On 3 March the UCISA, a professional body for digital practitioners in education, launched the Cyber Incident Communications Toolkit, created for UK higher education institutions to plan the communications response during a major cyber incident.
The toolkit, which is based on research by Dr Jason Nurse – Senior Lecturer (Associate Professor) in Cyber Security at Kent – focuses on the importance of collaboration both internally and with partners to ensure provision of an effective and coordinated communications response with students, staff, funders, and other stakeholders.
Dr Nurse’s research, ‘A framework for effective corporate communication after cyber security incidents’, details a framework for communications in the event of a cyber incident, and highlights the best practices for effective data breach announcements. The framework is grounded in a systematic review and real-world case studies, and includes interviews with senior industry professionals to allow for framework evaluation and refinement.
Dr Nurse’s framework can complement security incident response and management in institutions and businesses. He said: ‘Universities have increasingly become targets of ransomware and other cyber-attacks. Such attacks can result in major disruption of operations, with significant financial and reputational impact. With the increasing risk of institutions being the target of cyber-attacks, so too has the need grown to understand exactly what is effective communication after an attack, and how best to engage the concerns of customers, partners and other stakeholders.
‘This research seeks to tackle this problem through a critical, multi-faceted investigation into the efficacy of crisis communication and public relations following a data breach. It does so by drawing on academic literature, obtained through a systematic literature review, and real-world case studies.’
UCISA’s use of the framework is the latest in a series of promising impacts of Dr Nurse’s work in industry and government. Thus far, the framework has been recommended by CyberScotland, it has been featured in industry, and has won an award at a top security conference.
Dr Jason R.C. Nurse is a Senior Lecturer (Associate Professor) in Cyber Security in the School of Computing and the Institute of Cyber Security for Society (iCSS) at the University. His research ‘A framework for effective corporate communication after cyber security incidents’ is published in Computers & Security.
The Toolkit and accompanying resources are available to UCISA members via login.