How to use comms to ensure a cyber attack won’t spell the end for your business

How to use comms to ensure a cyber attack won’t spell the end for your business

By Ted Fraser, Head of Data & Insights

Could your business continue to function if - suddenly - all the computer screens went blank?

This isn’t scaremongering, it’s the very real question that the National Cyber Security Centre (NCSC) is asking UK businesses of all sizes in the wake of a sharp rise in hacks and attacks.

With a significant attack happening to a UK business every other day, normally a ransomware demand for money, high profile cases such as Marks & Spencer, Co-op and Jaguar Land Rover have made headlines as those businesses fought to regain control of their systems.

But in a business environment - and society - with more hackable targets than ever, the issue of cyber resilience is being placed top of the agenda in boardrooms of all sizes.

From the simplistic ‘can we go back to doing everything with pen and paper?’ to thoroughly examining just how easy a target your business might be, the time to act and put a firm plan in place is now.

Why Cyber Resilience starts with Communication

The NCSC dealt with 204 ‘nationally significant’ cyber attacks against the UK in the 12 months to August 2025 – a big rise from 89 in the previous year.  

That’s why they’re putting a toolkit in place for businesses to be prepared for all eventualities and ensure business continuity. High on that list is having a communications plan.

The NCSC recommends that all plans are stored in paper form or offline and include information about how teams will talk to each other without work email, chats or smartphones.

At Democracy, we have been navigating clients through crisis scenarios for decades and cyber attack is the latest and poses a significant threat.

Planning means knowing who you need in the room should the worst happen and what the decision making chain looks like. Having a clear vision of the outcome everyone is working towards is a simple way of keeping everyone focused.

For communications, the areas to consider are how to ensure regular and consistent updates with four key groups of stakeholders - internal audience/staff, investors/corporate, customers and media.

The drafting of statements and prepping of spokespeople in advance of a situation arising is best practice for a cyber attack or more conventional crisis situation.

Tools such as social listening can keep you abreast of everything that’s being said about your business and where the chat is coming from. This means you know when and where to react in response to developments.


All of this planning ensures you are on the front foot as you face into the crisis and have calm heads that will make better decisions for your business.

From Crisis to Control: Building a Resilient Response Plan

This strategy is known as ‘resilience engineering’, taking a step back from the day to day work of your business to build systems that can anticipate, absorb, recover and adapt, in the event of an attack.

While you might think China and Russia would have no interest in your business, it is the widespread destabilising that is of more importance to these ‘bad actors’ so preparing to not be an easy target is one essential, while at the same time preparing for your response in the event it does happen to you, with your communications planning at the heart of the response.

If you need help drawing up this plan, Democracy’s senior team of experienced communications professionals are exactly who you need in your corner. Get in touch with CEO Jen O’Grady, jennifer@democracypr.com now to find out how we can help you.