2025

Hytönen, Eveliina; Ruoslahti, Harri

Cyber-attacks have become a prominent issue in the digital society. Attacks can result in losses for individuals and organisations. Cyber-attacks such as data breaches can create a very real threat to all stakeholders with a strong perception of vulnerability because potential loss of sensitive data. Such crises place unique demands for crisis management and communication. Communication is crucial for promoting awareness and sharing information and instructions to stakeholders. Consequently, effective communication can help build dynamic organisational cyber resilience. The research question of this paper is: How can crisis communication help manage cyber incidents? To respond to the research question, this paper draws on earlier research on cyber security-related communication. In addition, two semi-structured group interviews were conducted to collect views from expert participants in the field of cyber security management and communication. The data were analysed thematically. The findings from the interviews support earlier research on cyber security communication. To help manage cyber incidents, cyber crisis communication should be timely and open, express empathy to stakeholders, show accountability and commitment to securing the data and to resolving the incident. Clear instructions and information about protective actions are also required from effective communication. By synthesising findings from earlier research literature and the interview data, this paper proposes preliminary communication guidelines that can assist in identifying effective strategies and requirements for cyber security communication within organisations. The guidelines can help prepare for and respond to cyber crises and consequently support organisational cyber resilience.