It’s no surprise that cyber attacks can be hugely damaging for a business in various different ways, one particularly (and potentially fatal) strike being to a brand’s reputation.
With much of the way people interact with businesses now being online, strong cybersecurity has become an integral component in fostering trust amongst consumers. But what happens when that trust is broken?
With cyber-attacks on the rise amidst the global pandemic and this new era of hybrid working, how can businesses prepare for the worst and and preserve their brand’s reputation?
91探花 has gathered advice from a number of experienced PR professionals on how to do exactly that, and the importance of having a plan in place before an attack occurs…
Our PR Experts:
- Pearl M. Kasirye – Head of Public Relations at Pearl Lemon Official
- Rana Audah听– PR, Content and Digital Marketing Consultant
- Xanthe Vaughan Williams – Co-Founder of PR Agency Fourth Day
- Mary Glazkova听– Founder and CEO of This is Fine PR
- David Clare – Head of PR at Fox Agency
- Gareth Thomas – Managing Director, UK, of PAN Communications
- Georgia Christley – Account Manager at Carnsight Communications
- Simon Moss – Director of Element Communications
- Alice Jiga – Account Manager at Moonlight IQ
- Andrew Skinner-Shah – Co-Founder of Nara Communications
- Nicola Finn – Head of PR at Oggadoon
- Yvonne Eskenzi – Director of Ouvert Comms
- Nick Braund – Founder of Words + Pixels
- Jennifer Reid – Director at CommsCo
- Jules Herd – Managing Director of Five in a Boat
- Sarah Alonze – Head of Enterprise IT at Red Lorry Yellow Lorry
- Martyn Gettings – Head of PR at Tank
- Claire Simpson – Senior Communications Consultant at Hard Numbers
- Francesca Baker – Communications Specialist, Copywriter, Marketer and PR
- Carla Williams Johnson – Media Marketing Specialist at Carli Communications
For any questions, comments or features,听please contact us directly.
Pearl M. Kasirye, Head of Public Relations at Pearl Lemon Official
“Reputation management is an essential element of public relations for all companies. This is especially true for tech agencies that hold sensitive data. If there is a cyber attack that compromises the privacy of your clients, it’s important to remedy the situation asap.”
“1. Fix the cyber security issue, be transparent about what caused it and what is being done to ensure it never happens again.”
“2. Have a customer service rep individually contact clients to fully understand their frustrations and the scope of their frustrations. (This is important because it shows that the brand isn’t just trying to protect its image but actually cares about the customers’ experiences).”
“3. Write public statements to reassure people about the steps being taken to avoid future cyber attacks.”
“Notice that it’s not just about releasing statements, brand reputation is about what happens internally. When the clients are happy – then you don’t have to worry about your reputation going under.”
Rana Audah,听PR, Content and Digital Marketing Consultant
“Cyber attacks and data breaches as a result of human error are increasingly commonplace. The current climate is arguably a perfect recipe for more frequent incidents. Following a breach, a speedy response from brands is key to regaining the public’s confidence. Accountability and transparency are critical at this stage.”
“Brands should explain openly what has happened and why, how much information has been leaked, and what the brand is proactively doing in terms of damage limitation for those affected.”
“Communicating directly with those impacted, and more widely through the media, and owned channels, demonstrates that the brand recognises that it has made a mistake – either in terms of inadequate cybersecurity or poor internal data protection processes – however, it cares and is taking swift steps to prevent a recurrence.”
“Openly communicating soon after an incident, and with an appropriate level of regularity thereafter, will help to limit reputational damage and should be considered an opportunity to deepen the relationship between the brand and its audience.”
For any questions, comments or features,听please contact us directly.
Xanthe Vaughan Williams,听Co-Founder of PR Agency Fourth Day
Don’t pretend it hasn’t happened
“You are probably panicking and confused, but it is important to put out a statement explaining that you are taking it seriously and finding out what has been breached so that you can fix the problem. Don’t speculate either!”
