The latest cyberattack "WannaCry," known as a "ransomware" attack, has hit Europe and Asia in May 2017, and now the US is scrambling to protect its digital assets.  These periodic attacks pop up over the years, and follow a similar model.   Hackers get their files on your computer through a variety of methods, encrypt the data, and then demand a ransom in order to remove the encryption.

These hacks transform into a wave of problems spreading across the globe that have far5-Organizational-Change-Responses-to-Cyber-Security-Threats-featured.jpg reaching implications. Hackers have targeted health care organizations, which has been detrimental to patient care. In some instances, leaks included personnel information such as home address. There are many benefits to preventing this type of attack on a company’s data, as the implications go far beyond a company’s bottom line. It is in an organization’s best interest to protect its intellectual property, financial assets, and employee and customer privacy.

An organization needs to approach these attacks as a unified front to defend itself. Following are five organizational change management principles that can be applied when a threat to your industry or technology arises so you can support your IT department as they shore-up your resources.


Ideally, your communications team partners with the information technology team to understand the potential threat. Work with the IT team to break down the various aspects of the technical details. While your IT team does the heavy lifting to prevent an attack, your communication team will begin to develop a stakeholder assessment, identifying who the audiences are for the various messages. Your organization may already have a plan in place, but it will be tailored to the specifics dictated by a particular threat.  Evaluate your current standards, procedures, policies, etc.

Typically, there are at least two ways to approach your communications:  through internal5-Organizational-Change-Responses-to-Cyber-Security-Threats-training.jpg and/or external audiences. From there, you can determine how much detail would be appropriate to share with both. Consulting with your legal and regulatory teams would be beneficial, as they may provide additional guidance.

Identify any training or process changes that need to be made. You may need to pull in different team members to assist with research for those activities. Collaboration across workstreams can help ensure that key details do not get overlooked.


In this phase, the workstreams begin to strategize and expand their approach. For employees, you may want to break out the communication in tracks: one for management and one for the employees at large. You may want to refine them even further, potentially writing messages for the IT organization employees that include the technical specifications and a more general message for everyone else. 

There are always opportunities to improve awareness, procedures, and tools as a result of every "event."  If training or process changes are needed, begin to develop the path. Would a web-based training or lunch and learn session be sufficient? Identify SOPs that need to be updated.

The sales team can provide valuable information about the customers and how this threat may affect their businesses. They may also  provide additional insight on how best to communicate with the clients they represent.   5-Organizational-Change-Responses-to-Cyber-Security-Threats-security.jpg


While the workstreams are busy creating content, the communications team crafts the main points for their various stakeholders. The process teams hold workshops to refine the process under discussion. Then the training team creates the materials to help reinforce the communications and process changes.

Your customers will appreciate you being proactive. If you do not expect the threat event to directly impact your customers, this can be a high level message that simply reassures them that you have a plan in place.


Cascading the messages is critical in situations like this. You want your employees to be fully briefed before you reach out to the external audiences. This also allows for a last minute adjustment, if something comes to your attention that may have been previously neglected. 

Align with the sales team on how best to share the customer message. A combination of high and low touch approaches are effective, but follow the sales team’s lead. The cascading approach works for that audience as well.  


After the initial threat has been addressed or eliminated, follow up with a series of closing messages. These messages can allude to the challenge you faced, and then discuss its resolution. For your internal teams, you can thank them for their quick response. You can also remind them to keep up with the new process changes, and complete the training if they haven’t already done so. Sharing a brief job aid is a helpful way to bolster the training effort.

Provide a similar status message to your customers. Focus on the positive outcomes, and a path forward. Share with them that your layered security controls mitigated the issue. It’s likely that you may receive some feedback from customers, so now would be a good time to acknowledge it. 

As cyber threats become more frequent, prepare your organization in advance, so they can respond quickly, effectively and resolutely. With some investment of time and resources, your organization can equip itself to handle cyber security challenges and your  employees can return to focusing on driving value for your business and your customers.

CommentBox_2.jpgWhat are some of the organizational change management principles you have deployed to respond to cyber threats?  Let us know in the comments section below!

5 Common Mistakes When Managing Change Webcast