Blog

Mayors facing cyberattacks: what crisis communication to adopt?

7 October 2021

How do local authorities communicate in the face of cyberattacks?

Today, we offer you a paper on the crisis communication of a very particular local authority: the municipality.

The news continues to mention municipalities that have been victims of cyberattacks: Aulnoye-Aymeries at the end of 2020 in the North, Angers in January 2021, Rolle (Switzerland) in August 2021… The list of municipalities that have been victims of cyberattacks is long and growing. Once their information system is inoperative, an entire municipal life is at a standstill.

In this kind of situation, it is now common for the mayor to speak up to explain the situation to citizens.

However, this is not so simple, particularly because of the specificities of municipalities and cyberattacks.

How can mayors reconcile their mission or even their legal obligation to provide information with the confidentiality imposed by a cyberattack? What place can social networks occupy in these communications and with what pitfalls? Through the analysis of two recent crises (cyberattacks on the municipality of Mitry-Mory and the city of Douai), Alcyconie offers you some answers to these questions!

I- Between the need to communicate and the legal obligation

The municipality is a local authority on which public service missions are based. These missions, which are essential to our daily lives (creation of birth certificates and identity documents, collection of household waste, distribution of water, etc.) make any communication from the town hall expected by citizens, all the more so when these missions are interrupted.

While some experts will see this crisis communication as a way to appropriate the media space and not give free rein to its detractors, it will also have to be seen as a legal obligation.

This is also confirmed by case law, which admits that municipal information constitutes a public service [1]. In addition, it is specified that this is organised by the mayor, in his capacity as head of municipal services [2] .

As a result, we can therefore legitimately think that the crisis communication of municipal elected officials in the event of a cyberattack is obviously a recommended communication practice but also a legal constraint (municipal information being a public service).

The question is therefore no longer whether or not to communicate, but now about the content, the channels and the posture that will be adopted.

II- Between good will and the reality of practice

In times of crisis, it is generally accepted that the “empty chair” technique is to be avoided, but that regular, sincere and factual crisis communication makes it possible to reassure, inform and show its ecosystem that the victim organization is acting.

However, not all municipalities necessarily have predefined operational communication strategies, or even a communication team.

Add to this the complexity and technicality of cyber crises: this is the perfect cocktail for delaying communication or making communication errors that will later have to be justified.

Analysis of the cyberattack against the town hall of Mitry Mory, Seine-et-Marne

When the town hall of Mitry-Mory suffered a cyberattack on the weekend of 18 and 19 July 2020, the town hall assured, regarding the leak of potential personal data: “These are mainly personal notes for work, which are useful to us in the town hall” [3].

This was without counting on the attackers, who, subsequently, published the stolen data and therefore, at the same time, revealed that personal data was indeed impacted [4]. This is enough to weaken in a few minutes the communication strategy of the City Hall, which was intended to be reassuring and suggests that the situation is in no way under control.

The crisis communication of the city of Douai, a model of responsiveness

On the night of Thursday 8 to Friday 9 April 2021, it was the turn of the city of Douai to be under fire from a cyberattack. It was quickly reported on the City Hall’s social networks.

Indeed, just a few hours after the start of the crisis, the mayor, Frédéric Chéreau, intervened in a 5-minute video message, posted on the Facebook, Twitter and YouTube accounts of the Douai City Hall. He explains, very clearly:

  • the impacts of the cyberattack,
  • the decisions taken by the Town Hall regarding the resolution of the problem,
  • recommendations for users to contact the Town Hall or find out more.

In a second message, he specified that analyses are “still underway with the ANSSI to define the lost data and the people affected” [5]. Wanting to be reassuring, the mayor also specified that this data was not usable.

No additional information has appeared on the networks since then. Vigilance is therefore required for the municipality, especially if it turns out that the lost data ultimately poses a risk to the rights and freedoms of the people affected.

In short, municipalities must communicate to warn their citizens. However, communicating for the sake of communicating is useless. Each communication must be adapted and thought out beforehand through different typical scenarios in order not to omit or deny anything on D-Day.

