Skip to content
8 min read

Creating an Incident Outreach Plan


Your company just got hacked. Sensitive information was stolen, and you need to respond quickly. Waiting too long to address the issue could have a long-lasting effect on your business.

If you don’t have an incident response plan in place, you could already be a step behind. The key to successfully getting through a cyber security incident is swift, strong action coupled with open, honest communication. After all, your customers have a relationship with your product, your people and your company that is built on trust.

To help you keep this trust after an incident of any kind, here are 6 tips for creating and executing an effective incident outreach plan.

1. Plan out your coordination with external parties

It’s fairly easy to tell your employees what happened. They already have certain credentials and access to certain pieces of sensitive information. Coordinating with external parties is the more difficult part of this process, since you have that extra step of figuring out what you should and shouldn’t tell them.

When you put together your external plan of action, identify and map out all parties that would be involved. Some examples include service providers, other team members, customers, and possibly law enforcement agencies. When all parties know their roles, you have already established efficient lines of communication to use when you need them.

2. Consult with legal before starting this external dialogue

This may seem like an obvious step, but it is overlooked far too often. While it’s essential to plan out your execution strategy with all external stakeholders, it’s even more essential to make sure you’re legally protected while doing so. You may come to find that additional contracts or agreements are needed before certain discussions can take place.

3. Determine which information should and should not be shared

The National Institute of Standards and Technology urges companies to “balance the benefits of information sharing with the drawbacks of sharing sensitive information”. They say that, “ideally, organizations should share the necessary information and only the necessary information with the appropriate parties. Business impact information is often shared in a team-to-coordinating team relationship, while technical information is often shared within all types of coordination relationships. When sharing information with peer and partner organizations, incident response teams should focus on exchanging technical information.”

While it may seem simple, this can sometimes be the most difficult part of the process. You know you want to be open and honest with your stakeholders and customers, but there is a fine line between over-sharing and not sharing enough. Each time you walk that line you can move in a different direction, but establishing a baseline of information that you simply cannot divulge will help your team build a customized plan for every incident. Your response will therefore always be within guidelines, and it will not include critical information that could damage your business any further.

4. Share information throughout the response life cycle – don’t wait until the end

Going back to trust - customers, investors, board members and anyone involved with the company, don’t want to find out about a breach from a third party. Open, honest communication with your stakeholders and customers will get you through the weeds when done correctly. Clearly, companies have data types or or an IP that they should not share with the public. And that’s okay. But, if you want to keep everyone’s trust, you need to determine which information should be shared, and get it out there.

5. Try to automate parts of the information gathering and sharing process

Help prepare your internal team for outreach. Pull customer lists, use LinkSquares to review legal contracts, draft template messages, and arm your response team with a baseline of resources to call upon when it’s time. These pre-approved emails, lists, and other forms of communication will speed up your information sharing process and help your organization get ahead of the negative PR stemming from the attack.

6. Share the appropriate information with the public

Make sure all employees understand that questions should be directed towards the trained PR team member. This person will be prepared to handle difficult questions and will always look to shed positive light on your company even in the midst of a bad situation. When you have too many delegates speaking on behalf of your company, certain messages can get misconstrued or lost in translation. There should be only a couple spokespeople for this type of situation so your company can ensure that they maintain the same positive stance and messaging throughout the process. This is typically the CEO and the PR team lead.

Any type of incident within a company such as security attacks, legal problems, or issues with employees are never fun. Still these things do happen to even the best of companies. If you are prepared, and ready before it happens, you will stand a chance to come out on the other side with less damage and long term problems. Give yourself a chance and start implementing an incident outreach plan today!

Chris Combs is the co-founder and SVP of Business Development at LinkSquares.