Strategies for public and internal communications in the wake of cyberattacks.
Cyberattacks on 9-1-1 centers are no longer rare events — they’re becoming an unfortunate reality. In a single breach, dispatch operations can be paralyzed and confidential personnel data exposed. Emergency communications centers (ECCs) must be prepared not only to respond technically but also to communicate clearly, calm public fear and protect the people behind the consoles — both from potential data exposure and the personal impact of the event.
As ECCs evolve into increasingly digital environments, they also become attractive targets for ransomware, phishing and system breaches. While strong technical defenses are essential, how we communicate during a cybersecurity incident can make or break public trust and impact staff safety and morale.
These attacks are deliberately designed to create chaos and confusion, disrupt services, and erode public trust. From ransomware that delays emergency response to phishing schemes that expose sensitive data, the stakes are high. In a profession built on trust, transparency and preparedness are essential to our approach to cyber readiness and crisis communication.
ECC cyberattack response plans should include how information will be shared with the public, ECC staff and other stakeholders. In addition to outlining how you will respond, identify who will be responsible for these communications during and after an active incident. Consider assigning several individuals who can work in tandem to support communication efforts in the hours, days and weeks that follow a cyber-related incident. While not formal response stages, many organizations and consultants recommend structuring communication into key phases, such as:
- The first 8 hours — initial internal and external messaging.
- 24-48 hours — follow-up details and clarification.
- Ongoing updates — as more information becomes available.
By developing a practical framework for navigating public transparency and employee protection during a cyber event, ECC leaders can help maintain public trust while protecting personnel and preserving operational continuity.
THE CASE FOR TRANSPARENCY
The public expects 9-1-1 to be reliable 24/7. In the event of a cyberattack, silence or vague statements can lead to panic, rumors or a loss of faith in emergency services. Without a plan there is much that can go wrong in the wake of a cyberattack, including:
- Loss of public trust due to silence or inconsistent messaging.
- Delayed emergency responses if alternate contact methods are not provided quickly.
- Staff confusion or misinformation from a lack of internal briefings.
- Legal exposure from compromised data, particularly if sensitive employee data is exposed.
- Operational breakdowns, especially during shift transitions.
However, oversharing technical details or prematurely assigning blame can worsen the situation. A strong communication plan offers honest, clear and timely updates. It emphasizes the steps taken to protect the public, mitigate damage and keep services running.
LEAD WITH CLARITY AND REASSURANCE
Whether a ransomware attack has slowed your CAD system or a phishing scam exposed sensitive data, community members will eventually find out. How they hear about it matters. ECCs should be ready to acknowledge the incident without speculation, focusing instead on the facts, the impact and the steps being taken. In the first 24 hours of a confirmed incident, issue a brief public statement that includes:
- What happened in non-technical terms.
- Whether 9-1-1 remains operational, or how to reach help if 9-1-1 lines are down.
- What the ECC is doing in response.
- Who is assisting (e.g., cybersecurity experts, law enforcement).
- A message of commitment to public safety.
For example, a public statement might read: “On [date], our emergency communications center experienced a cybersecurity incident impacting certain internal systems. 9-1-1 services remain fully operational. We are working with cybersecurity experts and law enforcement to investigate and resolve the issue. Ensuring continuity of emergency response is our top priority.”
PROVIDE UPDATES RESPONSIBLY
Update the public when new facts emerge, particularly if alternate emergency numbers are needed or if personal data may have been compromised. Coordinate with city or county public information officers to ensure a consistent, trusted message.
PROTECTING THE PEOPLE BEHIND THE CONSOLES
Before going public, brief employees on what is known and what is expected of them. Encourage questions but remind them not to post about the event on social media or speak to the press. Rather than wait until rumors spread, allow employees to voice their concerns and address the incident proactively.
In addition to ethical and operational responsibilities, there may also be legal implications when employee data is exposed during a cyber incident. Courts have increasingly allowed employees to pursue claims against employers for privacy violations and emotional distress when sensitive personal data was compromised in a breach.
