Lessons for Crisis PR from Breach of CyberSecurity Firm FireEye

media relations technology

The news this week of FireEye’s security breach was the talk of Twitter, especially among national and information security experts. FireEye is one of the largest cybersecurity companies in the U.S. Its client roster includes some of the nation's most prominent companies and government agencies. But unlike the hot takes and shaming normally found on social media after a breach, overriding sentiment in FireEye's case was drastically different. Experts commended the company’s empathetic and transparent response. Moreover, this positive development was not surprising.

Thanks to a well-executed communication strategy, this crisis actually could make the FireEye brand stronger. Many security leaders have come out in support of FireEye's response to the breach, stating that this should be the gold standard for disclosure.

Kevin Mandia and the team at FireEye had one option when faced with this crisis: to come clean as quickly as possible, be transparent about the damage, and outline a response. This effort began with a clear, concise, and honest blog post detailing the breach and actions FireEye took in response.


Other posts and communications indicate a similar dedication to transparency with customers and the press. By getting ahead of media coverage or unintentional disclosure, FireEye owned the narrative and protected itself from long-lasting reputation fallout and financial impact.

So, why do most breach disclosures end in a communication dumpster fire? As a long-time leader in cybersecurity, FireEye had the tools, expertise and technical understanding to navigate this incident with transparency, grace and some comfort. These are luxuries most organizations are not afforded during an uncomfortable situation.

Many organizations lack strong relationships with the cybersecurity press corps, a highly intelligent group who often are not the same people who cover your company. In addition, companies don’t know the ins and outs of disclosure or how to speak about what happened. But it doesn’t have to be that way.

Communicators operate in a constant state of evolution. The way we approach our craft changes with the advent of a new technology or social media platform. But it is also our job to foresee potentially harmful narratives, events, or issues that could hurt the brands we represent. Cybersecurity is one of those issues. Breach threats aren’t going away anytime soon.

As 2021 planning kicks into high gear, it is time communication teams get smart on cybersecurity and advocate for their organization to stay ahead of any crisis with a strong, practiced strategy.

Here are recommendations for how your team can start preparing for security incidents. Some build off standard crisis response. Others pertain mostly to cybercrime and data breaches:

Know Your Security Stakeholders

Interact with the security team within your organization and build a relationship with its members. They will be able to educate you and your team about the organization's threat landscape and security posture. Should the worst happen, they will be integral to your response.

Build a Plan & Get Buy In 

Build a crisis-response plan that identifies your organization's strategy for disclosure. Know what vehicle you will use to disseminate news of a data breach or cybercrime. Know which reporters you should reach and talk to and know how you will communicate with customers.

Once you’ve built a plan, you should get buy-in from key functional leadership, such as legal, finance and HR. In addition, timing matters in a successful response. Having pre-screened messaging will ensure that time is not wasted on a lengthy approval process.

Identify Industry Partners

FireEye was able to conjure support from leading security voices. This not only helped build the credibility of its response, but it changed the perception of the incident. Know whom you can turn to in times of crisis to help validate your organization.

Test Your Plan

Building a plan and knowing if it is effective are two different things. Once you’ve identified a response plan that works, it is time to test it. Coordinate with your security team and run a mock incident. This will give your team the opportunity to make adjustments.

There is a lot that communication professionals and business leaders can learn from FireEye’s response. The most important being it is okay to admit that you were breached.

Kaylin Trychon is VP at ROKK Solutions and leads its cyber communication practice