You Should have a Contingency Plan for a Cyber Attack that Includes Your Website, Search, Digital Marketing, and Analytics

Matt Crowley - July 5, 2024

Many organizations have continuity plans and know how they will respond to a cyber-attack. However, we haven’t seen many that include digital marketing in those plans. If your organization receives a significant amount of traffic from search, social, and advertising efforts, do you have a plan for how to redirect that traffic immediately if your website is compromised?

Cyber-attacks continue to increase at an alarming rate. For example, let’s look at some concerning statistics related to an industry we all care about, healthcare. According to Chief Healthcare Executive, as of November 2023:

  • 77% of large breaches in 2023 came from cyberattacks
  • Over the past four years, there has been a 239% increase in the number of large breaches involving hacking
  • The average cost of healthcare data breach is $11 million

Now, that’s just the tip of the iceberg and healthcare is an industry that takes security and privacy extremely seriously. With all the evidence that cyberattacks continue to increase (in both their volume and impact), it stands to reason that there should be a solid plan for dealing with them. However, we’ve seen many organizations left flat-footed when it comes to their website being compromised due to a cyber-attack.

For anyone with responsibility over an organization’s website and/or digital marketing efforts, I strongly recommend that you ensure there is a contingency plan in place to address the website and your digital efforts in the event of a cyber attack that impacts your website.

Every continuity and contingency plan will need to be unique to each business, however, to get you started in the right direction, here are a few things you should consider as part of yours:

Ensure there are clear plans and assigned responsibilities for the following.

  1. Create and maintain a mirrored website that could replace the affected website and/or a separate dedicated domain to be used for communication in the event the main domain is taken down. If you’re going to use a separate dedicated domain for communication, for example, (let’s assume you work for Acme and your main domain is you could use
    1. This domain should be live and either indexed with general information about the purpose of the website (if you’re ok with it showing up in search results currently) or it should be noindexed with a plan of how to get it indexed quickly if/when required.
    2. Create a template pre-built to contain copy / content related to an incident that would be easily updated with the latest information as required. This should include all important SEO elements that are optimized towards the brand name like title tag, description tag, and H1.
    3. If desired to have analytics on the information domain, ensure there is either already tracking in place (if live and in use before an event) or a documented process for quickly launching analytics, for example:
      1. New GTM (Google Tag Manager) container with all required tags, triggers, and variables
      2. New GA4 (Google Analytics 4) property
      3. New GSC (Google Search Console) property
    4. During the incident (if the main domain is compromised), if possible (though it likely won’t be), implement a 302 (temporary) redirect from the main domain to the information domain. Once the issue is resolved, this redirect should be removed.
  2. If a new domain is used/launched, be sure to:
    1. Update links in all 3rd party channels (such as social media and Google My Business) to point to the new temporary information domain.
    2. Send an email to all relevant audiences with a link to the new domain.
      1. Ensure you have a plan in place for email distribution in the event that the email infrastructure currently in-use is impacted by the attack.
    3. Ensure you have a plan in place and mapping of all of the websites that need to be updated.
  3. Pause all digital advertising that sends traffic to any impacted domains.
  4. Have a pre-built digital advertising media plan (with budget allocation) for brand advertising to route people looking for information to the temporary information website. For example, to quickly launch ads targeting “Acme” and send those users to the correct domain.
  5. Have a plan in place (including tools) for monitoring and responding to a surge of social activity (comments, reviews, etc..).
  6. Have a plan in place for reverting all of the changes back to their original state once the issue is resolved.

I hope this encourages you to review your organization’s contingency plan and ensure that the website and digital marketing efforts are accounted for. If they’re not, I recommend developing a robust plan that accounts for all the efforts you are currently involved in. As the saying goes “it’s better to have it and not need it, than need it and not have it.”

© 2024 MoreVisibility. All rights reserved.