public digitalThe public digital logo

Leading through a cyber attack: Learning from crisis

Cyber-Attack-March-2025.png

Cyber attacks can be devastating for any organisation. They can take down systems, block access to critical data and compromise sensitive information. The road to recovery is often long and challenging, impacting both professional and personal lives. From my experience leading recovery and data protection responses in a local authority during a major cyber attack, I’ve learnt valuable lessons about teamwork, leadership and resilience.

Here are some key takeaways for effectively managing a cyber crisis, which can be applied to any organisation, whether in the private or public sector.

Honest and decisive leadership

During a cyber attack, leaders must establish and sustain calm and focus across the organisation; now, more than ever, teams will be looking to their leaders for assurance. Effective leadership requires:

  • Transparency: Be upfront about the situation, even when the future is uncertain. This builds trust and keeps the team aligned.

  • Bold decision-making: Make tactical decisions confidently, even under pressure. Use the crisis as an opportunity to accelerate strategic changes that were already in motion.

  • Clear prioritisation: Establish guiding principles for recovery, focusing on the most critical needs first. This enables decisive, collaborative work, allowing your teams to act quickly with confidence – making the right calls and knowing when to seek guidance.

Working openly

In times of crisis, communication is crucial – being honest about the unknowns will help you establish and maintain trust. Working openly involves:

  • Sharing knowledge: Talk openly about challenges and progress. This allows for shared learning and collaborative problem-solving.

  • Regular updates: Provide consistent communication through internal channels, keeping everyone informed and reducing uncertainty.

  • External transparency: Where appropriate, share lessons learned externally to contribute to industry-wide resilience.

  • Communicate with confidence: You will need to protect some information, but try to minimise complexity so your teams don’t lose trust.

Team members who can support each other

The foundation of a strong recovery is a capable team that supports one another, measuring success through shared outcomes rather than competition or in-fighting. This includes:

  • Skills and attitude: Having a team with the right mix of technical skills and a proactive, problem-solving attitude.

  • Trust and collaboration: Fostering a culture of trust and mutual support, both professionally and personally. This creates a resilient and cohesive team dynamic.

  • Empowering the team: Giving team members the autonomy to make decisions within clear strategic guidelines, enabling agile responses.

Building capable teams is work that needs to be done before you have a crisis. Prioritise team dynamics, culture and ways of working just as much as skills and knowledge. How you respond to this crisis will have lasting effects on workers' trust and organisational culture, extending well beyond the crisis itself.

Prioritise team well-being

The intense pressure of crisis management can lead to burnout. Take deliberate steps to prevent this:

  • Make well-being a priority: Recognise the importance of mental and emotional health from the start. Check in on your team’s health regularly – and make it visible that you’re doing that.

  • Set boundaries: Establish clear boundaries to maintain a sustainable work pace. Model this yourself.

  • Create support systems: Encourage open discussions about stress and coping strategies, fostering a supportive environment.

  • Embed in culture: These principles should be part of everyday team culture, not just during crises.

Cyber resilience

While no organisation is immune to cyber threats, resilience can mitigate the impact. Key strategies to adopt, before a cyber attack actually takes place, include:

  • Proactive investment: Invest in cybersecurity measures, including cloud solutions and a ‘zero trust’ security model.

  • Crisis preparedness: Have a comprehensive incident response plan and conduct regular drills to ensure readiness.

  • Digital transformation: Use the opportunity to modernise systems and adopt more resilient digital infrastructure. Recovery will be time-consuming and expensive, so ensure your efforts drive progress.

  • Continuous improvement: Learn from each incident to improve cybersecurity posture and recovery processes.

Crisis response is a team sport

Recovering from a cyber attack is not about heroic individuals; it’s about effective teamwork. This means:

  • Collective responsibility: Embrace the idea that recovery is a shared responsibility, with no single hero.

  • Everyday resilience: Build resilience into daily operations, leadership and team culture. This ensures the team can function under pressure when needed.

  • Learning culture: Treat the crisis as a learning experience for everyone – including senior leaders – to better understand how digital and technology enable their service delivery. Continuously reflect on what worked well and what needs improvement.

Building resilience now

Cyber threats are an inevitable part of the digital age. Preparing for them starts now – and it starts with building a strong, resilient team culture. By investing in leadership, communication, wellbeing and cybersecurity, organisations can navigate the most challenging crises and emerge stronger.

Being prepared means being proactive – not reactive. It means fostering a team that can adapt, respond and recover together. Because in the end, resilience is built in everyday actions and decisions.

Start with your team.

Read more about how to become cyber safe and reach out to us below if you’d like to talk.

Written by