Decoding Cyber Attacks: The Challenge and Its Importance

Sergey Nivens – stock.adobe.com


By Mikey Hoare, crisis expert, Kekst CNC

Published: 01 May 2025

Recently, M&S, the Co-op, and Harrods faced significant cyber attacks, disrupting operations across the UK. These incidents illustrate not just the chaos from cyber threats but also the communication hurdles companies must navigate with their customers. How organizations handle these tough conversations can make or break their reputation.

M&S has stepped up its communication game, engaging directly with customers and maintaining a proactive tone. However, these messages must align with the actual situation on the ground, which isn’t always straightforward—initial assumptions can turn out to be wrong.

Public reaction to cyber threats is evolving. People have become more aware and are quicker to suspect a cyber attack when disruptions occur. While many aren’t as worried about data loss as they once were, concerns about sensitive information remain high. Moreover, some individuals are increasingly litigious, which adds to the pressure.

Threat actors are also targeting employees and customers directly, trying to push companies into paying ransoms. This tactic can escalate fears, especially if the company has been slow to communicate. In this context, strong internal communication becomes vital. Monitoring media coverage is essential to grasp public sentiment and how your messages are being perceived.

Connecting with customers directly is another effective strategy. M&S has utilized Instagram well for this purpose. The challenge lies in synchronizing communications with the operational response and carefully managing expectations.

Some common missteps include:

  1. Overcommunicating too soon: The facts often evolve, and jumping ahead can lead to mixed messages. If you assure customers that their data is safe, only to find out it’s compromised, you risk losing their trust.

  2. Undercommunicating for too long: Not having all the details shouldn’t stop you from providing guidance on what to do amid disruptions.

  3. Mismatched tone: Companies often emphasize their swift responses or position themselves as victims. Customers might not see them that way, especially if their sensitive information is at stake.

  4. Ignoring the threat actors in communications: Cybercriminals pay attention to how incidents are reported. They may leverage media narratives to pressure organizations into ransoms.

Some companies handle these situations well, keeping all stakeholders informed and assured about their efforts to mitigate impacts. Regardless of size, companies must continually refine their communication strategies in the face of cyber incidents.

Mikey Hoare is a crisis expert at communications advisory firm Kekst CNC and former Director of National Security Communications for the UK Government.

Unlock your business potential with our expert guidance. Get in touch now!

silenced-gagged-secret-Michael-adobe.jpg

Post Office Criticized for Deleting Comments on IT Scandal from Social Media

Whitehouse-fotolia-scaled.jpg

When Leaders Overlook Cybersecurity Guidelines, the Entire System Suffers

Police-crime-2-adobe.jpg

Police Digital Service Board Director Resigns Months After CISO’s Departure

surveillance-CCTV-facial-recognition-Gorodenkoff-adobe.jpg

Essex Police Reveals ‘Incoherent’ Facial Recognition Evaluation

chatbot-1-fotolia.jpg

Podcast: RSA 2025 – Navigating AI Risks and the CISO’s Role

hybrid-cloud-storage-fotolia.jpg

Trump’s Visit Strengthens Saudi Arabia’s AI Initiatives

threat-management-fotolia.jpg

Security Tests Uncover Major Vulnerability in Government’s One Login Digital ID System