A Plan for Teaming with IT to Build a Communicator-Led Cyber Regime

Communicators are accustomed to being at the forefront of organizational change and reputation risk situations. Call it their comfort zone.

Communicators help organizations understand how media is evolving, have a strong grasp of the workings of human behavior and know whom to partner with to make a difference.

For these reasons, the public and private sectors are embracing communicator-led cybersecurity models that harmonize the C-Suite without burdening IT professionals.

At present we are in a ‘lukewarm war’ era. Cold war or hot war do not define the need to protect citizens, communities, corporations and countries. Today’s enemy is a combination of three main types of cyberattacks: ransomware, nation-state-sponsored attacks and disinformation campaigns.

A threat to expose the information of customers, ransomware is top of mind due to a steady increase in attacks and an uptick in the amount of ransom requested, and often received. Attacks strike at inconvenient times. Perpetrators prioritize targets based on forecasted M&As.

Viewing the threat of ransomware through numbers illustrates its gravity. It takes an average of 280 days to identify and contain a breach and costs $1.85 million to remediate, double the 2020 figure. More than half (52 percent) of all breaches are deemed malicious.

More than half of organizations compromised in the past three years deployed some form of automated security system. This suggests that technology alone is not enough. The IT team must purposefully build, review and test a cybersecurity plan.

So, how can communicators contribute?

They can partner with experts to clearly explain this complex topic to the C-suite and employees.

Indeed, this column is one such collaboration.


Where to Begin

The issue of inadequate or improperly configured automated security software is a great place to begin a meaningful conversation about cybersecurity.

Ask what threats the company aims to thwart and how equilibrium can be reached so work can be done with all onboard. Share government guidance on cyber-defense strategies and convey the benefits of data-protection initiatives.

Synchronize with IT

An effective cybersecurity model involves communicators synchronizing needed steps and actions. Outlined below are five steps communicators can take to support IT efforts to bolster organizational resilience against today’s cybersecurity threats.


  1. Identify
  • IT – Determine critical processes, systems and their vulnerabilities. Identify suspicious activity.
  • Communications – Deploy an intelligence-listening platform to understand threats aimed at the company and sector. These range from monitoring the dark web to social media sites worldwide.

2. Protect

  • IT – Determine relevant defenses, back-up critical data and implement processes to guard against future attacks.
  • Communications – Hold a team readiness workshop. Discuss scenarios and engage in company-wide exercises that promote proactive cybersecurity measures and threat assessment rehearsals that directly address a plausible vulnerability.

3. Detect

  • IT – Monitor activity for real-time attack. Stress test currently deployed automated security technology.
  • Communications – Partner with IT to understand how the threat mix is changing. Update intelligence-listening platforms accordingly.

4. Respond

  • IT – In the event of an attack, be prepared to switch to another means of operation and implement incident response.
  • Communications – Monitor the situation and provide clear and accurate updates to all relevant parties.

5. Recover

  • IT – Perform a root-cause analysis of previous attacks.
  • Communications – Know the history of attacks against the organization and its competitors or partners. Learn about cyber criminals’ modus operandi to resolve any vulnerabilities and prevent another issue.


ROI and Cybersecurity

Demonstrate the ROI of prioritizing cybersecurity

The value of strong cybersecurity may not be clear to companies that have yet to face the devastation of a crippling cyber event. The ROI is difficult to measure. Who can prove an attack would have happened, but didn’t?

Still, it sure looks worthwhile in the face of what is possible. When presented with doubts, communicators can remind CFOs that the average total cost of a breach is $8.6 million.

The opportunity is clear—embrace IT colleagues and collectively orchestrate a formidable force resolute in safeguarding organizational assets, employees and customers.


Michael Harley, managing director, cybersecurity, Next Solutions Group

Cortney Stapleton, managing partner, The Bliss Group