When hundreds of companies become cyber victims at once, the incident may not define you—but your communications will.
In the wake of the Salesloft Drift cyberattack that surfaced in late August, hundreds of companies are facing the same questions: what, when and how to share information about what has happened. These key communications decisions made in the early days of a major cyber incident can define an organization's reputation for months or years.
Most affected companies have remained publicly silent while waiting for forensics experts to help them fully understand the incident's impact. Yet several dozen have chosen to proactively issue public communications. This disparity reflects a fundamental tension: the desire to wait for complete forensic analysis versus the pressure to communicate quickly due stakeholder expectations.
Disclosure patterns: substance over speculation
The companies that have gone public share notable characteristics. The growing list is populated by technology companies and cybersecurity firms that face heightened scrutiny from customers who expect transparency from security providers.
An FGS Global analysis of the substance of more than two dozen of those company communications also shows consistent messaging frameworks:
Immediate containment actions: Every disclosure emphasizes rapid response measures, demonstrating organizational competence while investigations continue.
Limited scope clarification: Organizations distinguish between what systems were accessed and what data was compromised, acknowledging uncertainty while providing available facts.
Supply chain context: Companies clarify that the sophisticated attacks targeted widely-used business tools, not vulnerabilities unique to their organization.
Ongoing investigation caveats: Most statements manage expectations and reduce retraction risk by noting investigations are ongoing and may take weeks or months.
The contractual disclosure imperative
Even though contractually required notifications are made privately to customers, companies should assume that the information will leak and plan accordingly. For that reason, companies often simultaneously issue proactive public communications to help shape the narrative by preempting leaks, speculation and misinformation. Failing to anticipate this dynamic can leave companies flatfooted when their involvement becomes public. In high-profile, multi-victim incidents, that delay can mean losing control of your own story.
When preparing disclosures, companies should consider whether to temporarily pause advertising, social media campaigns and other marketing activities to avoid appearing tone deaf. This is particularly important for cybersecurity firms, which are held to a higher standard by stakeholders and expected to demonstrate sensitivity and transparency during crises.
The other side of the coin
Going public prematurely can backfire. Early communicators risk becoming the focal point of media coverage, cementing the company’s association with the incident. Missteps in messaging can spark customer, employee and investor anxiety, raising concerns about their incident response and causing additional reputational harm.
Supply chain attacks: the new normal
The Salesloft Drift incident exemplifies how any organization can become collateral damage through no fault of its own, when a single incident forces hundreds or even thousands of victims to navigate the same communications challenge simultaneously.
For affected organizations, shared victim status provides some reputational protection. However, this "herd immunity" effect is temporary. As the crisis fades, stakeholder attention shifts to how individual organizations handled the incident, making communications strategy a critical differentiator.
Companies that have communicated transparently, provided actionable guidance to customers and demonstrated clear incident response capabilities are positioning themselves for stronger stakeholder relationships.
Strategic implications
In an era where supply chain attacks are becoming the norm, the ability to communicate effectively during shared crises will increasingly separate organizational leaders from followers.
Five actions leaders should take before year-end:
Review rapid cross-functional coordination protocols between legal, IT, communications and executive teams.
Ensure not just that the company has a supply chain-specific crisis communications plan, but that it has been tested recently.
Maintain an up-to-date audit outlining customer and partner contractual disclosure requirements.
Prepare to communicate before all answers are known, focusing on transparency, empathy and action.
Establish values for communicating in advance. Does the company want to be transparent, empathic or seen as taking action?
Learn more about FGS Global's Cybersecurity & Data Privacy practice or contact us at cybertaskforce@fgsglobal.com.