Once you do know what the problem is, say what you are doing to fix it
“At this point you can apologise if you need to and decide what remedial action needs to be taken. It’s really important to be clear about how you’re fixing it as the big questions being asked will be “how did this happen?” and “how do I know it won’t happen again?”
If you can, try and take control of the story
“If you’ve suffered a particular kind of attack, try and lead a campaign to protect other organisations – as well as your own – from it in future. If it’s completely your own fault, tell everyone how your company culture/security systems will change.”
And finally, throughout the crisis, don’t forget to keep your own teams in the loop
“It’s too easy to think only of your external audiences at a time like this. Your own people will need support and reassurance more than most – particularly if they are also being bombarded with queries.”
Mary Glazkova,听Founder and CEO of This is Fine PR
“If a company collects and stores data, a data breach is always a distinct possibility. In other words, there is no “what if the crisis comes”, there is “when the crisis comes”. So you have to be prepared. The first step in expeditiously handling any threat or incident is to have an anti-crisis PR plan in place. It must include statements about:”
- “what has happen;
- what you’ve done to handle it;
- what you’ve done or will do shortly to better protect and prevent situations like this.”
“The statements should correspond to your business activities and the truth. Do not over-declare. You reputation is already at stake.”
“The information should be communicated to all the parties inside 鈥 BOD, employees, and outside the company 鈥 customers, partners, investors, etc.”
For any questions, comments or features,听please contact us directly.
David Clare,听Head of PR at Fox Agency
“Be open and honest. Tell your customers what happened, how you are fixing it (or have fixed it), and what processes you are putting in place to prevent future attacks.”
“I’d suggest you focus on communicating to customers first and foremost, but have your team reach out to a high profile media outlet in tandem. Give them an interview as soon as possible, informing your customers and providing a consistent explanation that remains open and transparent. You can be sure that a high profile exclusive interview with the right media will be reported on by other outlets, allowing you time to focus on what matters most – the security fix and your customers.”
Gareth Thomas,听Managing Director, UK, of PAN Communications
“Firms are better prepared for attacks, but often overlook the recovery phase.”
鈥淣ot long ago, a cyberattack typically triggered a state of panic and confusion, followed by a scramble to pay hush money to the perpetrators, and then a (usually botched) attempt to bury the issue (鈥楳ove along, there鈥檚 nothing to see here鈥︹).”
“Thankfully, a combination of new regulatory requirements and better comms advice means most organisations now understand the need for transparency, honesty, and accuracy.”
“They have an issues response plan ready to activate, including a crisis classification system, stakeholder maps, decision trees, holding statements, and a defined Issues Response Group which allows the right experts to be assembled quickly.”
“Most know that taking ownership and apologising early is essential (yes, we know you didn鈥檛 do this on purpose, but who else takes responsibility, if not you?!).”
“This is progress. Many studies have shown people – especially younger demographics – are less likely to trust brands following a cyberattack, and this can directly impact sales. This trust usually recovers eventually, but how the incident is handled determines whether this takes weeks, months or even years.”
“But an area still mostly overlooked is how to talk about the attack once the immediate issue has been 鈥榬esolved鈥.”
“This is perhaps understandable: after the shame/embarrassment/stress/long hours of a hack, you can see why it鈥檚 tempting to never want to speak of it again.”
“I鈥檝e often seen companies make clumsy attempts to simply divert people鈥檚 attention by rushing through a new, big and shiny announcement.”
“This is counterproductive. To rebuild trust, it鈥檚 critical that you return to the issue proactively and show how you鈥檝e learned and improved.”
“That 鈥榰rgent review of your security operations鈥 you promised the day of the attack: did it actually happen? The 鈥榮teps you are putting in place to ensure your customers don鈥檛 suffer in future鈥 鈥 what are they and are they working?”
“Managing the heat of the moment is important. Being brave enough to reopen the old wound and explain how you鈥檝e actually improved will go a long way to rebuilding trust and loyalty in your brand more quickly.鈥
For any questions, comments or features,听please contact us directly.
