The Evolution of Crisis Response
Cyberattacks can surface without warning. At one organization I worked with, a hacking group quietly posted a YouTube video announcing plans to target us. It sat unnoticed for several days, until it appeared in our daily coverage alerts. Valuable time was already lost.
We had a strong crisis communications plan. We drilled leadership regularly and had weathered multiple crises before. But this one was different. We were not ready.
This was a new type of crisis. One that moved faster than our protocols, targeted our IT systems and online reputation, and blurred the lines between digital and reputational risk. Our systems may have already been compromised by the time we discovered the threat.
Fast forward to 2025, and these attacks are no longer rare, they are routine. A notable example occurred in April when Marks & Spencer suffered a major ransomware attack. The breach disrupted countless store operations from contactless and Click‑and‑Collect services to online ordering. It resulted in an estimated £1 billion loss and compromised customer data.
In an era when data, trust, and operations are deeply intertwined, managing this kind of cyber crisis requires a new mindset. Here’s what we learned, then and now, about navigating a fast-moving digital attack:
Activate a crisis team immediately.
Within 24 hours of discovering the threat, we formed a cross-functional crisis team led by a dedicated Chair appointed by the CEO. This empowered group could make decisions in real-time, without waiting for full board or leadership consensus.
Study similar attacks.
We researched the hacker group, their past targets, and how others had responded. This gave us critical context, allowing us to anticipate their tactics and tailor our messaging and response.
Redesign your crisis plan for digital-first threats.
Our original crisis plan did. not account for compromised communications channels. We had to rapidly build alternate ways to reach our audiences, including temporary websites, secure email systems, and new social media accounts in case of a takeover.
Bring in cybersecurity experts early.
Consulting professionals helped us assess the threat, understand the attackers’ likely objectives, and prioritize our actions. Their technical insight was essential in shaping a credible and measured response.
Keep staff informed, every day.
Daily email updates from the crisis team helped calm fears, align messaging, and maintain staff morale. Silence breeds rumors, which in turn can leak externally and damage credibility even further.
Looking Ahead
The Marks & Spencer breach reminds us that no sector is immune. Whether you are a nonprofit, a retail giant, or a multinational corporation, digital threats are now a core reputational risk. Your organization’s response must be fast, transparent, and cross-functional.
If you have not revisited your crisis communications plan recently, now is the time to do it. Not just to prepare but to also protect what matters most: trust.