(Re-)Building Trust When Security Incidents Occur

In cybersecurity, we understand that attacks are inevitable. It is our job to minimise the impact, maintain business operations, and prevent attackers from reaching their end goals of accessing sensitive data or causing damage to the system. That’s the difference between cyber security and cyber resilience.

Organisations don’t simply reset after a security incident. Sometimes, recovery makes an organisation stronger, like a phoenix rising from the ashes, learning from mistakes and building lasting change. But sometimes, incidents leave scars, damaging trust and relationships. The difference comes down to how they respond in the moment and the steps they take to rebuild.

Trust is crucial, not just during an incident, but in the time between them. Here are four key ways to strengthen trust and resilience before, during, and after a security event.

Build trust before the incident happens.

I often say, “Trust is built in drops, but lost in buckets.” It takes years to build trust, but just one misstep can erase it in an instant. Long before an incident occurs, organisations need to establish relationships that create a foundation of trust. Small, consistent investments like open communication, collaboration, and shared understanding build a surplus of trust — one you can draw on when a crisis hits.

For security teams, this means connecting with other departments and key stakeholders before a crisis. Trust isn’t just about leadership; it’s fostering bilateral relationships across departments, vendors, and partners. Don’t limit your interactions; build relationships with IT, legal, PR, HR, and third-party vendors early on. Tabletop exercises with these teams, simulating real-world scenarios, help everyone to practise their role and build muscle memory. Though exercises rarely match reality, when a real incident  occurs, the response is practised, swift and comprehensive.

A crisis is not the time to be exchanging business cards. The more solid the relationships, the smoother the response will be. If your teams are already working together,  they can handle situations more effectively.

Own it, and share information.

Even been stuck in a plane on the tarmac? You don’t know what’s happening, and every passing minute increases impatience and anxiety. Then the pilot announces, “Hey folks, we’re not sure what the holdup is, but we’re working on it, and we hope to make our getaway in the next 15 minutes.” You immediately feel better. Despite the lack of information, the pilot was transparent and honest. It’s not the news you hoped for, but at least the problem has been acknowledged and the fix is being worked on.

When an incident occurs, how leadership handles it can actually build trust, especially when the response is calm, clear, and transparent. Executives set the tone for the entire organisation, and how they communicate with stakeholders during a crisis makes a big difference. Consistency is key: Keeping people informed, even when all the details aren’t available, helps to manage expectations and reduces uncertainty.

Taking accountability is another pillar in building trust. Once the immediate crisis is under control, it’s time to focus on making sure it doesn’t happen again. Leadership should not only address the specific issue but also take steps to strengthen security overall. That proactive approach demonstrates a commitment to long-term improvement and shows that the organisation is serious about preventing future incidents.

In the end, owning the incident and its response sends a powerful message: We take this seriously, and we’re committed to doing better.

Overcome the reluctance to collaborate

Security events rarely happen in isolation. They send ripples through an entire ecosystem. Take a major data breach at a financial services firm, for example. Customers suddenly worry about their sensitive information, leading to a flood of support requests and potential account closures. Partners who rely on that firm for secure transactions start questioning their own exposure. Regulators step in, demanding reports and potentially issuing fines. Even suppliers down the chain may face disruptions as trust erodes and contracts come under scrutiny. The impact spreads far beyond the initial breach, creating challenges for everyone connected to the business.

For some, legal liability is the big concern—saying too much too soon could lead to lawsuits or regulatory trouble. Others fear reputational damage, thinking that admitting a weakness might shake customer confidence or give competitors an edge. Internal silos can also get in the way, making it hard to coordinate even within the company, let alone with external partners.

There’s also the fear of losing control. Once information is out, there’s no telling how regulators, partners, or customers will react. Will it trigger more scrutiny? Lead to contract renegotiations? Push customers to take their business elsewhere? With so many unknowns, the instinct is often to stay quiet. But keeping information locked down can make an already tough situation even harder to manage.

This reluctance can be addressed ahead of time by putting clear collaboration mechanisms in place. NDAs, contracts, and policies can establish boundaries and expectations, allowing teams to share information confidently when it matters most. Internally, trust issues between departments can often be resolved through strong leadership and informal relationship-building. These efforts create the kinds of connections that make collaboration in a crisis seamless rather than strained.

Recognizing the human factor–Layer 8

Employees, customers, and partners need to believe that organisations aren’t  just reacting to incidents but are prepared to act decisively and transparently. A strong security culture isn’t built solely on firewalls and protocols. It’s built on trust, accountability, and proactive engagement. Organisations can’t ignore the impact of Layer 8.

Let’s not forget people's well-being either. Security incidents can be high-stakes, high-pressure events, which  take a toll on teams. Stress and burnout can impact response effectiveness and long-term morale. Leaders set the tone for recovery — it’s not just about speed but sustainability. Encourage real time off, shut down hero culture, and make it clear that incident response is a marathon, not a sprint. When recovery takes weeks, months, or even years, supporting your team’s well-being helps maintain resilience and long-term success.

Trust isn’t built in moments of crisis. It’s shaped by what happens between incidents. Make consistent deposits in the bank of trust so that when the time comes, you have enough balance to make a big withdrawal. Communicate as much as you can during an incident, even when you don’t have all of the answers. Stakeholders appreciate transparency. And don’t let fear of sharing hold you back. Collaboration is crucial for navigating a crisis effectively.

Security incidents are inevitable, but broken trust doesn’t have to be. Start building resilience today. Exercise your incident response strategies, strengthen relationships, and commit to a culture of transparency and collaboration.

Subscribe to the Perspectives newsletter for more expert insights on cybersecurity trends, risk mitigation, and leadership strategies to build resilience.