Georgia Christley,听Account Manager at Carnsight Communications
“We can all try our hardest to aim to prevent a cyber-attack by following best practices in our business strategies, but we can鈥檛 always avoid these attacks, bad things can happen to even the most prepared businesses. But they aren鈥檛 necessarily the end of a business. In many cases, a data breach can be an inflection point, with companies learning from the experience and coming back even stronger.”
“To help manage and mitigate these risks, it is critical to formulate a plan and be prepared.”
“1. Assess the risks and understand the risks to your brand and reputation from a cyber-attack.”
“2. Put together a 鈥榙ata breach response plan鈥 for handling a cyber-attack, when writing this keep in mind any questions that you may be asked by your customers and make sure to include a breach response team. Be transparent and timely – It is important to ensure rapid communication and response to breaches – A good rule of thumb is having a 24-48 hour response plan 鈥 especially if personal data was breached.”
“3. When building your 鈥榙ata breach response plan鈥 keep in mind the following鈥”
“If a cyber-attack does occur:
- What steps will the company take?
- Who will be available to handle the additional workload and provide the knowledge to get the situation resolved?
- Who will you need to notify alongside authorities, media and customers?
- What action is the business taking to help the affected people and how can you ensure information is sent to customers safely to reassure them all will be handled?”
“4. Ensure to keep a note of which specific data was breached and what steps can be taken to ensure this doesn鈥檛 happen again.”
Simon Moss,听Director of Element Communications
“The impact of a cyberattack cannot simply be measured in pounds or dollars, but in the reputational damage it inflicts upon an organisation.”
“We are proud to represent a number of cyber security firms and are well aware of the need to not only build the right defences but react in the right way too. The same is true of public relations.”
“Unfortunately, it鈥檚 now no longer a case of 鈥榠f鈥 your company will be attacked, but 鈥榳hen.鈥 This inevitably leads to a tarnished brand image and a loss of trust in the brand, unless it鈥檚 properly handled.”
“Speed, transparency and honesty are your top three priorities when an attack happens. Immediately announce the attack to control the narrative (rather than letting the media run wild). Take full responsibility, be apologetic and sincere, and reassure stakeholders that you鈥檙e dealing with the problem.”
“Publicly disclose the strategy you have of dealing with the cyberattack and respond to all queries quickly and effectively.”
“If the attack has compromised consumer data or networks, offer help or compensation. You may be reluctant to spend money when the cyberattack itself may well cost a lot, but instead look at it as an essential cost; you will lose a lot more in the long term if the public decides you鈥檙e an unfair, untrustworthy company.”
“By putting an actionable plan in place and staying in control, your company can avoid a PR disaster, and potentially even profit from it. In a world where cyberattacks are inevitable, effectively handling them when they occur may cause your customers to trust you more than ever.”
For any questions, comments or features,听please contact us directly.
Alice Jiga, Account Manager at Moonlight IQ
“Cyberattacks are one of the biggest threats businesses and individuals face. It鈥檚 estimated that cybercrime currently costs the global economy over $1 trillion; Ransomware attacks have increased dramatically. In an ideal world, every company already has a cyber risk and reputational management strategy in place that is evaluated continuously and adjusted to both internal and external developments, technological or otherwise. From a PR or brand value perspective the effects can be at least as costly as the initial attack, the cost of technical recovery and ongoing defences. The market and your customers in particular can be very fickle, and any loss of brand value hits the bottom-line hard.”
“Once a cyberattack happens, the company鈥檚 first step should be to address the issue, protect and recover the situation. A detailed investigation is obvious, but you need to retain the confidence of current and potential customers and your staff. If your clients have been affected in any way 鈥 even if they just think they might be affected 鈥 you must communicate with them, honestly and openly, reassuring them, if possible. While cyberattacks happen, trying to hide and hope the news goes away could do more damage to your reputation than the attack itself.”
