Ciso Best Practices Developing Communication Plan Breach
14, 2017

Developing a Communication Plan for a Breach

When a breach occurs, CISOs need to have a clear communication plan in place that describes to stakeholders and managers what occurred and what steps are being taken to solve the crisis. This requires the CISO to develop both internal and external communication plans. Both documents are meant to guide the board, stakeholders, and managers on the steps they should take going forward to ensure business operations proceed without further exposing the organization to additional cyber attacks.

Michal Zanga, former CAO of the Royal Bank of Scotland (RBS), understands the need for communication planning all too well. “Our business continuity plan (BCP) never really considered how to deal with hacking,” says Zanga. “We had to learn about the need for an escalation based communication plan during a breach.”

Join Consortium to learn the best practices for developing a communications plan. Inside, you’ll learn more from Zanga’s experience in developing a communication plan, including:

Scenario Planning

Scenario planning asks the CISO to answer the question, “plan for what?” Without developing a range of likely scenarios, the communication plan can’t be developed.

Scenario Testing

Zanga explains the need and value-add of bringing in a third-party to conduct a risk assessment. Outside vendors can adequately stress the IT security environment, setting off triggers that put the communication plan into action. After the testing is done, the CISO can evaluate how well the communication plan performed.


Daily system reports are an important supplement to communication plan building. Everything from port scanning to breach attempts need to be reported for CISOs keep the communication plan up to date. A communication plan lets organizations respond to breaches as a single, unified entity.

Get access to the full article by becoming a member of Consortium today.