Crisis Communications Plan: Cyber Attacks

Situation Analysis and Problem Statement

Honeywell International Inc. is a diversified technology and manufacturing company. For
the purpose of this crisis communications plan, we are advising only on the Honeywell
Aerospace Division.

SWOT Analysis

The Honeywell Aerospace Division serves customers in North America, Europe and other
regions. It has manufacturing and other facilities across the world, however, the company
is headquartered in Charlotte, North Carolina. A diversified product portfolio, operational
network and liquidity position are its strengths, even as profitability is an area of
weakness (MarketLine, 2021). Contracts and agreements, global helicopter market and
positive outlook for global unmanned aerial vehicles could provide growth opportunities
to the company (MarketLine, 2021). However, foreign exchange risks, competitive
pressures, cyber security threats and government regulations could affect its business
operations (MarketLine, 2021).

Problem Statement

As a major player in the aerospace field, it is imperative that Honeywell Aerospace protect
itself from risk, specifically from security breaches through cyber attacks. Having a crisis
communications plan set for the ever growing threat of cyber attacks will help Honeywell
Aerospace maintain its integrity and trust with their stakeholders.

Goals
● To rebuild relationships with our stakeholders in order to maintain a positive
corporate image.
● To develop effective strategies that prevent a cyberattack crisis from occurring in
the future.

1
 ● To utilize social media to monitor, post and provide accurate, timely and meaningful
information for our key stakeholders.
● To conduct a thorough investigation and employ structured problem-solving
techniques in order to provide a path towards a swift resolution.

Objectives
● Ensure stakeholders that Honeywell Aerospace is the best, most-qualified and
safest company to do business with by sharing two to three success stories per
month over the next 12 months on at least three media channels including Twitter,
Facebook and YouTube. These success stories will promote strong collaborations
between Honeywell Aerospace partnerships and clients. (Outtake objective)
● Increase exposure of positive company messaging through news outlets, social
media and paid advertisements by 50% over the next 12 months in all regions
where Honeywell Aerospace operates, including North America, Europe, China and
Africa. (Output objective)
● Develop “Avoiding Cyber Risks,” training guidance that details steps each employee
should take to minimize risk of cyber threat. The training guidance should take no
longer than four months to develop, and each employee will review and sign this
guidance annually. (Process objective)
● Help stakeholders understand that cyber attack crises are not the fault of the
victim by educating stakeholders on historical examples of cyber attacks. Over the
next nine months Honeywell Aerospace will create brochures, email newsletters
and meet with 50% of all stakeholders to discuss and educate on cyber attack
crises. (Outcome objective)

Target Publics (Audiences)

Internal

● Current Honeywell Aerospace Employees

o Employees, whether directly or indirectly, could be heavily impacted by the
effects of a cyber attack and will actively be working to fix what was
damaged. This public includes all employees, with emphasis on specific
departments based on the details of the cyber attack:
▪ Technology department: If the cyber attack affects any Honeywell
technical data.
▪ Production department: If the cyber attack affects production lines
and items made by Honeywell.

2
 ▪ Finance department: If the cyber attack affects monetary
information or payments for employees.
▪ Security department: If the cyber attack affects the information
(especially personally identifiable) of our employees.
▪ Communications department: If the cyber attack affects anything
with our social networks or internal communications to our
employees or shareholders.
● C-Suite
o Executives, in particular, those in charge of the departments that could be
impacted by the effects of a cyber attack. They will be working with the
leadership of the departments to ensure that their group is able to
overcome the crisis.
▪ Chief Technology Officer (CTO): Technology Department Executive.
Also known as Chief Information Officer (CIO).
▪ Chief Marketing Officer (CMO): Production Department Executive.
▪ Chief Financial Officer (CFO): Finance Department Executive.
▪ Chief Security Officer (CSO): Security Department Executive.
▪ Chief Marketing Officer (CMO): Security Department Executive.
o C-Suite will:
▪ Invest in a crisis prevention or enacting plan.
▪ Work with other leadership to bolster the team.