“The second stage is to re-evaluate your company鈥檚 security and data practices. Be open about the transformation you are undergoing and your plans for future prevention and discuss these with stakeholders. The key is to be transparent in what you鈥檙e doing to mitigate this risk in the future.”
“This approach to managing your reputation is honest, transparent and has as final goal turning a critical incident into a success story. Learning from your mistakes and becoming a leader in managing cyber risk is a story most people would like to hear and learn from.”
More from Guides
- 15 Tips to Build an Inclusive Recruitment Process
- Are Psychedelics the Next Frontier in Mental Health Treatment?
- What Are Plug-In Solar Panels And How Do They Work?
- Top Biotech Companies to Watch
- What Is Data Sovereignty?
- 10 Amazing Features Of A Smart Stadium
- How Tech Startups Are Solving Water Scarcity
- Top Alternatives To Booking.com For Accommodation And Travel
Andrew Skinner-Shah,听Co-Founder of Nara Communications
“To start with, any founder, regardless of how small their company is, should be aware that they could be the victim of a cyber attack. Ignorance isn鈥檛 bliss, it鈥檚 at best a future headache, at worst a potential death warrant for your company.”
“The reason this mindset is important is that if an attack does occur, you have a small window, during which it can feel like the world is burning, to make tricky decisions and act. By preparing in advance – for example deciding on the necessary, standard communications steps – you鈥檒l not only save time if an attack does occur, you鈥檒l also reduce the number of big decisions required in the stressful heat of the moment.”
“The most crucial communications principle is transparency. Don鈥檛 try and cover things up or mask details because, beyond the fact it鈥檒l breach GDPR or state laws, the truth will eventually get out. Any subterfuge could end up being an even more damning press story. Your customers will appreciate and respect your honesty.”
“Take the time to understand what鈥檚 happened by consulting with your IT team or external specialists, because you won鈥檛 be able to explain accurately if you鈥檙e guessing. Then, communicate clearly internally (employees, PR agencies etc.) and externally (clients, customers etc.). For the latter, draft a very carefully written statement – lawyers are useful here, and also ask for input from your IT specialists. This should accept responsibility and explain, in layman鈥檚 terms, what鈥檚 happened, and what you have done/are doing. Send this to your customers, and issue on social channels.”
“Journalists may or may not start to reach out to you for further comment. If they do, point them in the direction of your statement, and if they have additional questions, answer these offline, again with inputs from lawyers and IT specialists, rather than on a Zoom or phone call. This isn鈥檛 stonewalling, rather a safer way to convey potentially very technical information accurately.”
For any questions, comments or features,听please contact us directly.
Nicola Finn,听Head of PR at Oggadoon
Have a sense of urgency, but don鈥檛 panic!
“There has been an attack; don鈥檛 panic, think about the key crisis communication steps. As Sudhakar Ramakrishna, CEO SolarWinds stated from his experience of leading an organisation through a crisis, 鈥淚t is one of those hair on fire situations where you don’t act like that, you don’t run down helter-skelter, you just kind of go step by step.鈥
Prioritise Your Stakeholders
“As news of your breach details hit the news platforms, expected or a surprise, your instant PR tactical reaction might be to drown out the bad press by trying to reset the misplaced perceptions, highlighting you鈥檙e the victim, trying to shift those negative brand mentions and coverage. However, customers, partners, employees and your supply chain are the priority. Your resources must be geared to your customers.”
Transparent Communications
“Transparency is the foundation of trust, as it creates empathy from employees, clients and partners. Ensure that you have a good understanding of the situation and share the facts as you know them – who, what, why, when and where. Create a continuous two-way conversation as you learn the details and the plan to resolve the situation. You can deal with the early breech press later in your wrap-up.”
Responsibility, Communication & Opportunity
“As any business can be the victim of a cyber attack, you will need to develop a PR strategy before your vulnerabilities become your downfall. There are three key actions in crisis management. Firstly, accept your responsibility and work to address the problem. Secondly, communicate with urgency and effectively with stakeholders, establishing a two-way dialogue. Finally, share what you learned during the different stages of the breach scenario. You can not only become a better individual and organisation but also share this with the cyber community, creating a collaborative community vigil to combat the threat actors. This is where you revisit the negative press at the start of the process.”
