74% of Businesses Fall Victim to Cyber Crime—Are You Ready to Defend Yours?

You never see it coming. One day, you’ll be operating the business as usual. The next, your entire company has been taken down. 

Hit by a cyber attack that you never knew would target you. 

Ransom in the millions. Tech taken offline. Customer data breached. Employee data stolen. The entire internal ecosystem was attacked. It feels like the company is dying, and you’ve no idea who the enemy is.

In the last two years, we’ve seen a concerning rise in cybercrime. We’ve worked with CEOs as they attempt to resuscitate the business and HR professionals as they scramble to keep things functioning as more pressure than ever before bears down across the business.

Many companies don’t recognise that Internal communications are crucial to cyber security. In the face of the growing threat of cyber attacks, effective, impactful, seamless and secure communications are vital for the organisation. 

Internal communications are preventative measures that ensure employees understand the risks, know how to respond, and can work together to minimise damage when an attack occurs. In the case of a full-blown cyber security incident, robust crisis and recovery communications will be the defibrillator that brings the business back from attack.

Why is Internal Communication Critical in Cyber Security?

1. Rapid Incident Response – In the event of an attack, clear and immediate internal communication helps coordinate the response, reducing confusion and downtime.

2. Employee Awareness & Training—Regular updates and training empower employees to recognise and report threats, such as phishing attempts or suspicious activities.

3. Building a Security-First Culture – Transparent and consistent messaging fosters a workplace environment where cyber security is everyone’s responsibility.

4. Crisis Management – During a cyber attack, internal communications ensure employees stay informed, reducing panic and preventing misinformation.

5. Regulatory Compliance & Reputation Management – Strong internal comms help businesses meet compliance requirements by ensuring protocols get followed.

74% of Businesses Fall victim to Cyber Crime.

Over the last few years, Cultures That Pop has supported organisations through exceptionally hard-hitting cyber security incidents. Common theme? No one had crisis communications ready to recover the business. Every organisation runs fire drills. Every organisation has first aid training ticked. After 2001, many adopted Anthrax attack policies. But when a digital danger presented itself, no preparation or practise had been given to its response management.

Because it would never happen to us, right?! Wrong.

In 2024, 50% of UK businesses and 32% of charities reported cyber security breaches or attacks. As you might expect, bigger businesses mean bigger risks, with 70% of medium-sized businesses, a whopping 74% of large businesses, and 66% of larger charities falling victim.

Phishing, impersonations, viruses, or malware. Every day, the attacks become more sophisticated, deceitful, and increasingly dangerous. At Cultures That Pop, we help organisations prevent danger, prepare for attacks, and, in the worst instances, navigate the nightmare of a full-scale incident.

In this blog, we’ll share just some of the learnings from leading crisis incidents in organisations under attack. 

What’s unsuitable for crisis communications during an attack?

Businesses need secure and resilient communication channels during a cyber attack to coordinate their response. 

However, many rely too heavily on everyday tools like WhatsApp, Microsoft Teams, and Slack. Yes, they are convenient, but they are also highly unsuitable for crisis communications during an attack.

Did you know…

1. They Can Be Compromised—If an attacker has already infiltrated the business network, they likely have access to your Microsoft 365, Teams, or Slack through compromised user credentials. If these tools are part of a broader breach, attackers can follow conversations in real-time, enabling them to always stay a step ahead.

2. Dependency on Internet & Cloud Services—Many attacks involve denial-of-service (DoS) attacks or ransomware that disrupt cloud-based services, making it impossible to access them.

3. End-to-End Encryption Is Not Enough—While WhatsApp and Signal offer encryption, they do not protect against endpoint compromise. Attackers can still read messages if a device gets infected with malware.

4. Phishing & Social Engineering Risks—Attackers often impersonate trusted contacts, sending fake messages via WhatsApp or Teams to mislead staff, spread misinformation, and hinder response efforts.

5. Data Retention & Compliance Issues—Using unapproved channels during a crisis can violate regulatory requirements, making post-attack investigations more challenging.

Employees need to be ready to adopt new ways of working that won’t continue to compromise the business, introducing out-of-band channels.

What Is a Secure Way to Communicate During a Cyber Attack?

Businesses must establish a secure, out-of-band (OOB) communication system that remains functional even if the primary network is compromised. 

Have you heard of…

1. Dedicated Incident Response Platforms – Solutions like Signal (with strict policies), Zello, or encrypted crisis communication tools designed for security teams.

2. Offline, Air-Gapped Devices – A set of pre-registered, secure burner phones or dedicated hardware not connected to the corporate network.

3. Satellite Phones or Radio Systems – Ideal for high-risk industries and ensure completely independent communication.

4. Predefined Emergency Conferencing Systems – Secure, external bridge lines that do not rely on the corporate IT environment.

5. Paper-Based Crisis Plans – Keep a hard-copy crisis response plan with assigned roles and actions, ensuring coordination even if digital tools fail.

