Why a Communications Team Cannot Go It Alone in a Cybersecurity Crisis: The case for hiring cybersecurity crisis communications specialists
When an organisation becomes aware of a potential cybersecurity event, their leadership teams are often quick to engage a number of outside advisors within the first 24 hours: their outside counsel who specialises in cybersecurity incident response and breach notification laws; technical experts experienced in remediation, recovery and forensics investigations; and ransom negotiators trained in how to effectively dialogue with various threat actor groups.
So then why do some victim companies wait to engage cybersecurity crisis communications advisors far later in the incident response process, or sometimes not at all?
The short and most logical answer is that cybersecurity crises are simply a lot more common than they used to be – so some victim organisations feel more comfortable “going it alone.” These incidents have gone from being black swan events to normal course disruptions in today’s day and age. And, most companies have templates, various plans in place, and are in fact fairly well resourced when it comes to their internal communications and marketing teams, who are adept at handling the types of crises most synonymous with their respective industries. Another reason victims wait to bring in cybersecurity crisis communications advisors
far later in the game is that they do not think they have “communications issue” until the first media inquiry rolls in.
However, tapping into outside perspective from crisis communications specialists, who are well-versed in the cybersecurity threat landscape and know the rhythm of the incident response process, is key to maintaining stakeholder trust in the short term and protecting reputation over the long term. In-house professionals may see one cyber crisis over the course of their entire career – cyber crisis communicators see one (or more) every day. Most importantly, because cyber-attacks are at an all-time high, organisations are rarely criticised for just having experienced one but they are scrutinised for how they respond to it.
Companies should consider the following points when weighing the decision to hire cybersecurity crisis communications specialists to supplement corporate communications and PR teams.
Related Solutions
The views expressed herein are those of the author(s) and not necessarily the views of FTI Consulting, Inc., its management, its subsidiaries, its affiliates or its other professionals.
FTI Consulting, Inc., including its subsidiaries and affiliates, is a consulting firm and is not a certified public accounting firm or a law firm.
FTI Consulting is an independent global business advisory firm dedicated to helping organizations manage change, mitigate risk and resolve disputes: financial, legal, operational, political and regulatory, reputational and transactional. FTI Consulting professionals, located in all major business centers throughout the world, work closely with clients to anticipate, illuminate and overcome complex business challenges and opportunities. ©2025 FTI Consulting, Inc.
All rights reserved. fticonsulting.com
