We live in a digital age where we have to be aware of the many cyber risks that surround us. We have to be prepared for when our cyber security systems fail to protect us – because they will fail from time to time. In 2011, the personal information and credit card information of 77 million online users of Sony’s PlayStation were hacked. LinkedIn had 6.5 million encrypted passwords published on a Russian webpage where the hacker asked for help to crack the codes. These are large-scale examples but cyber risks are nonetheless issues that companies have to be prepared for. Because if a cyber-attack happens, the company leaders will be perceived as incompetent and unable to control their businesses, regardless of the fact that the company is the victim of a crime.
Crisis communications is not something that only PR agencies should know about, but we argue that no MBA (and management in general) or Marketing qualification should be awarded without containing some basic knowledge in terms of managing PR crises.
Prepare for the crisis
So how can the company deal with the risks of cyber-attacks? Being prepared to handle a crisis goes a long way.
- Know your weaknesses – Know what might go wrong and what the consequences will be if it does. This should not be considered lightly and company employees might bring interesting arguments on the table, should they be consulted.
- Introduce issues management to the company – Issues management is about forestalling future events in order to protect the most precious part of a company: Its reputation. Issues management is a matter for the company’s board of directors, just as risk management is.
- Practice your crisis communication and train your media skills – Having top management undertake media training and be put under pressure by journalists in a safe environment is the best way to practice for a real-life situation.
Being aware of the company’s weaknesses, introducing issues management to the board of directors and practicing communication and media skills will keep the company prepared for when the crisis hits.
Dealing with the crisis
When the media gets involved, the issue becomes a crisis. A company in crisis, e.g. due to a cyber-attack, has to be aware of three central elements:
- Recognition – This is about realising that the company is in fact facing a crisis. To be able to realise that yes, it can and it does happen to us.
- Speed – When the crisis hits, getting the word out is extremely important. It must never seem as if the company tries to hide information.
- Opinions – Know your opinion. If the consequences of a crisis on stakeholders such as clients, employees, shareholders etc. have not been thought through, knowing what to say to the public and the media is almost impossible.
Recognising when the company is in crisis, getting the information out there and knowing what to say to the press are the fundamental rules in all crisis communication. Because if the communication is not handled well, the company will suddenly find itself in a double crisis, where both the original cause of the crisis, such as a cyber-attack, and the company’s handling of the situation will be news to the press.
An old quote goes like this: “A piece of news is something that someone does not want out in the open. Everything else is advertising.”
Know what to say and say it quickly. That will save a company in crisis for a lot of trouble.
Author: Sara Vibroe Løppenthin Stendevad
GlobalCom partner Jøp, Ove & Myrthu CPH P/S, Denmark