The main objective of communicating around a cyber incident is to protect the company by protecting its reputation. This means working to preserve trust and credibility by effectively sharing information in a clear, consistent and reliable way across a series of audiences, both internal and external.
Navigating through an incident is challenging enough, but keeping this objective at the center of all your communication decisions, increases the odds that you’ll come out the other side with a customer base that’s still intact and a business that’s still viable.
If you ignore the importance of reputation management or you wall it off from the rest of your incident response planning, then the rest of your response effort can be rendered moot by the new reality of a diminished customer base. After all, what good are clean, restored networks when no one trusts you enough to continue using them?