The Rising Importance of Cybersecurity Communications

Published on October 14, 2024, at 4:10 p.m.

By Christina Hunt.

Being prepared for cybersecurity attacks has been a crucial part of a business since the advent of the internet in the 1970s, but now more than ever, businesses must be prepared in the event of a cybersecurity attack.

In the last several years, we have seen an enormous spike in the number of cyberattacks in businesses. As our world becomes increasingly reliant on digital platforms, businesses become more vulnerable to cybersecurity attacks. From 2017 to 2022, the number of health care data records compromised in the United States skyrocketed from 5.3 million to 51.4 million. Additionally, there was a 72% increase in data breaches from 2021 to 2023, which held the previous all-time record.

To ensure consumer trust, cybersecurity should be at the top of the agendas for businesses today.

A cybersecurity attack occurs when there is a deliberate exploitation of a business’s systems network and/or data. Email is the most common course for malware with about 35% of malware delivered through email in 2023.

Crisis management and consistent communication
Companies must have strategies and procedures in place before a crisis even occurs. To properly communicate with the public, public relations teams need to assess the situation, causes, consequences and potential solutions.

In the event of a cybersecurity attack, it is crucial for PR teams to take rapid action and inform all affected individuals. Without taking immediate response actions, the number of people affected usually increases, resulting in more damage. PR professionals should acknowledge the issue and ensure anyone looking for information on the issue can find a trustworthy answer.

Reputation management and damage control
It is also essential for PR professionals to mitigate reputational damage and work proactively to protect the organization’s image. Carefully wording messages, leveraging channels to disseminate accurate information and coordinating media responses are very important practices in crisis situations. PR teams play a vital role in managing cybersecurity attacks, especially in minimizing reputational damage and managing and ensuring trust.

Employee training and awareness
Julie Catron, VP of marketing at Prediction Health, said, “The No. 1 way cybersecurity risks manifest in any organization is with its employees.” Cyber criminals will send fraudulent emails that often seem legitimate, acting as someone in the organization, asking for personal details or access to files. Hence, one of the most important steps to protect your company from cyberattacks is training employees on attack prevention and ensuring their awareness.

It only takes one person to click a malicious link in an email, creating vulnerability for a cyber attacker to gain access that can disrupt or disable an entire organization.

“The stakes are high and highest in health care, where disruption can mean patients don’t get care,” Catron said. “While IT and cybersecurity teams are critical, cybersecurity responsibility falls on the shoulders of every single person in an organization.”

Internal communication
To properly educate and prepare employees if a cybersecurity attack were to occur, internal communication in an organization is huge. “This type of communication goes far beyond checking the Health Insurance Portability and Accountability Act (HIPAA) and cybersecurity box every year for compliance,” Catron stated.

All employees must understand their roles in cybersecurity, how to protect data, and the potential impact on the organization, their jobs and customers if a cyber attacker successfully exploits a weakness in the system. It is indispensable for employees to be able to identify attempts, notify the right parties and avoid a catastrophe by knowing the normal modes of communication within their company, what to look for and whom to tell.

It is not only essential for organizations to be prepared and have a plan but to also practice it. Practicing the plan is key to being prepared because what may seem like an obvious course of action won’t come to you in the event of a crisis. Therefore, all parts of an incident response plan must be rehearsed in a simulated cybersecurity attack and the chaos that comes with it.

In February of 2024, Optum, a company within the UnitedHealth Group, experienced a cybersecurity attack. This cyberattack was the most serious of its kind leveled against a United States health care organization. Optum Product Marketing Specialist Nicole Hunt said, “As an employee working directly with the impacted products, this situation was very serious with financial and patient information being at risk.”

Transparency and credibility
In response to the attack, Optum immediately informed all customers and employees through online messaging on UnitedHealth Group’s website. The company also established a call center for the impacted individuals and updated its website with details and information regarding the cybersecurity attack. In addition, Optum informed the public that its staff were communicating with regulators and law enforcement about the breach. Through these consistent and constant updates, the company kept excellent communication with its customers and employees to ensure trust during this situation.

“Optum protected their employees by doing continuous assessments, enhanced endpoint detections and responses, and thorough employee training,” Hunt said.

The company’s rapid response to immediately disconnect with the Change Healthcare systems ensured that its OptumRx, United Healthcare and UnitedHealth Group’s systems were unaffected and prevented any further damage. Additionally, the company sent a letter to all pharmacy partners with clear guidance on how to handle the attack.

“To prevent potential cybersecurity attacks and ensure preparedness going forward, Optum has and will continue to take preventive measures,” Hunt said. “It is working with experts to monitor and analyze all data and have offered support and protection to all company stakeholders.”

In an era where cyber threats are very present, businesses must remain vigilant and proactive. With cybersecurity, preparedness is the best defense to protect a company’s systems, data and reputation.