They’ve become a vital necessity and DEVENEY can help

With cyber security at the forefront on the world stage, having a seasoned team of experts is vital to help prepare and protect your credit union from the perils of a security breach. Preparing before a crisis is important in both the short-term and long-term. Handing the technology side of a cyber-attack is critical, and so is how you respond should your credit union become a target.

In today’s global, digital world, safeguarding personally identifiable information (PII), valuable intellectual property, private financial information, and a company’s hard-earned reputation are all a crucial part of business strategy. Yet, with the number of threats and the sophistication of cyber-attacks increasing, this has become a formidable challenge. Conducting business as usual without an appropriate rapid response plan is no longer conducting responsible business.

Companies are often quick to focus on the technical aspects of a cyber-breach but learning and preparing how to publicly respond to a data breach isn’t something that gets enough executive attention. “It’s the CIO’s job” is a common response to the threat—that is until there is an actual incident. Then a company must swiftly and successfully go into damage-control mode as it tries to deal with stolen customer data, disclosure of confidential financial information, a disabled Web storefront, or worse, the loss of public trust and immediately subsequent and irreversible reputational harm. Brands that have taken years if not decades to build can and have been destroyed in seconds, executives lose their jobs, and all because one employee simply clicked on a web link that they shouldn’t have.

Companies need to become better prepared for cyber crises. This preparation includes establishing the capability to publicly respond to a significant cyber event with a cyber-crisis management solution. As a result, more and more corporate clients need unique and proactive cyber-specific crisis communication response and risk management strategies that are developed by specialized professionals with a firm grasp and seasoned understanding of the complex world of cyber security as well as an understanding of the current data privacy debate raging from Washington to Silicon Valley.


DEVENEY and our cyber security communication expert will lead your top executives through a three-part program designed to prepare the brand to effectively respond to a data breach, mitigate potential losses and possibly even turn crisis into opportunity.

First, we will conduct a comprehensive audit through a real-world exercise designed to test the credit union’s current response to a hypothetical cyber-attack and identify their public response weaknesses.

Second, we will build a tailored data breach response plan that addresses those weaknesses, removes the identified obstacles, and enables you to effectively respond.

Third, we will put your key executives/spokespeople through cyber security/data privacy media training.

#1: Table Top Exercise: We will work with your leadership to develop a unique and specific table-top exercise (TTE) designed to walk the brand through a hypothetical cyber-attack and resulting data breach. The TTE will tee up the immediate decisions that the company’s senior leadership team will have to make to respond and will identify weaknesses and obstacles that impede their response.

#2: Vulnerability Audit: After completing this TTE, DEVENEY will deliver a detailed After-Action Report that will identify what went well, areas that need improvement, and finally (and most importantly), the obstacles and barriers that hinder a current response.

#3: Cyber Security Communication Response Strategy: As a follow-on service to the TTE, we will work to address newly identified needs. This Cyber Security Communication Response Strategy might include, but is not limited to:

  • Internal and comprehensive-employee communication plan to better educate team members about their cyber security responsibilities and engage them to help prevent a data breach
  • External notification protocol- identification of federal/state and local law enforcement notification needs, method, and necessary timings
  • Messages and materials for eventual dissemination such as draft emails, talking points, speeches, media releases, and vetted notifications to shareholders, the workforce, regulators, government, and law enforcement
  • Sample question and answer documents for designated spokespeople
  • Standing contingency staffing plan, who does what, where, and when
  • Impacted consumer outreach- identification of appropriate vendors and development of pre-approved material like call center scripts, digital communication, and social media strategies
  • A system to monitor how members are reacting

#4: Cyber Security/Data Privacy Media Training: The final part of the program will entail working with credit union leadership on Cyber Security/Data Privacy Media Training. Upon completing the training session, participants will practice on-camera interviews with an experienced journalist to learn:

  • Who are the media and how should you treat them
  • The importance of preparation
  • Interviewing the media before they interview you
  • Maximizing control in any interview situation
  • Message-driven interviews
  • Recognizing different interview styles
  • Responding to summary questions, multiple and loaded questions, and other common traps
  • Rephrasing techniques

With the number of cyberattacks and ransomware attacks growing by the day, spending time preparing your team for handling a cyber-related crisis is time well spent. Even organizations with extensive security software can – and have been – targeted.

DEVENEY brings broad experience to this field and related issues. Our cyber-security expert has served as the Global Head of Trust and Risk Management at Airbnb, Visa’s Vice President of Global Security Communications, the CIA’s Deputy Chief of Staff, and Senior Advisor to former CIA Director John Brennan. He served on the National Security Council staff and was a White House spokesman for homeland security and counterterrorism matters for President Obama. Working in conjunction with DEVENEY, he and his former White House and intelligence community colleagues have extensive knowledge about the diverse array of cyber-attacks in use today, how best to detect, stop and prevent those attacks, and how to manage the response to a cybersecurity incident.

Our unique and proprietary approach to cyber-security also includes a deep look into crisis response. We have spoken extensively on the evolution of crisis, specifically as it relates to cyber-security, and trained executives and business leaders across a variety of industries.

We’ve trained marketing professionals and operational leaders on how to prepare for and insulate against cyber-attacks including presentations for the ABA Bank Marketing Conference. DEVENEY prepared and trained top Fortune 200 executives, including the Senior Vice President and Global Chief Security Officer, and furthered their communication response strategy.

We pride ourselves on working with our partners to offer the best in crisis planning and response. If you’d like to talk with us about how we can help you, drop us an email at or 504-399-4999.

About Author:
John Deveney, ABC, APR, Fellow PRSA, IABC Fellow is recognized internationally for crisis and issue management across a variety of industries. 

In 2006, John was honored as “Agency Executive of the Year” by PRNews after he served as the first responder managing media during hurricanes Katrina and Rita — from the evacuation of the city to a military blockade and the aftermath — for both the tourism industry for New Orleans and the Louisiana Office of Tourism. He led the only on-site communication operation and media center that managed more than $400 million in media scrutiny in war-like conditions. 

In 2010, John and his team created the strategy and led the team that managed the state Department of Culture, Recreation and Tourism’s response to the BP oil spill. That effort reshaped public perception and preserved Louisiana’s $9.4 billion tourism industry. 

DEVENEY has been named PR News’ Firm of the Year and PRWeek’s Top 5 Boutique PR Firms in the country. John is in the PRNews’ Hall of Fame and is the only professional ever to merit the lifetime achievement recognition of being inducted into both the PRSA College of Fellows and IABC Fellows. To learn more, visit us at


Please enter your comment!
Please enter your name here



More like this

Watching, waiting, anticipating: Network monitoring is a core line of defense for financial services

Cybercrime is a major concern for the financial services...

Beyond CVSS: The Future of Vulnerability Prioritization

For the past 20 years, the most common method...

Solidify Credit Unions Security by Better Managing Workforce and Visitor Identities

The services provided by credit union and other financial...

Why Credit Unions Should Leverage Managed Cybersecurity Performance

According to the 2022 Verizon Data Breach Investigation Report...