Cyber incident preparation
and response
Trusted. Proven. Ready when it
matters most.
Porter Novelli Australia is a leading communications agency in cyber incident response and preparation.
We are the preferred partner for specialist legal practices, forensic IT specialists, and insurers, having managed the communications response to more than 100 since the introduction of the Notifiable Breach Scheme in 2018.
Our dedicated Cyber Incident Practice protects reputations in the moments that matter and helps businesses build the right foundations before a crisis strikes.
With experience across more than 100 data breaches, including complex, high-profile matters, we’ve supported organisations in healthcare, tourism, education, government, financial services, insurance, law, e-commerce, and more.
Cyber incident preparation
A clear communication plan empowers an organisation to respond proactively, ensuring timely, accurate information reaches the right people and supports a coordinated effort across key players – leadership, IT and forensic experts, legal partners and insurers.
Our approach to cyber incident preparation is built on three elements:
- Auditing current crisis management, business continuity, and cyber incident response plans.
- Providing recommendations for improvements or developing new plans where necessary, including pre-prepared content that can be quickly updated in a crisis.
- Conducting an annual simulation exercise with the crisis management response team to test plans and ensure “muscle memory” when an incident occurs.
This is typically complemented by media training for key executives, as they may be required to address the media during high-profile incidents.
Cyber incident response
Our approach to perceived or actual notifiable data breaches is a proven and trusted approach that supports businesses as they prepare for and navigate every stage of a data breach, even after the incident has been managed.
Our approach to cyber incident response is built on three elements:
Preparation and strategy
- Preparation: Immediate briefing, rapid desktop research, holding statement.
- Rapid response: Communications strategy, key messaging and full communications pack for all stakeholders, media monitoring, media training.
Support at notification, including Digital Response Centre where required
- Media strategy: Refining media plan, community management of social channels, ongoing media monitoring.
- Stakeholder communications: Managing communications with staff, customers, regulatory bodies, law enforcement, governments and other stakeholders such as members, donors or patients.
- Managing Inquiries: Managing the inquiry inbox or even phones, rolling communications updates to key internal stakeholders.
Reputation recovery
- Address Damage: Providing advice restoring reputation, creating content for future potential scenarios, ongoing media monitoring.
- Go Above and Beyond: Communication and compensation strategies that address the toll on consumers in the wake of a data breach.
Case studies.
Financial services provider
A national financial services provider was the subject of a malici1ous attack which resulted in sensitive data regarding its employees and customers being downloaded and stolen. Compounding the problem was legal trigger clauses that demanded immediate notification to B2B partners, even of loss of mundane data. We crafted the right messages to notify quickly. The transparency and sensitivity with which the incident was handled resulted in minimal client concern and only a short burst of employee and customer outcry.
Data breach simulation
We have led several data breach simulations to see how organisations prepare against an escalating scenario. Each scenario is based on real-life experiences which test the organisation’s operational and communications capability during a data breach – while adhering to their values and purpose. We provided real-time feedback and a debrief session to advise each organisation to implement critical changes to communications assets, and ensure they are ready to protect their reputation during a real incident.
Health insurance provider
A large health insurance provider lost data that referred to more than 100 kinds of health insurance claims and some customers lost financial records. We created a suite of specific communications content, from hundreds of letters to affected individuals to talking points for phone conversations with those who had lost extremely sensitive material. Despite the high-profile nature of the organisation and the salacious nature of the breach, our methodical and transparent approach resulted in zero media coverage of the incident, and almost no customer backlash.
National children’s charity
One of Australia’s most reputable charities was the target of a cyber attack, less than one month before the most important donation drive for the year. We worked alongside cyber response partners to prepare a formal notification to impacted individuals, and develop a comprehensive media strategy endorsed by the board and leadership. Knowing the incident would receive media coverage, the cornerstone of our strategy was proactively informing a trusted group of journalists who understood cyber incidents, to ensure factual accuracy in the way the incident was reported. The charity experienced no downturn in funds raised.