When Cybersecurity Crises Cross Borders: Effective Cross-Cultural Communication is Key
In today’s interconnected world, the insidious threat of a cybersecurity attack knows no boundaries. With organizations operating across multiple countries and regions, the risk of a cybersecurity incident transcending national borders is inevitable. It is imperative for communicators and business leaders to understand the unique challenges and considerations involved in navigating cross-border cyber incidents, and how to leverage international teams to effectively respond to an incident. Most notably, they must understand the necessity of being nimble and flexible, while keeping up with unique cultural considerations amid the constantly evolving cybersecurity attack landscape.
Gleaning from our own cross-border cyber incident response experience, here are four crucial considerations that we feel should underpin any multi-national organization’s response and communications strategy:
Meet cultural differences head-on
When assembling an international team, it is paramount that cultural nuances are acknowledged, discussed, and embraced. Cultural differences can significantly impact communication styles, decision-making processes, and stakeholder perception. By respecting differences and compromising where needed, communications professionals can help lead on fostering trust and collaboration among cross-border and cross-functional teams, enhancing the efficiency and effectiveness of the response efforts.
It is crucial for crisis managers to be mindful of the cultural nuances and how these factors can impact the way people communicate, use language, and receive feedback—particularly when navigating the pace and intensity of a cybersecurity incident.
When handling a cross-border matter, it is also important to be conscious of the culture where the organization is primarily established. For example, the ways in which Latin American culture shapes the level of involvement from decision makers during a time of crisis.
Define clear lines and preferences of communication from the onset of an incident
In the chaos of a cybersecurity crisis, effective communication with various business units, internal and external advisors, and the senior executive team is crucial to deploying effective crisis response efforts and developing the supplementary materials. It is therefore important that communication guidelines are established collaboratively to ensure consistency, transparency and efficiency, especially when handing off work across time-zones and regions.
Examples of communication protocols:
- Selecting a preferred platform for communication – such as WhatsApp, WeChat, Microsoft Teams, Slack, etc.
- Setting the level of responsiveness expected among team members
- Establishing how the team will primarily make and discuss key decisions, such as via call or through the designated teams chat, and what handover practices will be utilized for information sharing across regions or time zones
There is a great deal of value in having consistent communication handover practices when implementing a follow-the-sun model – a 24-hour incident response monitoring process used when navigating time zone differences during a cross-border crisis. Even though within each region information sharing practices and styles may differ, a standard must be agreed upon and implemented to ensure effective cross-regional information sharing.
Understand that legal, regulatory, and media landscape may differ per region
Various geographies around the world have adopted some form of data protection and privacy laws. However, some countries have different requirements when it comes to disclosing a cybersecurity event to law enforcement and notifying impacted individuals. When a country or region lacks clarity or formal guidance on legal or regulatory disclosure obligations, organizations should lean into widely recognized best practices, such as notifying impacted parties in a timely manner. These regulatory differences also underscore the importance of relying on local legal counsel when navigating different legal or regulatory environments.
Being mindful of the media landscape of the region is also fundamental when developing a media response and outreach strategy. It is important to consider key factors at play including the presence of state-owned media, how localized the media is, and the behavioral patterns of reporters. Having local experts on board is an invaluable asset that will enhance the team’s ability to navigate the complex media landscapes.
Embrace cross-border differences in cybersecurity awareness, incident response and preparedness
While some countries have more advanced understanding of cybersecurity, often evidenced by stronger protection protocols in place, others may be less educated and there under prepared to handle such crises. Despite the jurisdictional differences in regulatory requirement and enforcement, companies need to understand that, commonly, if the cybersecurity crisis topic is not prevalently discussed in publicly accessible media, reactions to these issues tend to be more frantic. Thus, the communications strategy has to be tailored to the level of awareness and understanding by the organization, the target audience and the environment in which the organization operates. For instance, a single organization navigating a cybersecurity crisis that impacted its operations in EMEA and APAC simultaneously must adapt region-specific strategy to meet the moment.
At FTI Consulting, we understand and embrace cultural differences when working across borders – resulting in sophisticated collaborations that deliver favorable results for clients navigating high-stakes and intensely stressful situations. The global nature of our cybersecurity crisis communications team positions us to undertake complex cross-border mandates and affords us continuous opportunities to further develop and enhance the capabilities of our team. The above insights on effective communication during cross-border, cross-cultural cybersecurity incidents are derived from years of firsthand experience. You can find our cybersecurity communications experts in major cities around the world, including a strong presence in the Americas, APAC, and EMEA regions. Learn more about our Cybersecurity & Data Privacy crisis communications practice here.
Related Expertise
The views expressed herein are those of the author(s) and not necessarily the views of FTI Consulting, Inc., its management, its subsidiaries, its affiliates or its other professionals.
FTI Consulting, Inc., including its subsidiaries and affiliates, is a consulting firm and is not a certified public accounting firm or a law firm.
FTI Consulting is an independent global business advisory firm dedicated to helping organizations manage change, mitigate risk and resolve disputes: financial, legal, operational, political and regulatory, reputational and transactional. FTI Consulting professionals, located in all major business centers throughout the world, work closely with clients to anticipate, illuminate and overcome complex business challenges and opportunities. ©2025 FTI Consulting, Inc.
All rights reserved. fticonsulting.com
