How Brands Can Bounce Back from Cyber Attacks

Three of the UK’s most recognisable retailers have had the rug pulled from under their digital operations due to major cyber-attacks. The impact was immediate: stores with empty shelves, online services ground to a halt and staff sleeping on office floors just to try and keep things moving.

The attacks, claimed by representatives of the DragonForce ransomware group, weren’t just technical failures - they were trust failures. And when trust is your brand’s most valuable asset, the damage isn’t limited to locked systems and frozen screens. It’s reputational, emotional and financial. 43% of organisations that faced a cyberattack last year lost customers because of it, and 47% reported greater difficulty attracting new ones.

In today’s real-time world, the time it takes to draft a press release is the time it takes for memes, misinformation and speculation to spread. Cyberattacks are a when, not an if. While you can’t always control what happens to you – you can absolutely control how you respond.

So what should you do when the inevitable happens?

Forewarned is forearmed

You wouldn’t wait until your kitchen is ablaze to buy a fire extinguisher, so why are so many businesses still winging their cyber-attack response? Reputational resilience - your ability to maintain and recover trust in the face of crisis - isn’t reactive, it’s rehearsed.

That means having a clear, stress-tested crisis comms playbook - starting with a plan to gather and verify the facts, fast. No matter how uncomfortable, facts are your most valuable ally. From there: pre-approved holding statements, key media contacts, and, crucially, a decision tree for when, how, and who responds. Who’s your spokesperson? When do you go public? What do you say internally? This isn’t the time for a brainstorm. It’s the time for swift, coherent action.

Stress test it. Role play it. If your plan is just 'email legal and hope for the best,' you haven’t got one.

Be transparent

If there's one thing guaranteed to make matters worse, it’s stonewalling the public or spinning half-truths. Transparency doesn’t mean oversharing technical jargon or live-tweeting server logs. It means promptly acknowledging what happened, what you know so far and what you’re doing about it.

Customers don't need perfection, they need honesty. Spin it, and you lose the one thing you can’t restore from backup - trust.

Be human

Data breaches are deeply personal. It’s not just about systems and servers - it’s about names, birth dates, contact info.

Your comms must show empathy.

The classic thinking in comms is that an apology is an admission of guilt. But acknowledging when things fall short isn’t just about accepting blame - it’s demonstrating authenticity, taking responsibility and is the first step in rebuilding stakeholder trust.

A well delivered video statement from a relevant leader can work wonders. Balance regret, reassurance and action - and you can humanise the response and cut through speculation. Just don’t read it off a beige office wall like a hostage tape.

Control the message, or the message controls you

When an attack hits, everyone has something to say - especially employees, who may be contacted by media directly. Have clear internal comms protocols. Staff should know where to direct enquiries, and what not to say on LinkedIn after a couple of pints.

Expect journalists to go digging. They’re job is to communicate the truth to the public as quickly as possible. So if you’re not the first to confirm what’s happened, they’ll find someone who can and will.

Your customers are more likely to be reading headlines than your email updates - so working with journalists, not against them, matters.

The reputation rebuild starts now

Reputation isn’t restored overnight. You’ll need to demonstrate your learnings and the concrete steps you’re taking post-incident - bringing in experts, overhauling systems, proving compliance with recognised frameworks. This should be as public as your apology.

But don’t stop there. Proactive storytelling is your chance to reclaim the narrative.

Change the conversation: Positive headlines are the antidote to a crisis. Use creative storytelling to rebuild credibility, highlight values, and showcase resilience. Shift focus from the crisis to the solutions you’re driving forward.

Identify influencers: The right voices can cut through the noise, instead of just monitoring the news - map out who can shape it. Pinpoint key influencers who can champion your narrative and amplify your recovery message.

Personalised media outreach: Understanding the media's mood is crucial. Use listening tools and personal relationships to traffic light journalists, separating advocates from detractors - then build bespoke relationship strategies for each.

Handled well, a cyberattack doesn’t have to spell doom. In fact, brands that communicate with integrity, compassion, and clarity can emerge stronger.

So get your house in order. Write the playbook. Rehearse the lines. And when it happens - because it will - make sure you’re giving reassurance, not excuses.