The other consideration is how you communicate to the different audiences. The details and information shared with senior management may be different to that shared with staff, which in turn will different from the details and message communicated to customers, the media, and the general public.
The mediums as to how you communicate during and after the incident is also important. Traditional media outlets may not be enough to consider, other channels such as social media, blogs, and websites should be included in your crisis communications plan. In a case like Jamie Oliver who has a large social media presence timely updates via this social media channels could inform visitors to his site of the compromises and the steps they should take to ensure their PCs were not infected.
There is no such thing as 100% security and at some stage your organisation will suffer a security breach. How your organisation handles the breach and communicates during it will probably have a longer impact than the actual breach itself.
Sign up for CIO Asia eNewsletters.