A major cyber security incident can represent a cyber crisis for an organisation, in particular because of the associated risk of substantial reputational damage. As the likelihood of falling victim to a cyberattack has increased over time, so too has the need to understand exactly what is effective corporate communication after an attack, and how best to engage the concerns of customers, partners and other stakeholders. This research seeks to tackle this problem through a critical, multi-faceted investigation into the efficacy of crisis communication and public relations following a data breach. It does so by drawing on academic literature, obtained through a systematic literature review, and real-world case studies. Qualitative data analysis is used to interpret and structure the results, allowing for the development of a new, comprehensive framework for corporate communication to support companies in their preparation and response to such events. The validity of this framework is demonstrated by its evaluation through interviews with senior industry professionals, as well as a critical assessment against relevant practice and research. The framework is further refined based on these evaluations, and an updated version defined. This research represents the first grounded, comprehensive and evaluated proposal for characterising effective corporate communication after cyber security incidents.

中文翻译：

---

网络安全事件后有效企业沟通的框架

重大网络安全事件可能代表组织的网络危机，特别是因为相关的声誉受损风险。随着成为网络攻击受害者的可能性随着时间的推移而增加，因此也需要准确了解攻击后什么是有效的企业沟通，以及如何最好地解决客户、合作伙伴和其他利益相关者的担忧。这项研究旨在通过对数据泄露后危机沟通和公共关系的有效性进行批判性的多方面调查来解决这个问题。它通过借鉴通过系统文献综述和现实世界案例研究获得的学术文献来做到这一点。定性数据分析用于解释和构建结果，允许开发新的、公司沟通的综合框架，以支持公司准备和应对此类事件。该框架的有效性通过与资深行业专业人士的访谈以及对相关实践和研究的批判性评估来证明。基于这些评估进一步完善了框架，并定义了更新版本。这项研究代表了第一个有根据的、全面的和经过评估的提案，用于表征网络安全事件后的有效企业沟通。以及针对相关实践和研究的批判性评估。基于这些评估进一步完善了框架，并定义了更新版本。这项研究代表了第一个有根据的、全面的和经过评估的提案，用于表征网络安全事件后的有效企业沟通。以及针对相关实践和研究的批判性评估。基于这些评估进一步完善了框架，并定义了更新版本。这项研究代表了第一个有根据的、全面的和经过评估的提案，用于表征网络安全事件后的有效企业沟通。