To explain to non-technical stakeholders, you need to first explain to them in simple layman terms about what is happening. This is so that they would be able to understand what is going on. You must also tell them about the causes of this breach. This is so that they would know how to avoid things that caused the breach. You should then explain to them what needs to be done in order to resolve the security breach. This is so that they would know what role they should play in order to resolve this issue.

1. Describe What Happened in Simple Terms Begin by clearly stating that a security incident has occurred. Use analogies if helpful. 2. Explain the Impact Detail what information or systems were affected and the potential implications. 3. Outline Immediate Actions Taken Reassure stakeholders by explaining the steps already implemented to contain and assess the breach 4. Provide Next Steps Inform them about the ongoing measures and what they can expect. 5. Offer Support and Resources Ensure stakeholders know where to turn for assistance. By maintaining transparency and using relatable language, you can effectively communicate the situation, build trust, and guide stakeholders through the response process.

Explain the Breach Like a Weather Forecast I explain a breach like I’d explain a storm. ✅ What hit: "We had an intrusion through X vector." ✅ Who’s affected: "Here’s what data might be exposed." ✅ What we’ve done: "Firewalls are up, audit trails are sealed." Transparency + analogies = trust. Stakeholders don’t need jargon, they need clarity.

The "What" is the least important thing. The core explanation needs to focus on remediation status, risk assessments, asset / data impacts and other tangible business things, not anything technical. The most "technical" explanation can be around the inevitable "how did this happen?" question.

A security breach is when someone unauthorized accessed our network. Imagine our network as a secured building, and this breach is like someone sneaking in without permission. We've identified this issue, and our team is working on closing the access points and securing sensitive areas. We're also investigating potential impacts and will keep you updated on measures to prevent future breaches, ensuring our "building" stays secure.