“Yes, your share price may well take a dip immediately after the breach, but by keeping a cool head to understand the situation, including how to address the problem and communicate about it, then you will strengthen both your reputation and your brand. To discuss cyber security crisis management or general marketing and promotion please get in touch with OggaDoon.”
Yvonne Eskenzi,听Director of Ouvert Comms
“Today, cyber-attacks are the biggest threat businesses face and they are no longer just a technical nuisance. They affect jobs, impact share price, damage reputation and customer trust and can even affect the very survival of a business.”
“But, planning crisis communications before a data breach or cyber-attack actually happens can help restore a business much quicker, with minimal reputational and brand damage.”
“Left unmanaged, a cyber crisis can swiftly destroy an organisation鈥檚 brand and reputation with little chance of recovery. A hastily released statement that fails to provide stakeholders with the information they need, or comes across as self-serving and insincere, can destroy years of work already spent to build the trust of customers.”
“Having a prepared and well-practised incident response plan in place, so an organisation and its employees know how to respond to attacks, is essential. Preparing a communication response plan for the event of a cybersecurity incident is no longer an excess of zeal, but a necessity for any company that wishes to minimise the damage of such an occurrence.”
For any questions, comments or features,听please contact us directly.
Nick Braund,听Founder of Words + Pixels
鈥淭he first step in protecting a brand and reputation after a cyberattack is to prepare. If your data is breached or your servers are hacked and you don鈥檛 have a reactive media plan, it鈥檚 too late.”
鈥淩esearch has identified that a cyberattack occurs almost twice a minute, every minute. If your business utilises tech or data in any way, a robust plan based on your owned data and the implications of exposure is essential.”
鈥淰itally, communication needs to be clear, concise and quick. Information travels thousands of miles in a split second online. Waiting until you鈥檝e fully assessed a situation will leave your stakeholders with countless difficult questions about your business鈥 security.”
鈥淧re-drafted statements from a single voice, typically the CEO or tech/security lead should be crafted in collaboration with the comms lead, key internal stakeholders and your legal counsel. As we鈥檝e seen from hacks such as Ashley Maddison, the information which can be disseminated against your will may have a hugely significant impact on individuals, companies or society at large; whether financial, emotional or otherwise.”
鈥淭aking ownership of the narrative, instead of others filling your void is a must. Any spokesperson must strike a key balance of compassionate, firm and accountable. Depending on the situation, a response needs to be swift outlining how the business is in control of the current situation and share needed information for affected parties.鈥
Jennifer Reid, Director at CommsCo
“For a long time, the stigma associated with cyber attacks put many organisations off reporting them, but with the rules introduced surrounding GDPR regulation, organisations are now under obligation to make breaches public. In a way, it鈥檚 done the world a favour in removing the stigma 鈥 attacks are no longer a matter of 鈥榠f鈥 but 鈥榳hen.鈥”
“Preparation is paramount: organisations must ensure they have in place good network recording devices in order to get their hands on the definitive evidence they need to understand what happened. After that, it鈥檚 a classic case of disaster recovery PR: admit the breach or attack, report it under GDPR regulations, and then explain, with 100% transparency to all key stakeholders what was compromised and what will happen to solve the compromise and ensure adequate procedures are in place to prevent it from happening again.”
“It’s also essential to ensure you鈥檝e got the right PR engine in place to deliver the news in the most meaningful and least detrimental way possible, and according to regulation: the moment businesses realise they鈥檝e succumbed to a cyber attack is not the time you want to be going out to agencies to ask them to pitch.”
For any questions, comments or features,听please contact us directly.
Jules Herd,听Managing Director of Five in a Boat
鈥淎voiding a cyber-attack is impossible, at some point it will happen to every organisation. The key is in preparing for it, ensuring that you have a robust crisis management plan in place before the attack happens which you can then execute once it happens.”