They’re the less snazzy but ultimately more secure communication channels that communication providers rarely discuss. At Cultures That Pop, we partner with cybersecurity experts to help clients overcome crisis communication hurdles.

“Too often, we see cyber security policy treated as a tickbox exercise, but it’s so important to engage employees. One term I like in training people on cybersecurity is “Building a strong human firewall. Over the years, we’ve seen improvements in every organisation that we’ve run simulated phishing for. Practise leads to improvements and better protection.”

- William Taafe, CEO at Lockdown Cyber Security -

What about the Human Side of a Cyber Crisis?

Businesses often focus on technical recovery during a cyber attack, but the human side of crisis management is just as critical. Employees are under immense pressure, facing uncertainty, potential downtime, and even job security concerns.

Our strategic approach to building resilient, engaged, and adaptable work cultures plays a vital role in internal communications and employee wellbeing.

1. Crisis Communication: Keeping Employees Informed & Focused

When systems are compromised, clear, transparent, and reassuring communication is key to keeping employees aligned and preventing panic. 

Cultures that Pop helps you craft authentic messaging that keeps employees informed without fueling anxiety and panic. We use relatable narratives to explain complex cyber threats in a way employees understand and act on. We also ensure two-way communication is activated, allowing employees to raise concerns, report issues, and get support.

As a key ‘Prepare and Prevent’ measure, we help develop leaders as great communicators, ensuring that they can provide their teams with real-time, reliable, and engaging updates in the face of crisis.

“With only a few weeks of coaching, I pivoted thinking on how to approach leadership. I was super stuck in a task list way of thinking. After only a few sessions, I was able to drive strategic change within my team.”

- Stephanie Maldonado, Director of Ops at MPLC -

2. Employee Support & Wellbeing: Reducing Stress & Uncertainty

“It feels like the organisation has died” - these were the words of a HR professional as they described the impact of a cyber attack on their organisation. Like nothing anyone had ever experienced before.

Sending employees into the “War Room” for intense shifts of rescue and recovery is seriously exhausting. The pressure is immense, and stress levels are likely off the chart. 

We’ve seen employees working extremely long shifts, unable to focus on anything else for days at a time. Those responsible for affected areas are likely to feel huge amounts of blame, shame, and responsibility for the detrimental damage caused.

Lack of sleep due to extreme stress means individuals could be travelling to work on just a few hours' sleep, eating fast food for days at a time because it’s the quickest, easiest thing to eat, and driving to the workplace on no sleep, which puts not only the employee in danger but also other members of the public.

Are you prepared to support your people?

Cyber attacks disrupt normal operations, often leading to overtime, job insecurity, or financial concerns. A workplace culture that prioritises well-being and psychological safety ensures employees remain motivated, supported, and resilient. 

At Cultures that Pop, we’ve provided organisations with:

• Mental health & resilience training, helping employees manage stress and anxiety during crises.

• Sense of belonging & psychological safety, so employees don’t fear speaking up if they make a security mistake.

• Recognition & appreciation, ensuring employees involved in crisis response feel valued.

• Post-crisis debriefing & recovery strategies, helping teams process what happened and rebuilding trust.

3. Strengthening Cyber Resilience Through Culture

A strong, people-first culture turns cyber security from a technical issue into a shared responsibility. 

At Cultures that Pop, we help clients ensure:

• Employees understand their role in security, making them less likely to fall for phishing attacks.

• Teams respond to crises with agility rather than fear-driven mistakes.

• Organisations emerge stronger post-attack, with employees engaged rather than demoralised.

Technology alone can’t protect a business—culture, communication, and employee well-being are the foundation of cyber resilience. By integrating Internal Communications and Employee Engagement strategies into crisis planning, you can safeguard your people, maintain trust, and recover faster.

We highly recommend checking out courses such as the Ransomware Readiness course from the experts at Lockdown Cyber Security. 

With its focus on hands-on training and real-world impact, this course is an excellent starting point for businesses implementing preventative measures. You’ll better understand the threat landscape, strengthen technical and operational resilience and gain the knowledge needed during crises.

Final Thoughts

Cyber threats are evolving, but so are the ways to stay protected. As attackers leverage AI and target personal identities, it’s crucial we stay ahead by understanding these trends and strengthening security strategies. 

Introduce internal communication to the conversation to increase your impact. It will help you foster a culture of preparedness, mitigate risks, and ensure you can respond swiftly when an attack occurs. 

Engaging employees with a ‘cyber-safety’ mindset will not only upskill them for the modern world of work but could ultimately save you millions in ransom and the ramifications that follow. 

How do I get started?

Talk to the team at Cultures That Pop about how Internal Communications and Employee Engagement can underpin your IT and Security team policies. We’ll advise, implement and connect you with experts to ensure your Prevent and Prepare strategy is ready for action.