How to stop a crisis becoming a disaster

I’ve become in equal measures both addicted to and depressed by the government’s daily press briefings announcing the tally of new COVID-19 deaths. And from a communications’ professional standpoint, the government’s handling of the situation has been a salutary lesson in crisis management. Having a handle on the facts is one of the basic principles of good crisis management, yet the government’s failure to include deaths in the community and care homes in the initial figures has undermined the credibility of the response to the crisis. Ultimately, the effectiveness of their communications strategy will be one of many factors that will determine how history judges the way that governments around the world handled the pandemic. 

Although few of us would have anticipated the dystopian world we’re currently living in as we raised our glasses at the start of 2020, it illustrates only too painfully the importance of planning for the unexpected. The fluctuating mood of the media in judging the performance of the government has also been fascinating to observe, particularly on the day the government fails to hit its target of 100,000 tests a day. 

As a PR professional working with cyber security vendors, and a media constantly filled with stories around data breaches, vulnerabilities and cyber-attacks, it’s vital that all communications teams working in this sector have a crisis management plan in place to deal with a variety of different potential crisis scenarios. The fact that earlier this week, one of the UK’s most successful security companies, Sophos was the victim of an alleged attack on a vulnerability in its market-leading firewalls, which are installed in numerous enterprises around the globe should be a reminder to every cyber security vendor of the need to ensure those plans are current and up-to-date.   

It’s a sad fact of life that security vendors’ products are likely to be a target for cybercriminals, offering as they do the opportunity to gather privileged account passwords and the keys-to-the-kingdom in gaining access to a businesses’ most sensitive data. Yet the speed and agility with which the vendor acknowledges the problem, assesses the scale and scope of the problem and communicates with key stakeholders, determines the extent of longer-term reputational damage on the company. 

Sophos appear to have responded swiftly and decisively, suggesting that they had a tried-and-tested crisis management plan in place, with a clear chain of command and communications against which they were able to act.  Nonetheless, there are ample examples of other security companies and enterprises falling foul of data breaches and cyber-attacks, that have reacted in a much less professional way and paid the longer-term price. Whilst I have no intention of naming and shaming companies here, I think we can all think of examples where there has been a delay in the speed to react, or a failure to gather accurate data and communicate with key stakeholders such as customers, channel partners, employees and investors. 

So, what can the way the government is communicating with the public around the COVID-19 pandemic teach us as communications professionals?  Well firstly, that governments and economies, just like businesses, can fall prey to unexpected crises. As with cyber attacks and data breaches, it is not the fact that you’ve fallen victim to an attack that’s the problem, it’s how you handle the fallout of that incident that counts. That’s why if you work as a communications professional in a cyber security company, you should be scrutinising your crisis management plan right now to ensure that it’s still fit-for-purpose in a world where most executives are working from home and at the mercy of somewhat unstable internet connections. If you haven’t done so yet, be sure to test out your crisis management plan to see that it can steer you out of troubled waters.

Author

How to become a thought leader – part 2 – what makes an ideal candidate?

How to become a thought leader – part 1 – deciding your objectives