Cybersecurity Crises – A PR and Communications Perspective
The UK Information Commissioner’s Office (ICO) says, at the time of writing, that 66,845 incidents had been reported to it since 2019. Of these, 16,485 were considered to be a cyber breach or incident.
For the first time, Chambers Crisis & Risk Management features Global-wide rankings of PR & Communications firms that advise clients on the reputational consequences of cyber crises.
Sources speaking to us noted the continued threat of cyber incidents over the last twelve months, and anyone with a passing interest in the news will have seen significant events reported.
The UK Information Commissioner’s Office (ICO) says, at the time of writing, that 66,845 incidents had been reported to it since 2019. Of these, 16,485 were considered to be a cyber breach or incident, “an umbrella term describing a type of breach with a clear online or technological element which involves a third party with malicious intent. For example, incidents involving phishing or malware attacks.” In 2024, 3,116 cyber incidents were recorded by the ICO out of a total of 12,194 events, and the figures for the first quarter of 2025 record 3,081 events, of which 769 were cyber breaches.
Most obviously and recently, two major UK retailers were targeted by a ransomware attack. Marks & Spencer was hit hardest and was only able to restore a limited online service six weeks after the attack. The financial damage to the high street chain has been estimated at GPB25 million a week, but quite what the reputational damage will be is unclear.
It is no surprise, then, that businesses require a range of advisory services when dealing with cyber threats. There will be lawyers advising clients on the legal implications of any cyber calamity, and there will be technical cybersecurity experts helping to identify supposed or real threats and how they might be handled. As one cybersecurity expert observed: “Clients are more educated around the cyber element and the frequency of instructions has increased, pro-actively and pre-emptively.”
Alongside these there will often be PR and communications teams who help make sure that the public know what they need to know about an incident. At the same time, they protect the client’s reputation so that it lives to trade another day. As one communications expert put it to us: “There’s a lot going on and they need strategic advisers like us to help them.” Another said: “Cyber risk is a business risk, not just a technical risk. Having a strong culture about cybersecurity is important. In a breach scenario, you need the comms people to manage things internally and outside in the market”.
Ransomware attacks, including those against supply chains, remain, and will continue to be, a significant problem for businesses, and the associated “demands and payments also continued to climb” in 2024, according to lawyers at Freshfields in the US. Elsewhere, the increased frequency of zero-day vulnerabilities has been observed. In such circumstances, affected companies’ reputations take a beating, with the media and public rushing to draw their own conclusions. PR and communications experts can help businesses to mitigate this risk. “Ransomware still remains a top threat, and it affects every company everywhere. Attacks are still up, and organisations are still worried about handling things and making headlines,” said a public relations professional.
Chambers Crisis & Risk Management includes rankings of the best crisis management professionals globally.