Every time an organization suffers a serious cyberattack, the same pattern repeats itself with disturbing precision. Systems go down, access is blocked, technical teams are locked in crisis rooms… and, suddenly, the company discovers a vulnerability that rarely appears in risk reports: it cannot communicate internally.
It’s not just a minor technological problem. It is a governance failure in many companies where internal communication depends entirely on the same systems that a potential attacker will seek to disable first: corporate email, messaging integrated into office suites, intranets, centralized directories. When those systems are compromised (or simply shut down as a precaution), the organization loses something essential: the ability to coordinate, decide, and execute under pressure.
It’s not a question of “if,” but of “when.”
Many boards of directors continue to approach cybersecurity from a probabilistic logic (is it likely to happen to us?) and have implemented a proactive prevention policy with protocols that cover all their digital sides to prevent possible incidents. Although these measures are necessary, cybercrime is still on the rise and companies cannot ignore the real possibility of a successful attack.
The statistics speak very clear language: during the month of October 2025, organizations in Spain suffered an average of 1,932 cyber attacks per week, that is, about 11.5 attacks per hour, nights and weekends included.. It is 6% more than in 2024. Given this scenario, the question to be asked would be: what will happen if – despite all the measures implemented – a cyber attack paralyzes computer systems?
During a cyberattack, the crisis committee, the IT team, the legal department, corporate communications, senior management and key suppliers must be coordinated. The situation requires a communication tool that meets three basic conditions: independence, security and immediate availability.
Otherwise, critical decisions are delayed, fragmented, or made blindly. The teams improvise with unauthorized tools, personal phones or applications designed for private use and without security guarantees. The result is a paradox with a dangerous slope: in the name of urgency, the risk surface expands. From the perspective of a CEO or CIO, it is vital to understand that, during a cyberattack, communication is not simply a support for the business: It is the business.
Requirements to maintain operation
During a cyberattack, IT systems and usual communication channels (email, collaborative tools, etc.) will likely be unavailable. Although not all companies that are victims of a cyberattack will suffer devastating consequences, all will experience incidents that will test their operational resilience.
The difference between a controlled crisis and a reputational collapse will not only be in the robustness of firewalls or backups, but also in the ability of leadership to communicate quickly and securely. European legislation goes in that direction. The NIS2 framework requires critical sectors (such as healthcare or public administration) to have an independent communication channel to maintain operation outside of compromised IT infrastructures.
Cyber resilience means being able to defend yourself in degraded digital environments and continue operating without having to paralyze entire areas of the business. In turn, it implies being able to convene and keep a crisis committee operational, share verified instructions without risk, avoid accidental leaks and maintain the traceability of the decisions made. In this context, it would be a mistake to trust collaborative platforms that depend on centralized corporate identities. The recent past has shown that attackers not only access data, but also intercept conversations, strategies, and even the internal narrative of the incident.
Secure communication as an element of governance
With attacks becoming more frequent and sophisticated, complying with the legislative framework means doing everything possible to avoid a crisis, but also being prepared to face it. Cybersecurity is no longer just a technical issue: it is a governance issue. Involves senior management and the board of directors. And it requires ensuring that the organization has the right tools to stay afloat when all else fails.
Some organizations resort to physical emergency systems; others opt for certified tools for critical sectors. The key is that the channel does not depend on compromised infrastructure. Establishing it ahead of time is an invaluable lifesaver when the storm hits.
By Miguel Rodríguez, CRO and board member of Threema
