MSP hacks can cause some of the messiest communications crises. Here are 5 steps you can take today to prevent future headaches

Guest post by Meredith Griffanti & Kelly Miller, FTI Consulting

As leaders of cyber breach communications response teams for many of the most prominent hacks in history, we can confidently say we’ve seen it all. One trend remains true: MSP hacks can truly wreak havoc on even the most buttoned-up communications teams.

Many companies today are rightfully focused on taking security steps to protect against intruders. But anyone who has experienced a cybersecurity disaster can tell you that while the origin of an incident may be technical in nature, communications can be the hardest thing to navigate. Preparing a communications response plan is critical.

For MSPs, the communications web becomes incredibly complicated with clients, end customers, clients’ clients, business partners… the list goes on. And even if a company is back on its feet from an operational perspective, the account team will be fielding client questions for weeks – and often months – to come. Across the board for incident response mandates, the communications workstream has the longest tail.

With our experience managing, some of the most memorable MSP hacks to date, we can recommend a few steps MSPs can take today so that any cybersecurity incident can become more manageable.

1. Evaluate communications business continuity – and know your backup programs

In the heat of a cyber incident when systems are either locked up or have been taken down to prevent impact, communication can seem impossible. The best-prepared companies have planned ahead and have external “out of band” communications tools in place to reach important stakeholders. Not only should you have a vendor secured to provide these services, but make sure communications professionals and others at your company are trained to use them. Ironically, an all-staff email can be most critical when you aren’t able to send one. Think about things like emergency text alerts or lead-gen software you can use in the absence of traditional communications channels.

2. Have a communications approval strategy in order

An update to staff doesn’t usually take long to write – but it can take ages to get properly approved. The usual chain of command for press releases should not stand in the event of a crisis. Organize an emergency protocol today to ensure the right internal stakeholders (including board members, C-suite, and tech teams) can swiftly provide input and streamline a stamp of approval for communications.

3. Understand your business relationships

MSPs’ business networks are incredibly complicated and many account/sales teams interface with many clients at once. When a cyber incident occurs and every client wants more information, existing structures can quickly become untenable. Now is the time to think through how you’ll manage a high volume of inquiries and make sure each external touchpoint has a clear POC within the company. This also means keeping contact sheets up to date. Often former clients are implicated in cyber incidents – so know how to get in touch with them (and who is on point to make the call).

4. Give account teams visibility into data governance policies

Data governance policies and procedures should not be held secret or in a privacy vacuum. When an incident occurs, account teams are the ones on the front lines explaining to customers why certain data elements are stored and for how long. They are also often attuned as to what information will be more meaningful to various customers – or considered “sensitive.” As your organization makes data governance policy decisions – ensure those are communicated clearly to client relationship teams.

5. Evaluate contractual agreements in advance

Long after you’ve sorted all the security and operational concerns that a cybersecurity incident can create, you may be continuing conversations with clients about how to move forward in the aftermath – if they’re owed discounts due to any system downtime, how many data controllers or subjects may need to be notified if data retention agreements were honored… many details that may not be top of mind when you’re signing new clients. Take the time today to ensure contractual agreements are easily accessible, categorized, and regularly reviewed – that way in the event of an incident, you can prioritize communications decisions also based on contractual need.

When it comes to communications around cyber incidents, MSPs are often held to a higher standard due to the outsized impact that downtime can create for their clients. The goals of an effective response should be ensuring a smaller blast radius through a well-thought-out and organized communications plan, equipping leaders with messages so that they can have consistent and informative conversations about workarounds that minimize operational impact, and delivering quick, transparent, and accurate notifications. When preparing your cyber plan, don’t forget communications – it can save you immense time and money down the road.

Meredith Griffanti


Meredith Griffanti is an award-winning Crisis Communications and Cybersecurity PR professional and leads the firm’s Cybersecurity & Data Privacy Communications practice. She provides communications counsel to clients on both cybersecurity preparedness and incident response matters across a wide range of industries.


Ms. Griffanti has worked on some of the most high-profile data breaches around the world and helps her clients effectively and transparently communicate with their key stakeholders before, during, and after a cybersecurity incident.


She was named a “2020 Person of the Year for Crisis Management” by PR News and received a Cybersecurity Excellence Award for being the “2021 Cybersecurity PR Professional of the Year”. In 2021, she also received Consulting Magazine’s “Rising Star Award” for her crisis communications expertise. Ms. Griffanti is currently preparing for the Certified Information Systems Security Professional (CISSP) exam to further deepen her cybersecurity credentials.

Kelly Miller


Kelly Miller is a senior leader in FTI Consulting’s Cybersecurity & Data Privacy Communications practice and specializes in navigating cybersecurity incident response and data privacy issues. Ms. Miller advises technology and cybersecurity companies, from Fortune 100 to startups, on communications strategy through crises, public investigations, and regulatory debates.


Her experience includes leading ransomware response for companies in a variety of industries, steering clients’ sensitive national privacy debates with the top-tier press, building emerging brands into power players in federal cybersecurity, and supporting pro-wireless innovation campaigns through FCC approval.


Prior to joining FTI, Ms. Miller served as Vice President at Banner Public Affairs, where she led technology client accounts and founded the firm’s startup practice.


She worked previously as a public affairs manager at CTIA, the primary trade association for the wireless telephone/mobile broadband industry. In this role, she helped shape and execute both regulatory and consumer communications strategies as well as respond to industry crises.


The Ultimate Checklist on Ransomware Mitigation for MSPs

Free Download


Senan Conrad

Senan Conrad

Senan specializes in giving readers insight into the constantly and rapidly changing world of cybersecurity. When he’s not tapping away at his keyboard, he enjoys drinking a good coffee or tinkering in his workshop.

What to read next