Communication and press: media coverage of incidents and cyberattacks

October 14, 2024

When it comes to communicating to steam without essence in substance and form of what is transmitted, to gain, views, engagement, positioning, communication becomes a risk that damages the reputation, uncertainty and encouragement of stakeholders. It is not about running and accelerating, the things that happen in cybersecurity are developing coverage that must be communicated.

In this landscape where cyberattacks can cripple, undermine and transcend globally and in multiple ways, the role of the media in shaping public perception of incidents and cyberattacks has never been more critical. Whether addressing a ransomware attack on a hospital, a data breach at a large enterprise or the hacking of a government system, the form and substance of the media's coverage of these events can influence everything from public confidence to market stability.

Bearing in mind that its purpose is to communicate with objectivity and independence, the media as an instrument and form of content through which the communication process is carried out is in permanent evolution through the years, technological advances have managed to increase its diffusion and immediacy.

These media are a great source of power and social influence that transcends considered as the fourth power alluding to the legislative, executive and judicial powers for their capacity in the public opinion.

The importance of effective media communication in Cyber Security

As more and more organizations face the complex challenge of managing the consequences of a cyber-attack, an overlooked but equally critical aspect is communication: how is the incident reported, what messages are conveyed to the public, and how is media coverage developed across various platforms that can make the difference between a reputational blow and recovery?

It has now been seen that the field is dominated by manipulation of information, stereotypes and stakeholders that condition the dissemination and transmission of the message.

Theory of communication, as a field of the Theory of information, establishes the procedures through which a mind can influence the other.

Communication in its essence, where language, semiotics and communication devices converge, its mission is to exchange information in order to transmit or receive information or different opinions. However, media coverage is when the media develop content produced by journalists, writers or agencies on a given topic or organization, which can influence reputation, perceptions, opinions and decisions.

These media are the main channel for disseminating information about incidents and cyberattacks, and contribute to public awareness and understanding. When any cyber threat or cyber attack is reported, regardless of its category, the media provides essential updates on emerging threats and their impact on organizations, governments and society in general.

This coverage dictates the speed with which information is disseminated, influencing the response time of both affected organizations and other stakeholders.

Media acts as a watchdog, holding organizations accountable for their Cyber Security posture, transparency and response strategies.

The content proposed in the media coverage converges with public relations because these strategic and sustainable communication actions can have the mission of strengthening links with different audiences, listening to them, informing and persuading them in order to achieve consensus, loyalty and support in present and future actions. The dynamic is that here methods, theories and techniques of advertising, marketing, design, psychology, politics, sociology and journalism are applied.

✅ By influencing the formation of public perception in determining the urgency and magnitude of threats, sensationalist media coverage amplifies fear and uncertainty by leading the public to believe that cyberattacks are more imminent and uncontrollable than they might be, even more so when organizations have not provided details and the information that is known first-hand is between the lines.

Impact of communication on public perception of Cyber Security

It is necessary, to have balance and accuracy of information as it can help demystify complex cyber incidents, empowering people and organizations to take the right precautions: it is not about running when giving information, it is about knowing how to communicate.

In the digital ecosystem, public trust can be affected by the tone and accuracy of media coverage, affecting everything from the customer to their strategies and reputation.

The flow of sensationalism and accuracy is very delicate, and many media prioritize the former to capture attention; evidence of this see sensational headlines, designed to attract audience, which sometimes exaggerate and exacerbate the scope or impact of an incident fueled public fear or misunderstanding and is even greater when participation increases which can distort the facts and confuse.

Media must be committed to integrity and ethics focused on accuracy, providing detailed and contrasted information that allows the public to understand the nuances of cyber risks. Balance is essential as excessive sensationalism generates distrust in both the media and those affected and their stakeholders.

✅ Media should be clear that just because an employee works in an entity that has been affected by an incident be it from the cybersecurity department or any other, is not obliged to give statements to the press no matter how minimal they may be.

Let's take a look back and travel to 2017 when the Equifax data breach and the WannaCry ransomware attack, it was very evident how media coverage influences public discourse.

The Equifax case, not only highlighted the magnitude of the breach, but also exposed the company's delayed response and inadequate security measures. The coverage dealt a significant reputational blow and increased scrutiny from regulators.
With WannaCry its worldwide media coverage highlighted its spread to critical infrastructure such as healthcare systems, amplifying concerns about the vulnerabilities of critical services to cyber threats.

✅ Due to the high incidence of coverage and connotation of these attacks they prompted regulatory changes and conditioned public expectations around cybersecurity preparedness. We are in a time when a cyberattack should not surprise us.

