifications and evidence preservation.

Communications/PR: Manage external communication, press releases, and monitor public perception.

Customers and Partners: Informed about service disruptions, data risks, and protective measures.

Employees: Kept aware of the situation, security measures, and how to contribute to the response.

Communication Channels

Executive Meetings: Regular updates for C-level and the board with an incident summary, impact, progress, and next steps.

Status Reports: Concise, frequent documents (daily or hourly) to keep stakeholders informed.

Emergency Alerts: Direct channels (SMS, email) to notify critical stakeholders about urgent events.

Intranet/Internal Announcements: To keep employees informed and prevent rumors.

FAQ and Help Desk: To answer questions from customers and partners consistently.

Communication Content

Transparency: Being honest about what is known and what is not known. Avoid minimizing or exaggerating the situation.

Clarity: Use simple language and avoid technical jargon. Adapt communication to the stakeholder's level of knowledge.

Consistency: Ensure that all communications are aligned and coordinated to avoid confusion.

Empathy: Acknowledge the impact of the incident on stakeholders and express genuine concern.

Actions: Describe the measures being taken to contain the incident, protect data, and restore services.

Next Steps: Communicate what to expect and when to expect new updates.

Managing Expectations

Realism: Avoid unrealistic promises about resolution time or data recovery.

Prioritization: Explain how prioritization decisions are being made and why.

Trade-offs: Acknowledge that there may be trade-offs between speed, cost, and security.

Uncertainty: Admit that not everything can be predicted and that the situation may change.

Board Communication

Frequency: Keep the board informed regularly, especially during critical incidents.

Format: Present information concisely and visually, with charts and executive summaries.

Options: Present different response options with pros and cons to enable informed decision-making.

Risks: Alert about potential risks and financial, legal, and reputational implications.

External Communication

Coordination: Centralize all external communications through a designated spokesperson.

Transparency: Be transparent about the incident, but avoid disclosing confidential information.

Proactivity: Reach out to affected customers and partners before they reach out to you.

Monitoring: Monitor social media and the press to identify and respond to rumors or incorrect information.

Lessons Learned

Feedback: Request feedback from stakeholders about communication during the incident.

Improvements: Identify areas where communication can be improved in future incidents.

Documentation: Document all communications and decisions made during the incident.

Practical Example

Ransomware on the Network: Imagine a ransomware attack that encrypts critical servers.

C-Level: Informed immediately about the potential impact on the business and the need to activate the response plan.

Technical Staff: Receive alerts to isolate systems, start forensic analysis, and look for backups.

Customers: Notified about possible service unavailability and the security measures taken.

Internal: Employees advised not to open suspicious emails and to strengthen passwords.

Board: Presentation with the scenario, options (pay the ransom vs. restore backups), and the risks of each decision.

Communication Checklist

Identify: Who are the key stakeholders?

Define: Which channels to use for each group?

Prepare: Clear and concise messages.

Communicate: Be transparent and proactive.

Monitor: Public perception and respond to rumors.

Learn: From feedback to improve.

Supporting Tools

Alerting Platforms: Mass notification systems (SMS, email) for rapid alerts.

Help Desk Software: To manage customer questions and provide consistent responses.

Media Monitoring Tools: To track mentions of the company and the incident on social media and in the press.

Communication Templates: Pre-approved templates for different incident scenarios.

Final Recommendations

Effective stakeholder management during crises requires advance preparation, structured communication, and transparency balanced with confidentiality. Well-managed stakeholders become allies in the response, while poorly informed stakeholders can amplify damage through speculation and loss of trust.