Estimated reading time: 5 minutes
Words matter! Every single one. “The difference between the almost right word and the right word is really a large matter. ’tis the difference between the lightning bug and the lightning,” is how Mark Twain put it. He may not have been talking about incident response following a cyberattack, but his admonition still applies. A cyberattack can feel like a blackout as systems fail, rumors spread, and customers demand answers. In the latest Cyber Insurance News and Information Podcast, host Martin Hinton interviews Kelly Miller of FTI Consulting. Together, they examine the aftermath of a breach and explain why communications must be central to incident response. This episode speaks to both experts and general audiences, showing how language can bring stability to chaotic situations.
Kelly Miller serves as a Managing Director and leader in FTI Consulting’s Cybersecurity & Data Privacy Communications practice. Her team is the largest cyber-specialized communications group advising companies and law firms. She supports organizations facing cybersecurity breaches, data privacy incidents, investigations, lawsuits, and intense scrutiny. Her experience includes high-profile and sensitive incidents, as well as preparedness programs and tabletop exercises. She also brings a strong policy background from Washington, D.C., developed through work across telecom, technology, and public affairs.
When a Cyberattack Hits, Words Move Faster Than Malware
Technical teams restore systems. Stakeholders watch every sentence you release. From social media to customer opinions, every company is a media company now. Public statements can affect legal exposure and claims. One unclear message can cause panic. One confident guess can become tomorrow’s headline.
Words carry weight, even in technical crises. A breach forces you to translate complex facts into plain language. People want to know what happened, what you know, and what you’re doing next. When you speak clearly, you protect trust.
The First 24 Hours: Don’t Over-Promise, Don’t Freeze
Early in incident response, teams rarely know everything. People still expect clarity. The show warns against over-promising on the first day. If you promise timelines before facts settle, reality will change. When the story changes, trust drops.
The discussion stresses process and discipline. Build approval paths before an incident. Define who drafts updates and who signs off. Decide what triggers legal review. Prepare holding statements for likely breach scenarios. These steps help you act fast without guessing.
Stakeholders Need Different Messages, Not Different Truths
Kelly and Martin stress mapping stakeholders. Customers need updates and information about next steps. Employees need direction and guardrails. Partners need continuity plans. Regulators need accuracy and timing. Insurers need documentation and partnership during a cyberattack investigation.
You can tailor each message to each audience. You must still keep one shared truth. Aligned communications prevents contradictions. Contradictions create screenshots that live forever.
Legal, Regulatory, and Cyber Insurance Pressures Collide
A breach creates overlapping rules. Notification laws may require speed. Contracts may require specific words. Industry rules may need proof of controls. Cyber insurance adds more complexity.
Get The Cyber Insurance News Upload Delivered
Subscribe to our newsletter!
Policies frequently require prompt notice and cooperation. They may need approved vendors or set workflows. This reality shapes communications. Kelly conveys the pressure; words matter, even legally. One adjective can imply fault. One promise can create reliance. One timeline can cause a dispute.
Legal counsel must oversee messaging, but cannot manage it alone. A coordinated incident response team should balance speed, accuracy, and risk in communications.
Internal Communications Can Calm People or Ignite Speculation
Employees will talk during a cyberattack. They message colleagues and share theories. If leadership stays silent, gaps fill with guesses. If leaders share unverified details, confusion spreads faster.
The episode emphasizes disciplined messaging. Provide employees with verified facts and clear roles. Direct questions to the correct channels. Arm employees with approved language for customer conversations. Address speculation rapidly to maintain control.
Practice Makes Incident Response Cheaper and Cleaner
Preparedness reduces cost and stress. Tabletop exercises reveal weak links and slow approvals. They test whether leaders can explain events in plain language. Kelly explores how preparedness saves money in the long term. That includes legal fees, forensic expenses, and brand recovery costs.
Teams that practice also recover faster. They write better updates under pressure. They learn how to stay transparent without guessing. They build credibility before the next cyberattack arrives.
Why Listen to This Episode
If you manage cyber risk, listen to this episode for practical steps you can apply. If you buy cyber insurance, learn about hidden constraints that could change your business. If you’re non-technical, discover how technical issues become clear and actionable. Most importantly, see why communications is not a soft skill but a core control during incident response.
Watch The Whole Episode
Podcast also available here
Transcript – This has been checked for accuracy, but confirm any elements against the video yourself to be sure.
Related Cyber Liability Insurance Posts
- CFC Appoints Justin Camara as CEO of CFC USA to Drive U.S. Growth
- CyberCatch Launches No-Application Cyber Insurance for CMMC Compliance
- SecurityScorecard Achieves StateRAMP Ready Status and Reaffirms FedRAMP Compliance
- Converge Cyber Insurance Expands – New Underwriting Capacity from Obsidian
- The Beckage Firm Announces the Promotion of Lee Merreot to Partner in Data Privacy Law