“Trying to manage a cyber attack without a plan in place is like shutting stable the door after the horse has bolted. Unfortunately, many companies are not prepared which is when the sh*t really hits the fan. In this instance these are the measures that companies need to take:”
“1. Don鈥檛 panic either internally or externally 鈥 the last thing you want is an employee or a customer recognising your panic as it will inevitably have a knock on effect.”
“2. Get all teams internally on the same page as quickly as possible in regarding agreeing the right approach in addressing the issue.”
“3. Follow the correct protocols in terms of who needs to be informed. Depending on the type of organisation, this could range from governments to individuals to partners.”
“4. Be as transparent as possible and don鈥檛 leave it days before any communication takes place.”
“5. Provide solutions 鈥 this could be as simple as ensuring that customers change their passwords and sharing information regarding future preventative measures in case it happens again.”
“Finally, hire a good PR agency which can help you build out that all important crisis comms plan. Trust me, regardless of the size of the company, it will be money worth spending.鈥
Sarah Alonze,听Head of Enterprise IT at Red Lorry Yellow Lorry
鈥淭here are three cardinal rules brands should remember when responding to a cyber-attack. These rules will be your saving grace when the pitchforks are out, and stakeholders are demanding explanations.”
“Cardinal rule #1: Know and understand what happened before you communicate with anyone. It sounds basic, but any brands are guilty of rushing responses following a breach or leak, because speed is seen as paramount. Knee-jerk reactions and a lack of information on the incident will only make things worse. Balance haste with diligence 鈥 gather as much information as possible and then respond.”
“Cardinal rule #2: Beware the pecking order. Certain stakeholders should be notified before others. Inform the relevant authorities initially, and work with them to stem the impact of the breach/leak. Next, notify key internal stakeholders and any affected parties, preferably with one-to-one communication where possible. External, public-facing statements come after. This is critical to containing the issue in the most appropriate and sensitive way. And remember to always speak factually and sincerely 鈥 don鈥檛 patronise or use smoke and mirrors to deflect from the issue at hand.”
“Cardinal rule #3: Don鈥檛 repeat the same mistakes. You need to have an action plan of how to mitigate and prevent a similar incident from happening again, so that internal and external stakeholders know you鈥檙e taking the incident 鈥 and their relationship with you 鈥 seriously. This is why cardinal rule #1 is so important 鈥 without knowing what happened, you won鈥檛 know how to prevent a similar attack.”
“Unfortunately, cyber-attacks aren鈥檛 usually just a flash in a pan 鈥 there are often unanticipated or unforeseen, long-term ripple effects. So, even if you鈥檝e abided by those three cardinal rules, ongoing vigilance and communication are critical. Provide regular updates to relevant parties as more information is unearthed 鈥 whether through a live blog, email communications or otherwise.鈥
For any questions, comments or features,听please contact us directly.
Martyn Gettings,听Head of PR at Tank
鈥淐yber attacks are becoming increasingly challenging for businesses and pose a significant risk of reputational damage if customer data is stolen or your product or service is forced offline.”
鈥淲hen dealing with a crisis, it鈥檚 important to have plans in place to deal with all eventualities. It is always easier to respond if you have a clear crisis comms strategy, with all active participants and stakeholders briefed so the team can quickly spring into action. After an incident has taken place, it is vital that the organisation communicates clearly as quickly as possible.”
鈥淭he company should follow all GDPR compliance and communicate with the ICO, notifiable incidents must be disclosed within 72 hours. When communicating publicly, take responsibility for finding out what has happened and then fixing the issue – as well as apologising to customers for any inconvenience. However, don’t acknowledge culpability until a complete investigation is carried out. Communicate directly with customers that have fallen victim quickly and advise them what they should do to protect themselves.”
鈥淏e clear once you’ve identified the problem, how you will fix it and how you will make sure it won’t happen again in the future. Make it clear what measures were in place to defend against cyber attacks and how the measures were overcome.”
