3 Steps Every Business Should Take After A Cyber Attack

Tuesday, October 10 2017 Reinhard Cate Content Marketing Manager Categories:

Cyber attacks and data breaches on American companies seem to be increasing every day. A long list of suspects, from foreign governments to individual hackers, have been targeting companies across every industry. The damage done to a company’s reputation in the immediate term is painfully obvious. However, what about the long-term effects? We analyzed the beliefs about hacking and data breaches and found lingering negative beliefs about brands who were hacked remains months, even years, after the attack.


To help companies concerned about being attacked or who have been past victims, we’ve leveraged the narrative landscape around cyber attacks to create three steps businesses can take to repair brand reputation in the short and the long term.


Step 1: Admit the Issue

Be honest with the public and do it quickly. In the event of a cyber attack or data breach, it’s critical to address the issue immediately because your company has become a victim. You did not commit a crime. It’s important to attach to neutral narratives about cyber attacks and avoid negative narratives.


Beliefs about cyber attacks are obviously very negative, with 42% of the conversation about cyber attacks dominated by negative narratives. However, there is light at the end of the tunnel. In a sign that the public has become increasingly used to these attacks, neutral narratives about cyber attacks and data breaches have become more prevalent making up some 43% of the conversation. Positive narratives make up the last 15%.



Attach to the neutral narrative in the landscape, A New Abnormal which captures the belief that cyber attacks will not stop and that businesses are going to continue to be targets. Acknowledging that your company exists in a moment where everyone is at risk, lessons the impact and damage to your brand. Yet it’s critical to also ensure that the weakness or issue that allowed the data breach is fixed and also publicly addressed.


With that being said your company may be swamped in the negative narratives that make up the cyber attack conversation. These beliefs focus on the detrimental effects cyber attacks and data breaches have on businesses. The largest narrative, State Actors 32%, captures the belief that involvement of sovereign nations like Russia, China, and North Korea in major cyber attacks creates an even greater threat for private businesses. Loss of Trust and Dollars 5% and Small Business Killer 5% both focus on the aftermath in the wake of a business hack. The former describes the belief that a company that has been hacked not only loses customer trust but also revenue, while the latter captures the belief that any hack can completely wipe out a small company.


Step 2: Collaborate with Authorities

Following a cyber attack or data breach it is critical to work with Federal Investigators such as the FBI who are working to find the culprits. Communicating to the public that your company or business is working with the proper authorities is a critical step in crisis mitigation and can also leverage the power of positive narratives.


Transparency about partnering with law enforcement taps into the beliefs about cyber attacks, specifically the neutral narrative Defend the Network Together. This narrative captures the belief that the private and public sectors must join forces and share information to stop cyber criminals. Companies should attach to this narrative via their communication strategy immediately following an attack. This reinforces the idea of working to prevent this from happening to others.


The company signatures, (perceived brand associations with narratives in the overall dialogue), hint at a larger issue for the brands that fall victim to cyber attacks or data breaches. Several companies who have suffered from data breaches and cyber attacks continue to be associated with negative narratives.



Sony fell victim to a major data breach in 2014, yet they still have a major presence in the conversation. They serve as a reference point in the neutral narrative A New Abnormal, but also in the negative narrative Loss of Trust and Dollars. This should be a warning for the other recent hacking victims like Chipotle, HBO, and Equifax, as to the lingering beliefs associated with breaches.


Step 3: Be Proactive

Immediately following a cyber attack, companies should start to be pro-active in their communications with customers and the public. They should proactively communicate plans for preventing future attacks on their business or organization as early as the day they’ve become a victim. Implementing reform, education, and technical upgrades to protect data, employees, and customers from cyber attacks is crucial. It’s equally as important to detail in communication strategy the steps being taken to mitigate damage and prevent future attacks.


The largest positive narrative we found, Eliminate Vulnerabilities, focuses on the steps companies take to prevent attacks, including training employees, using new technology like AI, and purchasing cyber attack insurance. By attaching to this public belief, any company or organization can begin to sway the negative perceptions of a brand.


The conversation about cyber attacks and data breaches is incredibly event-driven. Each new attack on a company often resurfaces discussion about previous incidents comparing scope and impact. For companies who are targeted, this should be a major red flag, as each new event can become a negative reminder to customers about how your brand was hacked.


Over the last year, both the negative and neutral conversations have increased dramatically. These were driven by several catalytic events and by the narratives State ActorsLoss of Trust and Dollars, and A New Abnormal.



Major hacking incidents targeting the Democratic National Committee, Presidential Candidate Hillary Clinton, and numerous global ransomware attacks in 2017 drove conversation. Despite Sony’s hacking at the hands of North Korean agents more than two years ago, the company serves as an ongoing reference point for the impact of cyber attacks on businesses. Major incidents with Chipotle and Equifax also spurred large spikes in the negative narrative Loss of Trust and Dollars.


If we look at sentiment around brands who have fallen victim to attacks from the negative narratives Loss of Trust and Dollars and State Actors, we find a continuation of the story seen in our signature analysis. Overall, the conversation is largely negative, which can be seen by the average sentiment represented by the red line on the graph below.



However, dips in sentiment around companies who were previously hacked occur when a new company becomes a victim. Sentiment around Sony dipped in January during the news of Russian hacking attempts in the U.S. Presidential race, again in April when Chipotle was hacked, in July when HBO became a victim, and then finally in September when Equifax was in the news. Similar trends occurred with HBO and Chipotle in the months following their cyber attacks.


In behavioral economics, this phenomena about public beliefs on an issue is referred to as an “availability cascade”, where public concern increases exponentially over time thanks to repeated press coverage of it, often to a boiling point. Nobel Prize winning economist and New York Times best-selling author, Daniel Kahneman in his book Thinking, Fast, and Slow points to “availability bias” as the root cause; where individuals in society’s “expectations about the frequency of events are distorted by the prevalence and emotional intensity of the messages to which we are exposed.”


It’s incredibly difficult to navigate and rebuild post crisis when each new story of a cyber attack can revive and stoke the public’s availability bias. Every subsequent attack can fuel negative beliefs about the companies who were themselves past victims even if the incident occurred years prior. Therefore, it’s critical to leverage positive narratives to counter availability bias, and pad your marketing budget to do so if you’ve been attacked.


The narrative Eliminate Vulnerabilities is the perfect positive narrative for companies to attach to in their communication strategy. By simply sharing the steps taken to protect data and customers’ information, companies can tap into a critical belief about taking proactive steps for security.


Whether it’s company programs to teach employees, changes in policy to minimize risk, or utilizing new technology like artificial intelligence to detect potential breaches, sharing these strategies can fuel positive beliefs and ultimately protect and repair a brand not just in the days, but in the months, and even years after a cyber attack.


Behind the Analysis

We used the Protagonist platform to surface, classify, and quantify underlying, deeply-held beliefs, called narratives, from content in social media, reviews, blogs, and articles about corporate cyberattacks and data breaches over the last year. The platform’s combination of computational linguistics and natural language processing together with narrative analytics provides an avenue to understand the underlying beliefs present in online discourse.


The advantage of Narrative Analytics is that it can access and analyze more data than traditional market research and provide clearer, more actionable insights than those derived from social listening or media monitoring. Better understanding of what drives your customers means a better data-foundation for engagement. Modern marketers are using narrative analytics to optimize strategy, communications and ultimately, revenue.