External

● Customers, Clients and Investors

o Depending on the type of cyberattack, different groups of stakeholders
could be adversely affected.
▪ Investors: Investors must be notified regardless of what information
has been breached as these kinds of attacks can negatively affect the
economic standing of the company.
▪ Customers/Clients: If the cyber attack involves a breach of their
personal information, intellectual property, etc, it must be disclosed
as negative consumer sentiment can adversely affect the company.
● Media
o Cybersecurity Industry websites: Having the CIO compose an Op-Ed on the
incident and the organization’s response would control the narrative on
major cybersecurity industry websites and/or blogs such as: Daniel Miessler,
Graham Cluley and IT Security Guru.
o Cybersecurity magazines: Arrange controlled interviews with C-Suite
executives or CIO. Explain how the crisis has affected the way Honeywell
Aerospace will be doing business in the future. Suggested Magazines

3
 include: Cybercrime Magazine, Cyber Defense Magazine and United States
Cybersecurity Magazine.
● Government Entities
o If Honeywell Aerospace has been the victim of a cyber attack from a foreign
country, it would need to be disclosed as Honeywell has various government
contracts. This breach could be seen as a sign of aggression or terrorism
from the country committing this act. Since there already tensions between
the U.S. and many foreign nations, the following departments may need to
be contacted:
▪ Department of Homeland Security
▪ Department of Defense
▪ National Security Agency
▪ Defense Information Systems Agency

Messaging

Internal

M1: We want to assure our employees that have been adversely affected by this
cyber attack that they are not at risk of losing their jobs or suffering any sort of
future harm. (Bolster)

The team will:

● Swiftly address any and all issues related to this matter in a

meaningful way.
● Leverage existing and new relationships to facilitate open dialogue
between corporate leadership and any affected staff members.
● Provide front line staff and management with resources to show how
Honeywell is committed to protecting them from any potential
fallout.

M2: As a company, we are striving to ensure the safety of our own people. We will
overcome this hurdle and continue to stand strong against any future threats made
against us. (Rebuild)

M3: We need to figure out what happened and how it happened. We will set up
secure anonymous phone lines for our employees to call into if they have any
information on the matter. (Diminish/Stealing Thunder)

4
 Areas of opportunity include:

● Interacting with staff in a manner that makes them feel as if

Honeywell Aerospace cares about their well-being.
● In-person town halls with leadership giving employees time to ask
questions and engage with leadership.
● Acting as sounding boards for staff at all levels in order to address
any lingering issues.
● Providing staff with a single-source of truth on specific ways to
address this issue.

External

M4: Honeywell Aerospace is committed to giving you the most up-to-date

information about this security breach. When we know more, you will know more.
(Stealing Thunder)

M5: We are committed to preventing this situation from recurring. As such,

Honeywell Aerospace is working with state and federal authorities to determine
who is behind this incident. (Corrective Action)

M6: Honeywell will mitigate the impact of this breach on both our partners and
customers. We will continue to provide reliable, exceptional and safe products. We
will not let this stop us. (Bolster)

Strategies

● Inform all internal audiences about the cyber attack: Introduce the crisis
communications plan and resolution efforts to key stakeholders and employees.

● Build alliances and explain to stakeholders the cause of the cyber attack:
Discourage victim-blaming, encourage key stakeholders to outwardly and publicly
support Honeywell Aerospace.

● Educate internal audiences about the need for future protection from these crises:
Mandate current employees to complete annual cyber attack prevention training.

● Utilize social media, news outlets, websites and advertising to spread awareness of
cyber attacks while also promoting a positive image of Honeywell Aviation. Create
a hashtag and engage with trusted industry partners to communicate rebuilding
strategies.

5
Tactics, Timeline and Budget

Honeywell Aerospace’s Crisis Plan Timeline: The first 12 hours

Evaluation
The success of this crisis response requires involvement from all key stakeholders.
Additionally, since Honeywell Aerospace is operating in uncharted territory with this
crisis, it will more than likely have its fair share of challenges. Everyone involved must take
note of this and remain flexible and willing to adjust course at a moment’s notice.

In order for our efforts to be considered a success, several milestones must be met:

Internal

● Internal communications efforts must be pushed within the first two days of the
crisis.
○ Initial messaging to include clear directions for staff (all stop/new
procedures/etc).
● Within 6 hours of each new policy/procedure established, a message must be
pushed to the internal staff.
● In order to maintain internal communication agility, the path to direct
communication to staff must be from point person, to communications team, to
staff, which will minimize bureaucracy and time for rumors.
● Leadership must provide opportunities for employees to ask questions and learn
information to be able to gauge response and concerns from employees.

