Red warning light, alarm light

Crisis Communication During a Ransomware Attack: Managing Information in an Emergency

Janka Kreißl

Janka Kreißl ist Partnerin bei Dunkelblau in Leipzig.
Oct 01 , 2025

One click, one encrypted system – and suddenly your company comes to a standstill. The emergency is real. Ransomware attacks no longer target only international corporations. Mid-sized companies and smaller organizations are increasingly in the crosshairs. The result: from one moment to the next, little or nothing works.

CONTENT

When Everything Comes to a Halt

Production shuts down. Supply chains are disrupted. Invoices can’t be issued. Salaries can’t be paid. Even the phones go silent during a major cybersecurity incident. This loss of control is a shock for any company – and forces top management to make critical decisions in a very short time.

In such a situation, one thing becomes vital: clear, structured communication – internally and externally. In short: emergency communication.

Why Smart Communication Is Critical During a Cyberattack

“A crisis exists when others perceive it as one.” This statement gets to the heart of the matter: whether employees, customers, suppliers, or the public – all stakeholders expect clarity and leadership in the event of a security breach. If these expectations are not met, the consequences can be serious: employees may consider resigning, stakeholders may lose confidence, and customers may walk away.

Very quickly, accusations arise: “This company doesn’t have the situation under control.” Whether that’s true or not doesn’t matter initially – what counts is perception: “They don’t have a communication plan.”

This is exactly where crisis communication comes in. It reduces uncertainty, provides direction, and demonstrates leadership. Companies that avoid contradictory messaging and communicate consistently can maintain trust – even in a crisis.

Crisis communication in an emergency - principles and measures

Balancing Transparency and Discretion

Ransomware attacks require tact. Excessive technical detail or comments about potential ransom payments can cause confusion or even provoke attackers. On the other hand, complete silence appears evasive. Transparency doesn’t mean telling everything – it means credibly showing that the situation is under control and appropriate action is being taken.

Prioritize Stakeholders

  1. Employees: They must be the first to be informed. Clear messaging prevents rumors and reassures them about working hours, responsibilities, and salary payments.
  2. Customers, partners, suppliers: Provide realistic assessments of how long disruptions may last and what impacts to expect.
  3. Public and media: Information gaps lead to speculation. Proactive communication allows you to control the narrative.
Mountaineers celebrate their ascent to the summit at sunset by clapping their hands.
Practical tip

Use ISO/IEC 27001 as a Guide for Security Communication

Foster awareness and preparedness within your organization. Minimize uncertainty. Use ISO 27001 to define reporting lines, responsibilities, and communication processes – especially for security-related issues such as incidents and breaches.

Learn more about ISO 27001 cer­ti­fic­a­tion

Structure and timing

In a crisis, a structured timeline is invaluable. Even if you can’t make firm predictions initially, a rough schedule fosters transparency. It’s better to communicate frequent, smaller updates than to overpromise and disappoint. An honest, “We’re still investigating and will update you shortly,” is more credible than premature statements.

Plan fixed updates for internal teams, scheduled press briefings, and coordinated communication channels to ensure control over the flow of information.

Tools and templates

Equip your team with helpful resources: prepared FAQs, sample statements, speaking notes, and email templates. These tools save valuable time and ensure consistent messaging – both internally and externally.

Preparation instead of improvisation

The most important takeaway: crisis communication should begin well before an actual ransomware attack. Establishing communication structures and processes in advance saves precious time when it matters most.

  • Set up crisis teams: Cross-functional teams with clear decision-making authority
  • Define responsibilities: Who communicates internally? Externally? Who approves final messages?
  • Prioritize systems: Know which systems and processes are critical
  • Practice scenarios: Run realistic exercises
  • Establish infrastructure: Emergency hotlines, secure document storage, designated contact persons

Companies that regularly rehearse crisis scenarios won’t panic – they’ll respond with a plan.

Crisis communication is key

A ransomware attack is a high-stakes emergency – and can quickly become a question of survival. In such moments, strong crisis communication isn’t optional; it’s essential. It provides orientation, helps maintain trust, and preserves your organization’s ability to act.

The good news: crisis communication can be prepared in advance. With the right structures, templates, and roles in place, you’ll gain the most valuable assets in a crisis: time, clarity, and reliability.

Our practical tip: The well-known standard for information security management ISO 27001 explicitly requires organizations to define what, when, how and with whom to communicate - both internally and externally (section 7.4). Particular attention is paid to security-related topics: Security incidents, their reporting, handling and follow-up are subject to clearly documented requirements (Annex A 5.24 - 5.26).
In this way, ISO 27001 not only helps with risk management, but also ensures that everyone knows what to do at critical moments.

Conclusion: Crisis Communication in an Emergency

Why Preparation Matters

Ransomware attacks can’t always be prevented. But how your organization communicates during one determines whether the incident becomes a disaster or a manageable situation.

Organizations that prepare their crisis communication strategies in advance are better positioned to protect trust, remain operational, and recover stronger.

ISO/IEC 27001 offers a structured framework for crisis communication – with defined responsibilities, communication paths, and escalation procedures. This creates the clarity and resilience needed to respond effectively in emergencies.

questions-answers-dqs-question mark on wooden dice on table

Got Questions?

We are Here to Help.

Curious how much effort ISO/IEC 27001 certification requires? We’ll gladly inform you.

Get in touch with us. No obligation and free of charge.

We look forward to hearing from you

What You Can Expect from DQS

DQS is your expert partner for audits and certifications – for management systems and business processes. With more than 40 years of experience and a global network of 2,500 auditors, we offer reliable certification services across all areas of information security.

Our commitment: Expertise.
DQS auditors bring many years of practical experience from organizations of all sizes and industries. This ensures your auditor understands your specific situation and corporate culture.

Let’s connect – we are here for you.

Trust and expertise

All our content is developed by our standards experts or long-standing auditors. If you have questions about this blog post or our services, don’t hesitate to email us at [email protected]

Note: For readability, we use the generic masculine form. However, all gender identities are equally included where applicable.

Disclaimer: This article provides general guidance only. Implementation of any security or incident-response measures should be tailored to your organization’s legal, regulatory and operational environment.

Author

Janka Kreißl

You Might Also Enjoy These Reads

Discover more articles that dive deep into related themes and ideas.
Blog

AWS and Azure Are ISO 27001 Certified — But That Doesn't Mean Your Company Is

Read more
Blog

NIS-2 for Managing Directors: Duties, Liability, and Implementation

Read more
Blog

Why ISO 42001 is the Essential Strategic Upgrade to Your ISO 27001 Certification

Read more