What to do when it happens
Who needs to be notified in the event of a cyber attack, what about the technology, and how do you communicate all this? The RESI guide helps you respond more quickly in IT crises.
The RESI cyber resilience framework, which supports local authorities in managing IT crises, was presented at the Smart Country Convention 2025. Photo: Messe Berlin
What is usually lacking in crisis situations is calmness and a clear head. How good it is when you can follow specific points and information. That was the initial idea behind the "Cyber Resilience Framework. Acting faster in IT crises", or RESI for short, which was developed jointly by members of the Dialogue for Cybersecurity. It is intended to provide local authorities with practical assistance in acute cases of IT security crises.
‘We looked at many guidelines, took the most important points from them and condensed them. We developed what was missing ourselves and also conducted interviews with local authorities and IT service providers about what they need in crises,’ explained Esther Kern, research assistant at the Brandenburg Institute for Society & Security and co-author of RESI. There was a great desire for standards and clear guidelines – what do I do when, what is the next step, who do I need to notify in terms of reporting requirements, and how do I communicate internally and externally – said Kern.
RESI now describes the fictional scenario of a ransomware attack on a local authority as a blueprint that guides those responsible for IT crisis management and takes them through the necessary steps. This includes emergency templates and checklists with links to immediate measures for internal organisation and IT, as well as guidelines for crisis communication.
Well managed, poorly communicated
Janka Kreißl, partner at Dunkelblau, a consultancy specialising in crisis management and communication, emphasised how crucial this is: "The right communication can determine whether a disruption remains just that or whether a crisis leads to a massive loss of trust. Many crises are well managed but poorly communicated – and unfortunately, the result is not the best."
The RESI guide to crisis communication in the event of cyber attacks contains many practical examples from local government practice and covers the most important points, from disappointed expectations to plans and measures for external and internal communication to the tasks of those responsible for communication. ‘It is a treasure trove of templates for all stakeholders for all stages of a crisis situation. Take it, put it where you can find it again. This conveys a sense of security in the first hours and days,’ said Kreißl.
A pre-established crisis team and emergency contact lists, including for weekends and after hours, are also helpful. Being prepared does no harm in a crisis, emphasised the RESI creators. On the contrary.