In the aftermath of the Sony scandal, individuals, organisations and governments are being warned to prepare for a rise in cyber-crime.
According to a recent survey, 78% of organisations experienced a data breach in the past two years. This means that while protective measures are still essential, so too are proactive plans for reputation management after a cyber-hack.
A prompt and reassuring communications response in the aftermath of a security breach can make the difference between bankruptcy and solidity. Comparing the different reactions of Target and Greggs, both of which fell victim to damaging issues online, highlights the importance of a tactical and efficient communications plan.
Target suffered the biggest retail hack in US history, which was later reported to have been entirely avoidable. Certainly this knowledge irritated customers, but much of the frustration unloaded on Target’s social media platforms was directed at their mishandling of the crisis rather than on its preventability. Customers that resorted to calling the conglomerate were often placed on hold for almost an hour, only to have the call dropped. Reassurance was not easily found online either. The answer to the most important question, “has the issue been resolved?” was buried in the middle of a 1,500 word statement posted on their website.
From a communications point of view, Target reacted by “dribbling out information coloured by emotional denial and over-lawyered language”. From a legal point of view, Target conveyed “a false sense of security” when the issue was yet to be entirely resolved.
The Target episode captures the difficulty of striking the balance between reassuring customers promptly, but not prematurely, after a cyber attack.
When Greggs suffered a similar fate – although not necessarily due to a specific cyber attack – its response was both efficient and effective. Not surprisingly, it came entirely through social media platforms. Not only did Greggs reply to tweets directed at them, they also started the hashtag #FixGreggs, enabling them to light-heartedly take control of the situation.
The lesson isn’t to turn cyber-crime into a joke – in the case of Sony, the threat certainly isn’t funny. What matters is that you are prepared to address and respond to the crisis swiftly, and to inform your customers that despite falling victim to an attack, you are in control and value their trust.
Measurement and evaluation