Do you have an incident response plan? Does it include communication?
In Leigh’s experience, “many organizations overlook one critical component to the plan – preparing to communicate with stakeholders in the event of a live incident. This is good practice not only for the sake of being able to focus on communicating versus pausing to think about what you want to communicate during a live breach, but it also shows good faith governance to important stakeholders, such as Boards of Directors.”
Getting it right takes coordination between security, legal, HR, IT, and other partners. Common for these functions to operate in silos drives the need to have a plan in place. A plan that is clear, mutually understood, and followed.
Make sure the plan covers how to communicate with core stakeholders in addition to a clear approach for public statements. Build the program you need before a breach happens.