Public PR / comms response plan for executive scam
Demonstrate that the organization maintains a tested, documented public communications response plan specifically tailored to executive impersonation and scam scenarios, with defined roles, messaging templates, and activation procedures.
Description
What this control does
This control establishes a documented public relations and communications response plan specifically designed to address executive impersonation scams, including CEO fraud, Business Email Compromise (BEC), and deepfake impersonation. The plan defines roles, approval workflows, pre-approved messaging templates, stakeholder notification sequences, and coordination protocols between legal, communications, security, and executive teams. It ensures the organization can rapidly and consistently respond to public incidents where executives' identities are misused to defraud customers, partners, or employees, minimizing reputational damage and preventing cascading fraud.
Control objective
What auditing this proves
Demonstrate that the organization maintains a tested, documented public communications response plan specifically tailored to executive impersonation and scam scenarios, with defined roles, messaging templates, and activation procedures.
Associated risks
Risks this control addresses
- Delayed or inconsistent public response to executive impersonation scams amplifies reputational damage and erodes stakeholder trust
- Unauthorized or inaccurate public statements issued by untrained personnel exacerbate legal liability or contradict regulatory obligations
- Lack of pre-approved messaging templates causes executives to issue reactive, emotion-driven statements that escalate public relations crises
- Absence of coordination between legal, communications, and security teams results in conflicting narratives that undermine organizational credibility
- Failure to notify affected customers, partners, or vendors of executive impersonation enables attackers to continue exploiting the organization's brand for fraud
- Inadequate social media monitoring and response protocols allow fraudulent executive impersonation content to spread unchecked across public channels
- Unexercised response plans fail during actual incidents due to undefined escalation paths, outdated contact lists, or unfamiliar procedures
Testing procedure
How an auditor verifies this control
- Request and review the documented public relations response plan specific to executive impersonation and scam scenarios, including version history and approval records.
- Verify the plan identifies specific roles and responsibilities for legal counsel, corporate communications, security operations, executive management, and external PR agencies.
- Examine pre-approved messaging templates for multiple scenarios including CEO fraud, BEC, deepfake impersonation, and social media impersonation, confirming legal review and executive sign-off.
- Review documented escalation criteria and thresholds that trigger plan activation, including volume thresholds, financial impact levels, and media coverage indicators.
- Inspect records of tabletop exercises or simulations conducted within the past 12 months, including participant lists, scenario descriptions, and lessons-learned documentation.
- Validate that the plan includes stakeholder notification matrices specifying communication timing, channels, and content for customers, partners, regulators, employees, and media.
- Assess integration points between the PR response plan and incident response, business continuity, and crisis management frameworks, confirming documented handoff procedures.
- Interview communications and security personnel to confirm familiarity with plan activation procedures, template locations, approval workflows, and contact escalation paths.
Where this control is tested