鈥淩ebuilding trust after an incident will take time, and any recurrence of a cyber attack could be critical for brand reputation. Although the desire to reassure customers is natural, rushing to announce that the situation is resolved prematurely could do far more damage. Communicating clearly and as transparently as possible, while working closely with the legal department to ensure messaging is correct, will help to build trust at an unnerving time for your customers.鈥
Claire Simpson,听Senior Communications Consultant at Hard Numbers
“As in any crisis, transparency in key. If you fall victim to a cyber attack, make sure your customers hear about it from you first, through a direct communication channel such as email. The last thing you want is for them to find out via a third-party or word of mouth. This is not only important to retaining the trust of those affected but also reassuring your wider customer base that their data is safe.”
“In a digital world, we know that our information is never 100% secure, but poor communication around a leak can quickly exacerbate customer concerns and frustrations. So, it鈥檚 vital that a public response is forthcoming as soon as possible. On the most basic level, this should follow the CARE model of crisis response, expressing Concern for those affected by the attack, clarifying what Action is being taken to address the causes of the breach and, finally, seeking to Reassure stakeholders by demonstrating that such an attack is rare or won鈥檛 happen again.”
“If your business processes large volumes of data, it鈥檚 critical that you map out worst case scenarios relating to cybersecurity and how you would respond as part of your crisis planning – regularly stress testing these protocols to ensure their efficacy. Key to this is the creation of a crisis response team to lead the implementation of these protocols in the event of a cyber attack. This group should be well versed in fraud tactics and made up of relevant stakeholders from leadership, communications and legal teams to ensure a unified approach. However, not all attacks are created equal. While it’s important to agree roles and responsibilities in advance, be willing to adjust your approach if something isn鈥檛 working and adapt to the evolving situation in real time.”
For any questions, comments or features,听please contact us directly.
Francesca Baker,听Communications Specialist, Copywriter, Marketer and PR
“Cyber attacks are something the public are increasingly aware of. When they trust you with their information and data, they want to know that you can protect it. If a breach happens, it’s best to be open and honest about it. Cover ups cause long term reputational damage, whereas a clear and quick response makes everyone feel more comfortable.”
“I’d also recommend getting people on the phones or in the customer services branch with a brief and corporate lines. One of the the areas that businesses fail on is not having enough people to answer consumer questions, which is frustrating and leaves people more unsettled. Like everything with PR and corporate affairs, communication is key.”
Carla Williams Johnson,听Media Marketing Specialist at Carli Communications
“Reputation management is the name of the game when it comes to business. Being a victim of a cyber attack myself, I have a unique understanding of the devastation that it can wreak upon a business, though I may not be 鈥榯ech savvy鈥 I do understand how to handle a crisis. Here is my four step framework or what I call the 鈥楢BCDs of Crisis Response鈥”
A 鈥 Act immediately
“Once you鈥檝e been made aware, move swiftly so as not to incur any further damage to your brand. Communicate facts to those affected and apologise where necessary. Contact the necessary parties to help you manage the crisis such as your tech team or even customer service.”
B 鈥 Be visible
“Pay special attention to how the brand is seen in public. Use the media to convey your decisions, thoughts and emotions and how you intend to remain in service to your customers.”
“Use the media to feature your brand in a positive light.”
C 鈥 Change strategy
“As in, create a new plan. Your business has taken a major blow and you need to now factor this in.”
- “What can you do to recover or rebuild trust?
- What is the lesson learned from this crisis?
- What can it be implemented now to help you overcome this?
- What action is the business taking to help affected people?”
“Create a timeline and include any associated costs (people, processes or systems) to ensure things get done.”
D 鈥 Don鈥檛 give up
“I鈥檓 throwing this in to say that sometimes things happen you believe that all is lost and that may not necessarily be the case. You can recover from it once it鈥檚 handled well so do damage control and get yourself back out there.”
For any questions, comments or features,听please contact us directly.