External

● After establishing the “face of the crisis”within Honeywell Aerospace, immediately

begin scheduling press events, media engagements and meetings with partners and
customers.
● Within 2 hours, establish a list of those who must be contacted.
● Within seven days, have in-person meetings scheduled for all customers and major
partners.
○ Within 12 hours of each engagement, provide the leadership team and
communications team a “read-out” of reactions, notes, impressions and

6
 areas of improvement. This is presented to the “face of the crisis,” and
changes are made to messaging for the next engagement.

To evaluate Honeywell Aerospace’s success in completing these milestones, we will:

● Provide an evaluation form that employees are required to submit after taking the
“Avoiding Cyber Risks,” training guidance, which details steps each employee
should take to minimize risk of cyber threat. After completion of the training
guidance, each employee will review and sign the guidance annually and and
complete a survey to rate presenters and provide other feedback if necessary. The
company will be able to see if it was beneficial and informative to the worker.
○ We will consider this annual training successful if more than 60% of all
surveys provide positive feedback.
■ 60% positive feedback means that more than half of the survey
respondents reacted well to the training guidance. It’s
understandable that not all survey responses will be positive,
therefore over 60% is a target goal.
● Analyze marketing data to ensure that the company is gaining exposure to positive
company messaging through news outlets, social media and paid advertisements.
○ We will consider this additional marketing campaign successful if the
company messaging increases by 50% over the next 12 months in all
regions where Honeywell Aerospace operates, including North America,
Europe, China and Africa.
○ We will consider this additional marketing campaign even more successful
if our number of clients grows by 10% over the next two years due to new
marketing strategies.
● Utilize analytic software that will collect how many people have engaged and
interacted (liked, commented, reposted) with our messaging on social media
platforms including Twitter, Facebook and YouTube. We will identify the target
market that interacts the most with our posts and . identify which posts have more
activity in order to post similar content. We will monitor how many posts should be
posted daily to create positive exposure.
○ We will consider our social media analytics successful if:
■ More than 20% of the people that saw each post also interacted
with the post by either liking, commenting or reposting.
■ More than 30% of the comments and repostings on each post are
generally positive feedback.

7
 ■ More than 25% of the audience reached through social media are
potential clients or interested in working for or with Honeywell
Aerospace.
● Observe the number of employees who opened their email with a newsletter or
important announcement attached and spent an average of three minutes reading
the announcement page. We will calculate the number of stakeholders who
received and accepted brochures created by Honeywell Aerospace. We will record
the number of employees who attended the internal information session.
○ We will consider this crisis plan successful if:
■ 75% of employees that opened and read all announcements
concerning the cyber attack spent over an average of three minutes
reading the email.
■ 50% of all stakeholders who were notified of the situation accepted
additional information (brochures, webinars, etc.) about cyber
attacks.
■ 70% of the employees attended the internal information session to
debrief, discuss concerns and provide feedback to executives.
● Monitor the amount of people that read our success stories. We will evaluate
which social media platform receives the most engagement regarding all success
stories posted. This will ensure we are marketing well and maintaining a great
reputation.
○ We will consider our success stories successful if:
■ The bounce rate (the measurement of how quickly a user opens and
then closes the story) is 40% or lower. This means that users are
clicking on the story and are less likely to immediately exit the page.
■ The news stories are amplified evenly across platforms and all have
at least an engagement rate of 20% of our following audience.

To ensure Honeywell Aerospace’s milestones are met, we will need the following tools
to complete our evaluation:

● Develop a comprehensive Standard Operating Procedure that responsible

personnel that are authorized to perform tasks on behalf of Honeywell
● Points of Contact list that includes:
○ Press contacts
○ Communications partners at customers and stakeholders companies
○ Internal Legal, Ethics, Training and Policy experts
● Up to date rosters and emergency contacts for all personnel
● Templates for media releases, newsletters, town halls and training updates
● Internal analytic mechanism
● Google Analytics, to track website clicks and messaging traffic

8
● Reputation Defender
○ Monitors all media platforms and activity and gives a comprehensive score
of the company reputation based on information media accounts
● Email tracking Customer Relationship Management software
○ Ensures that all employees have received any emailed content such as
updates, newsletters, brochures, etc., and analyzes who opens and reads
content

9
 References

MarketLine. (2021, December 15). Honeywell International Inc. SWOT Analysis.

Aerospace Industries. 1-7.
http://ezproxy.umgc.edu/login?url=https://search.ebscohost.com/login.aspx?direct
=true&db=bth&AN=154601080&site=eds-live&scope=site

10