Hearts & Minds: It was the best of comms; it was the worst of comms - a tale of two cyber incidents

This is the story of two companies. One, a major tech provider gets it hopelessly wrong when it is subject to cyber-attack. Another, a big-name retailer with branches everywhere, is spot on with its response to a similar incident. 

The former is condemned for poor comms, issuing denials, coming clean after a lengthy delay and faces the prospect of legal actions and watchdog penalties. The latter wins praise for its straight-up openness from authorities, investors and customers alike. 

Shoppers have their Easter weekend disrupted, they can’t collect online orders, pay using contactless, exchange gift cards and return items. Still, they laud the firm for displaying a level of honesty and trust they associate with the brand. It's a human reaction to a cyber incident, with the CEO posting a heartfelt apology and simply signing off with his first name as if he is addressing friends and family, and it earns high marks. 

One finds itself with its reputation tarnished, possibly forever; the other’s, remarkably, is enhanced. Both are textbook examples of how not to treat a cyber crisis and how to. For CEOs and their comms teams, there is much to learn and absorb here. But time is also of the essence. Every day, as if this needs telling, corporates are being hacked and held to ransom. Right now, a board and management somewhere are receiving devastating news. Reading and studying are nice, but seeking practical, immediate assistance is better. Imagine you’re that company and you have scheduled a day in a month or two to discuss vulnerability to cyber infiltration. Suddenly, it’s all for the fairies. You need a comms plan that works, you must know what to do, everyone must be familiar with what is required of them, it must be instantly usable, and you need it now.

Sodali & Co and its specialist team can help. They are well-versed in dealing with cyber comms, know what scores and what will backfire, and advise on how to prepare and get ahead, to be ready and armed. 

It’s about ensuring effective board leadership so members receive proper cybersecurity training, devising a comms strategy that addresses interlocking risks, clearly understanding the legal and regulatory obligations, understanding data exposure and tightening security, managing stakeholders in the following days, weeks, and months, readying for different scenarios and having templates to hand, and implementing an effective command structure. It’s about securing resilience through readiness. It means getting it right.