Crisis Communications Under Fire: High-Stakes Cybersecurity & Reputation Risk

Written By Jared Gibbons

When a crisis unfolds, every second counts. Managing high-profile cybersecurity incidents requires clear messaging, strategic coordination, and rapid crisis response to protect brand reputation.

One of the most complex cybersecurity crisis communications challenges in recent history—the Symantec-Anonymous hack—put those skills to the test. With ransom demands, leaked source code, and an FBI informant embedded within the hacker group, the crisis played out publicly over months, creating significant reputational risk for Symantec.

The Challenge

Symantec faced an evolving, high-stakes cybersecurity crisis that proved to be both a sprint and a marathon—demanding rapid response communications while dragging on for months. Just as things seemed under control, new developments surfaced—whether it was fresh analysis from our security teams, new hacker activity, or unexpected media coverage—plunging us back into peak crisis mode. Each cycle required swift recalibration, clear messaging, and strategic decision-making to keep stakeholders informed and maintain trust.

  • Hackers leaked source code for an older version of Norton Antivirus, raising concerns about product security, intellectual property theft, and consumer trust.

  • The crisis spanned six months, requiring ongoing stakeholder engagement, cybersecurity communications expertise, and media management.

  • Symantec needed to reassure customers, respond to media scrutiny, and maintain trust—all while navigating the uncertainty of an active cybersecurity investigation.

The Approach

At times, we were on daily calls with key stakeholders, updating each other and coordinating the next move. When the situation escalated suddenly, automated SIREN calls would prompt us to join a live, high-priority crisis response meeting.

Meanwhile, my colleague would step out of meetings to take calls from Reuters and AP, reactively providing our latest crisis communications statement. These moments underscored the need for constant readiness, seamless internal coordination, and the ability to pivot in real time.

As part of Symantec’s crisis communications leadership team, I helped shape and execute a strategic response rooted in both corporate ethics and technical expertise—one that prioritized transparency, met our obligations to customers, shareholders, and media, and reinforced trust in the company’s security leadership.

  • Transparent Messaging: Ensured clear, factual crisis communication that the compromised code was outdated and posed no security risk—while continuously refining messaging as new technical details emerged.

  • Executive & Legal Coordination: Aligned communications with legal, technical, and executive teams to maintain consistency and credibility.

  • Proactive Media Management: Engaged with press and cybersecurity industry stakeholders, ensuring a steady, controlled crisis communications strategy to prevent misinformation and speculation.

  • Stakeholder Trust & Reputation Management: Positioned Symantec as a cybersecurity leader by emphasizing transparency, resilience, and security expertise.

Lessons in Crisis Communications

Despite the severity of the cybersecurity breach, Symantec successfully mitigated reputational damage. By prioritizing transparent communication and strategic coordination, the company retained customer trust and credibility in the cybersecurity industry.

This case underscores key crisis communication management principles and best practices for crisis communication strategy:

  • Manage the Narrative: Proactive, fact-based crisis communication prevents misinformation from taking hold.

  • Cross-Functional Coordination is Key: Legal, technical, and crisis communications teams must align quickly to ensure a unified response.

  • Transparency Builds Trust: Even in high-risk cybersecurity incidents, clear and honest communication reinforces brand credibility.

Crisis Communications for Any Issue

Hamby Communications can serve as your crisis communications agency, providing strategic crisis counsel for cybersecurity and other reputational issues. We specialize in crisis communication strategy to help businesses manage security breaches, executive transitions, workforce reductions, and regulatory issues. Through crisis communication training and real-time response, we equip leadership teams with the tools to navigate complexity, protect reputations, and emerge stronger.

Jared Gibbons

I design and develop Squarespace websites.

Phone - Email

https://www.pcktknfe.com
Previous

Interim Communications Counsel: Expertise When You Need It Most
Next

The Art and Science of Message Development