A strategic communication, based on research, planning and evaluation with key to corporate identity management.

The role of the media in the management of cyberattacks

The media has an ethical responsibility to ensure accuracy, avoid unnecessary panic and respect the privacy of affected parties. This field of cybersecurity because of its technical and complex nature, journalists and other media actors must verify facts and avoid attributing culprits prematurely or identifying threat actors without concrete evidence.

Obviously, it is essential to communicate about the scope of an attack, but the media should refrain from sensationalizing details and making value judgments that could damage reputations or fuel chaos, uncertainty and alarmism.

They should also respect due process and confidentiality of sensitive information that, if released prematurely, could exacerbate the impact of the attack or hinder investigative efforts and processes.

Communicate with the media in a clear, transparent and timely manner

In times of cybercrisis, clear, transparent and timely communication with the media is critical to manage perception and mitigate damage. It is increasingly imperative that areas or teams dedicated to crisis communication and management as their work and collaborative ties with the cybersecurity area ensure the accuracy of the messages. This includes:,

Regular updates, acknowledging the scope of the attack, outlining the measures being taken to mitigate the damage demonstrates accountability and builds trust.
Be very careful with overly technical language and maintaining transparency about what happened, without speculating about unresolved or ongoing issues, can help reduce misinformation and panic.
Work to foster accurate reporting by maintaining proactive relationships with the media and Cyber Security and crisis journalists.
Offering rigorous and expert opinion, briefings and maintaining lines of communication with technology and Cyber Security media.

These accomplishments, established before a crisis occurs, help organizations ensure that media coverage during incidents is based on facts and context rather than communications.

✅ Spokespersons should be trained with the media as they can ensure effective and professional communication when interacting with the press during an incident.

The media must take into account that there are moments of investigation and also regulatory frameworks, it is not possible to give all the detail they are looking for to bring the information to the public.

The impact of cyber-attacks on communications

During a cyber-attack, the corporate communication strategy must be focused on timeliness, consistency and transparency; organizations must acknowledge the incident, its nature, impact, taking into account not to reveal too sensitive details that may hinder the investigation processes.

There is also a parallel task of regular updates, ensuring that the media and stakeholders are aware of the efforts being made.

The communication armor must emphasize commitment to resolution and prevention, so a clear, consistent, tested and pre-established incident response plan that includes protocols for action and interaction with the media ensures control of information and avoids spirals of misinformation that can be articulated.

✅ When approaching the press, it is necessary to take into account active and attentive listening when giving statements without compromising the investigation according to the types of questions, especially when looking between the lines of objectivity and subjectivity of the search for information.

We must understand that sensationalism, tabloidism, morbidity, in addition to other factors condition media coverage of cyberattacks due to the intrinsically dramatic nature of cyberattacks.

Cyberattacks are easy to sensationalize because they play on the public's best interests or the loss of data, financial, legal, reputational damage and technological vulnerability. What's more, the complexity of cyberattacks can lead to oversimplified reporting, which eliminates nuance in favor of alarmist headlines.

In the digital ecosystem the race for clicks and attention in the modern media landscape severely exacerbates this trend, as media outlets strive to capture and pique audience interest with exaggerated narratives.

Mismanaged communication with the media during a cyber-attack can have high consequences on a cross-border or global scale. Considering that major misinformation, either due to lack of transparency or inaccurate reporting, can spread and transcend quickly, generating panic in international markets and damaging global confidence in the organizations affected, resulting in economic losses as has been the case for organizations that depend on consumer confidence and their stability in financial and stock markets.

✅ Imagine if an incident affects a multinational or critical infrastructure: inadequate communication can make it difficult to coordinate responses between different countries and regulators, exacerbating the impact on cross-border supply chains and services.

Conclusion

From my experience I see that as cyber threats evolve, it is likely that future trends in media coverage will consider a more nuanced understanding of these issues, with an emphasis on analysis and context by qualified experts, as the growing complexity of the cyber attack surface requires specialized journalism that can decipher what has happened without oversimplifying.

On the other hand, the rise of cyberwarfare and nation-state sponsored cyberattacks are receiving more attention, driving discourse and narratives in the media. There is the potential for coverage to shift towards greater accountability, analyzing not only the immediate impact of an incident, but also the long-term responsiveness of organizations and governments.

The stream of disinformation driven by emerging and disruptive technologies such as artificial intelligence and the manipulation of media narratives will bring new challenges, making media literacy and fact-checking critical for both journalists and the public.