Scroll Top

Five Guidelines for Internal Communications During a Cyberattack

Five Guidelines for Internal Communications During a Cyberattack
0
By PoliteMail Best Practices for Internal Communications Crisis Communications Data Privacy February 4, 2026

An image of a lighthouse shining it's light in a storm with a laptop and smartphone in the foregroundZero trust frameworks and the role of internal comms

According to IBM, the average data breach cost $4.45 million in 2023, a 15% increase over three years. As cyberattacks become more sophisticated, organizations are adopting zero-trust security frameworks, also called zero-trust architecture (ZTA), and federal privacy regulations are growing.

As organizations invest in tighter security measures — like zero trust architecture (ZTA), which assumes no connection is trustworthy until verified — one critical element is often overlooked: how to communicate with employees during a cyberattack or data breach. In this article, we review the role of internal and employee communications teams if a cyberattack or breach occurs. What do employees need to know? And how can you keep them informed?

Pre-cyberattack steps: Building your crisis response and communications plan

As corporations continue to push forward with their digital transformations, Gartner reports that only 48% of digital initiatives enterprise-wide meet or exceed their business outcome. Governance involves controls and risk management, preparation, and response planning. It’s essential to include corporate and employee communications in those plans.

Establishing a clearly defined crisis response team is a critical step in preparing for a cyberattack or data breach. This team should be cross-functional, bringing together senior leadership, internal communications, HR, legal, IT and information security, and other business leaders as needed. Each member should understand their role before a crisis occurs, enabling faster decision-making and more coordinated action when an incident unfolds. A well-prepared crisis response team ensures that technical response efforts and employee communications stay aligned during high-pressure situations.

You want a generalized crisis communications plan and may want to craft more detailed plans for anticipated crises, including cyberattacks and data breaches. While your public relations and marketing teams may be responsible for the external stakeholder communications, internal comms, and HR should create employee comms plans, and someone must communicate with the crisis team.

More extensive plans can include message drafts for the most common cyberattack and data breach scenarios, including denial of service and ransomware attacks, email leaks, and customer or employee data breaches. Planning should include comprehensive and up-to-date lists of employees and stakeholders and contact info for your primary and backup channels. These include a corporate email address, an alternative address, a cell phone or home phone number, and a physical mailing address. Plans should consider that your primary digital communications channels may not be available or functioning during a cyberattack.

When a crisis hits, your message matters most.

Best practices for preparing, managing, and measuring internal crisis communications.

Learn More
Whitepaper - Crafting the Perfect Crisis Communications Plan

5 guidelines for effective crisis communications

  1. What do you know? Establish the facts.

    When a crisis emerges, the first step is to gather as much of the response team as possible, evaluate the situation, and implement the response plans. The current facts of the problem must be assessed, including the nature and scope of the attack or breach, who and what are currently affected, anticipated situational changes, and the timing of situational updates.

  2. Communicate with your employees first.

    Early employee communication reduces misinformation, reputational risk, and unintentional data leaks caused by confusion or fear. Employees should never learn about an attack or breach from the media, external sources, or office gossip. Instead, a message from leadership to employees about the incident should be provided early, with advice on what they should do or not do. Proactively communicating with employees will prevent confusion and mistrust. As your tech and engineering teams work to secure the situation, the comms team must provide employees with the what, why, and when as soon as the information is available. According to the Federal Trade Commission (FTC), in deciding who to notify and how, an organization should consider state laws, the nature of the compromise, the type of information taken, the likelihood of misuse, and the potential damage if the data is misused.

  3. Be transparent as possible.

    Share what happened as clearly as possible and give employees specific instructions on what they should and should not do to protect themselves and the organization. This may include guidance on system access, password changes, confidentiality, and external communications. In some cases, the Federal Trade Commission (FTC) recommends coordinating with law enforcement on the timing of employee notifications to avoid interfering with investigations.

    When the full scope of a cyberattack or data breach is still emerging, be transparent about what is known, what is under review, and the actions being taken. For example, you may say, “While we are actively investigating, our immediate priority is to ensure the security of our systems and protect your personal information.” Communications should be honest, empathetic, and comforting when possible, but not at the expense of misleading or sugarcoating the situation.

  4. Provide frequent updates.

    Cyberattacks and data breaches will likely be stressful to employees, especially if their health or financial information may be at risk. Keeping communication lines open is essential in alleviating uncertainty. Even if no significant developments occur, regular updates can reassure employees that the company is actively working to resolve the issue. Silence can lead to unnecessary speculation and fears.

  5. Empower managers to assist.

    Employees often trust their direct managers the most. Many crisis communication plans include direct communications with mid- and lower-level managers. Empower your managers to cascade information to their teams by providing talking points, guidance, and a channel for sharing questions with senior leadership. This decentralized approach ensures that information flows smoothly throughout the organization. Managers don’t need to speculate or answer everything. They need clear talking points and a path to escalate questions.

Communications are Critical

While a strong security posture and small attack surface are essential, communications plays a critical role in preventing and responding to cyberattacks or data breaches. By establishing a proactive crisis communications plan that involves key stakeholders, promptly communicating with employees, maintaining transparency to the extent possible, sharing frequent updates, and empowering managers, your organization can mitigate the risks and impacts of such events and foster more trust with managers and employees. Effective internal communication during a cyberattack isn’t just crisis response; it’s a trust-building function that directly impacts business continuity and long-term credibility.

Learn how to present data effectively to stakeholders and secure leadership support.

Free executive dashboard template to
help get you started!

Learn More
Image of Whitepaper for Presenting Data to Leadership
PoliteMail / About Author
More posts by PoliteMail

Leave a comment

You must be logged in to post a comment.