While the desire to reassure is understandable, the risk of losing credibility by dismissing certain consequences too quickly must be taken into account – and communication must be adjusted accordingly with the necessary precautions. The messages must be built in consultation between the forensics teams, the communication and the legal department or even the entity’s DPO.

III- Between visibility and efficiency

The use of social media is no longer and should no longer be considered optional. They are, especially in the face of a cyber crisis, during which “classic” communication channels can be corrupted or even inoperative, an effective way to quickly reach a large audience.

Many elected officials have taken advantage of these digital channels and are fully integrating them into their communication strategy: this is the case of the Mayor of Douai mentioned above.

When the Douai town hall was the subject of a cyberattack, Frédéric Chéreau decided to communicate on different platforms. The people of Douai were then able to access a situation update in video format, on the YouTube platform but also an update on the municipality’s Facebook page.

So, why use social networks?

Because there are many social networks:

  • Facebook
  • Twitter
  • YouTube
  • Instagram
  • TikTok…

Because social networks reach a wide population:

  • All ages are concerned (example: on Facebook, the average age is 45 while on TikTok, the average age is 23 [6],
  • Anyone with a phone, tablet, or computer.

Because social networks are modular and fast media:

  • Various formats (videos, images, texts),
  • Almost instantaneous publication,
  • Interaction with citizens and answering questions.

Because social networks facilitate crisis communication:

  • A real relay of information,
  • Appropriation of the media space in a short time.

Because social networks generally remain operational even when the organization suffers a cyberattack. Completely dissociated from the organization’s IS, social networks are an effective and relevant alternative, unlike the victim organization’s messaging or its website, if it suffers a DDoS attack or falls under the weight of too many connections.

Communication must also be done via more traditional channels, it being understood that the digital divide is still significant in some territories and that digital cannot be considered as the only way to get information.

Resilience, performance, efficiency measures, etc.: social networks are therefore excellent communication vectors that are adapted to our ultra-connected society, and some municipalities have understood this.

However, this digitalization approach must be increased. Indeed, this will ultimately make it possible to meet this obligation to inform the population in the event of a crisis, whether cyber or of another nature.

Our advice

  • Upstream, strengthen your social networks (followers, relays, etc.)
  • Secure your social networks with a two-factor authentication and regular password changes
  • In crisis, quickly take over social networks and position yourself as a source of information
  • Measure the effectiveness of the messages communicated: are they seen? Are they understood?

Make regular situation updates: tweet, thread, infographics…

Are you a local authority and would like to be trained in crisis communication? Alcyconie supports you in this process!

Contact us!

[1] Administrative Court of Amiens, 31 October 1978, AJDA, 1979 n°11.

[2] Administrative Court of Amiens, 31 October 1978, AJDA, 1979 n°11.

[3] Ouest France | Seine-et-Marne. “Massive” cyberattack at the town hall of Mitry-Mory, hackers demand a ransom

[4] The MagIT | Ransomware: the failures of crisis communication

[5] France Bleu | After the hacking of the Douai town hall, stolen personal data of residents?

[6] Business Insider France | The 10 most used social networks in France in 2020

Information systems security (PACS) support and consulting provider qualified by the ANSSI.

Dive into our case studies

See the case studies

Contact us

Want to know more? To be contacted again? Click here!

See the training

Our news

Alcyconie in the press

View All

Read the article

Resilience in the era of AI: the delicate art of balance - Maddyness
Press

Resilience in the era of AI: the delicate art of balance - Maddyness

4 December 2025

Read the article

When cognitive psychology sheds light on cyber crisis management
Blog

When cognitive psychology sheds light on cyber crisis management

6 November 2025

Read the article

Ransomware, Confusion, and Critical Decisions: A Cyber Crisis Simulation Autopsy - Alliancy
Press

Ransomware, Confusion, and Critical Decisions: A Cyber Crisis Simulation Autopsy - Alliancy

1 September 2025

Suspicion of crisis? Alert our teams!