Work with HR to ensure that privacy language is regularly updated in employee handbooks. Employees should understand their rights, be aware of potential risks, and know that the agency is committed to safeguarding their information. Transparent communication with employees is not only essential for building trust and organizational morale, it can also help reduce the employer’s legal exposure.
Cyber events can be unsettling, especially when tied to public safety operations. Make sure employees know how to access your organization’s employee assistance program (EAP) or peer support resources and stay alert for signs of stress or burnout. If personal data was affected, consider offering identity protection services, legal resources or individualized follow-up to help employees feel supported and reduce long-term harm.
PRE-INCIDENT PREPARATION TIPS
- Work with your agency’s PIO to develop media holding statements before you need them.
- Identify who will speak publicly — and ensure they’re trained.
- Establish relationships with agencies like the Cybersecurity & Infrastructure Agency (CISA) or your state’s cyber integration center.
- Include cyber events in your continuity of operations plan (COOP) and tabletop drills. Include manual workarounds for CAD, call routing and logging.
- Create message templates for different audiences (public, media, staff, elected officials).
- Designate a cyber liaison within your ECC to interface with IT and incident command.
- Store physical copies of contact trees and alternate dispatch procedures.
- Train regularly on spotting suspicious emails, incident response roles, secure password practices and reporting unusual activity.
REAL-WORLD EXAMPLES
In June 2024, several Southern California cities — including Culver City, El Segundo, Manhattan Beach, Hermosa Beach, Hawthorne and Gardena — were impacted by a ransomware attack attributed to the group DragonForce. The attack disrupted police and fire emergency dispatch services, highlighting how coordinated cyberthreats can target multiple jurisdictions simultaneously. Quick, coordinated public messaging and the use of alternate contact methods, such as non-emergency numbers, helped maintain service continuity and public trust.
In a state initiative, The Tennessee Emergency Communications Board partnered with Mission Critical Partners to assess cybersecurity risks across 100 emergency communications districts. As part of this effort, each center received a tailored report identifying vulnerabilities and outlining steps to strengthen technical defenses and communication protocols. The result Whether a ransomware attack has slowed your CAD system or a phishing scam exposed sensitive data, community members will eventually find out. How they hear about it matters. 27PSC | September/October 2025 was a statewide framework that emphasized coordinated messaging, staff training and clear response procedures — positioning ECCs to communicate effectively before, during and after a cyber incident.
At a local level, the San Jose Police Department’s Media Relations Unit exemplifies how thoughtful, agile communication can support transparency in moments of uncertainty. Sgt. Jorge Garibay, the department’s PIO, said that while speed matters, accuracy remains paramount:
“We recognize the importance of getting information out quickly — but not at the expense of accuracy. In a clear emergency, like a disruption to 9-1-1 or public safety systems, rapid communication becomes the top priority. We activate all available tools — social media, emergency alerts, direct media coordination — to ensure the public knows what’s happening and how to get help.”
Garibay emphasized the importance of flexibility over rigid templates, noting that each event is unique and demands an adaptive, informed response:
“We aim to be fast, clear and adaptable — not scripted. At the end of the day, our job is to inform, not alarm.”
He also highlighted forward-looking efforts, such as a zone-based public alert system to more precisely target communities during events like cyber disruptions or evacuations, demonstrating how strategic planning and transparency go hand in hand.
Like any critical incident, cyber events can shake the foundation of public safety communications. With preparation, strong leadership, clearly defined roles and messaging, and a focus on staff support, ECCs can manage them with resilience.
Cyber incidents are no longer a distant threat; they are an operational reality. ECCs that build communication readiness into their cyber strategies will not only navigate these challenges effectively but also strengthen trust with the public and their teams. In today’s environment, transparency is not a weakness; it is a fundamental aspect of credible leadership.
Jessica Schwarz is a Supervising Police Dispatcher with the San Jose Police Department, where she has served for 24 years. She is committed to strengthening emergency communications through transparent leadership, staff support and wellness-focused practices.
