Business magnate Warren Buffet once said: "It takes 20 years to build a reputation and five minutes to ruin it." Now, years on from that memorable statement, it would take much less than five minutes in our 'always on' world to suffer reputational damage.
We are unable to open the newspapers or turn on the television today without bearing witness to the latest victim of a cyberattack. One recent example is the hacking of American TV giant HBO whose money-spinning series Game of Thrones was leaked around the world.
The threat is certainly growing: a recent report revealed that cyberattacks rose by a quarter in Q2 2017. In a world overwhelmed by social media, news of such a disaster can go international in the time it takes to say "cyber breach." And the potential fall-out of a crisis? Damage to your business' reputation, negative effects on share price and a detrimental impact on staff morale.
Whether it's a data breach or a natural disaster that takes place (consider the 2017 hurricane season in the US) organizations must be in the position to communicate information instantaneously and precisely to all parties affected – customers, partners, vendors and staff. However, by their nature, crises are unique, unpredictable, and can go far beyond any eventuality you've planned for. So, how can organizations ensure they're prepared to respond in the most effective way possible?
There are two types of communication that are needed to support a crisis management program. Both require sufficient preparation to ensure a swift and appropriate response in times of crisis, and that those impacted are kept in the loop by business leaders – not a random social media post.
These should be the cornerstone of any good crisis management program and are crucial to avoid wasting time deliberating on what to say as the crisis unfolds. But how do you go about developing them?
Organizations need to dedicate time to identifying potential scenarios, developing the appropriate messaging templates and selecting appropriate communications channels for each situation. We recommend carrying out a comprehensive stakeholder analysis to identify the parties who will need to be informed as a priority, and agreeing what they need to know. Constructing and clearing provisional statements in advance will place your business in a much stronger position to respond quickly and accurately.
Tailored responses are unique to a particular crisis. While it is not possible to prepare for every single crisis outcome, this does not justify neglecting foresight, groundwork or planning. As someone, somewhere once said: "The only thing harder than planning for an emergency is explaining why you didn't."
Carrying out simulation exercises to educate and train crisis teams, familiarizing the team with possible outcomes, and uncovering opportunities and gaps in their program will help them develop a readiness mentality. As a result, they can be in a much stronger position to manage threats.
It's crucial to enlist a crisis communications team that is led from the board and embedded into your business for a sound understanding of the risks and threats posed to the organization.
However, in a crisis, the onus is not just on the defined crisis communications team. Senior management will need to be media-trained to respond to untoward situations to reduce brand damage, keep staff feeling focused and motivated and to engender confidence among stakeholders. They will be a vital conduit to creating market goodwill while the business establishes the nature and scope of the threat, reinstates or bolsters systems or operational integrity, and addresses any customer impacts.
And, when crafting your communications, it is worth remembering that, as Winston Scott, Director of Florida Space Port so pithily noted, "At the onset of an emergency, everyone's IQ goes immediately to '0'".
Weathering a crisis will depend entirely on your organization's ability to arm itself and remain level-headed when the time comes. Businesses who deliver well-considered communications in the event of a cyber-attack will be the ones to demonstrate foresight and agility—repositioning themselves as a stronger and more resilient force.
To find out how Sungard AS Consulting Services can assist your organization, speak to your account manager or email firstname.lastname@example.org
About the author: Chris Butler, Principal Consultant, Cyber Resilience and Security, Sungard Availability Services
As principal consultant for cyber resilience and security at Sungard AS, Chris Butler leads the development of services that integrate traditional information security products within a wider framework of organisational and cyber resilience.
Following a 20-year Army career in aviation, security and counter-terrorism, Chris moved into consulting. Initially with a large oil/gas firm helping major projects to close out and learn from experience, then into the nuclear sector. Working in security and resilience, Chris provided expert consultancy covering crisis, emergency and incident management; policies and plans for preparedness and response. He has further experience in strategy execution consultancy, including programme and risk management, and executive coaching in the legal, financial and health/nutrition sectors.