Crisis communications: reducing reputational damage

When it hits the fan

Crises happen. Despite the best-laid plans, there is always an opportunity for something to fail: often systems, people and/or finances.

The big number in the news this week is 400,000.

400,000 Ryanair passengers are likely to have their flights cancelled after the Irish budget airline messed up its pilots’ holiday leave, forcing the airline to ground numerous flights.

400,000 is the number of British customers who might have had their personal details stolen from the credit monitoring company, Equifax, when its systems were hacked in July.

400,000 might sound a lot, but it seems that we Brits got off lightly in the Equifax crisis. Equifax has admitted that half the entire US population could be affected. That’s 143 million Americans, making this crisis mind-blowingly humungous.

What to say when everything goes horribly wrong

There are two main strategies for managing business communication in a crisis: communicating information (gathering and conveying facts) and communicating meaning (attempting to influence external perceptions of the crisis and/or the organisation). Crisis response strategies are mainly about managing what a crisis means to stakeholders.

Your main responsibility in a crisis is to protect your stakeholders: informing them how to protect themselves, reassuring them that they are safe and/or expressing concern for them. You can only start to repair your corporate reputation once you’ve conveyed this so-called ‘instructing’ information. It’s worth noting that reputational repair can take years, so it is vital to get your crisis communications correct from the start.

However, it’s not just a one way street. Stakeholders want real conversation and not just official statements. With social media an ideal platform for engaging actively in dialogue – listening and responding to the concerns of customers, clients and other interested parties – it is important to gauge your audience’s emotional tone to guide your crisis response and proactively support your stakeholders.

A swift and genuine apology can go a long way

Almost incredibly, it took six weeks for Equifax to reveal it had been hacked, during which time three leading executives sold huge numbers of shares in the company. Equifax’s CEO was forced to apologise to the public last week after being dragged before the US Senate Committee on Finance to explain.

In a hacking situation – an invisible crisis to begin with – it is important to go public before fraudsters start sending phishing emails to your stakeholders. Ideally that means informing the media and social media within an hour of the data breach becoming apparent.

In a visible crisis, the media is likely to find out what is happening before you contact them. With hundreds of passengers stranded, Ryanair had no option but to admit its mistake quickly. It took the correct course of action by apologising wholeheartedly to its customers.

A sincere apology is absolutely fundamental. However, you should only ever apologise if you really mean it. Coming across as insincere is likely to aggravate the crisis. It is also wise to avoid a pseudo-apology, which business leaders often use to reduce the impact of a crisis and to avoid taking full responsibility. Anything other than a heartfelt, genuine apology will come across as insincere and will hinder your cause.

Handled carefully (honestly and openly, recognising distress and anger and apologising sincerely), your crisis communications are likely to strengthen your brand loyalty.

When the password management company LastPass was hacked earlier this year, it communicated transparently with its users, explaining exactly what was going on and how it was working to resolve the situation. While LastPass was criticised by some for putting passwords at risk (fair comments bearing in mind the company remit), many others praised its response to the crisis and supported the company fully.

Who should take the rap?

The Ryanair crisis hit on Saturday 16th September, 2017. The man initially in charge of the response was Chief Marketing Officer, Kenny Jacobs. Strangely, Chief Executive, Michael O’Leary, was nowhere to be seen… until the share price slumped when the markets opened two days later.

Mr O’Leary is known to be very vocal and has a habit of aggravating and exasperating people, so perhaps Ryanair decided to keep him under wraps. Or perhaps he just didn’t realise the seriousness of the situation. Kenny Jacobs is not well known, so having him as spokesman made it feel like the CEO didn’t really care. That’s bad news for Ryanair’s reputation.

Michael O’Leary is a well-known figure, and passengers wanted  an apology from the boss. When he finally put his head above the parapet, he apologised profusely. He then spoilt this with the arrogant remark that passengers who vow to avoid Ryanair in future will break those promises because of the company’s cheap tickets: “our booking engine is full of passengers who have sworn they will never fly with us again”.

The buck always stops with the CEO, so he or she should willingly take the media spotlight in a crisis.

Let’s look at the telecoms company, TalkTalk. When it was hacked in 2015, with fears that 4 million people might have had their personal data stolen, CEO Dido Harding offered herself to the media. She was heavily criticised for the timing and content of her response, but she was also praised for taking ownership of the problem, expressing concern and advice for customers and showing commitment to solving the issue. Although her comments were uninformed, at least one PR practitioner described her honest and open communication style as refreshing and to be applauded.

Honesty, transparency and openness are always the best policies when it comes to crisis communications, and stakeholders expect this from the person at the top.

Crisis communications channels

If you are in a large organisation, you will have a crisis communications plan and a team to implement it. You will probably have message templates to help you respond swiftly, and trained spokespeople who know what to say and when.

Smaller companies should follow the same principles. It takes time and effort to create a solid crisis communications plan and run crisis practice sessions at least once a year, but it is always a worthwhile insurance policy: you just never know when crisis will hit. If you are unprepared, your business is at risk.

You will certainly need to pre-establish channels of communication in case your standard channels crash or if you have to take them offline. Not all companies have this foresight, however – even communications companies. When TalkTalk was hacked, for example, its website and webmail went down, making it tough for the organisation to communicate with customers.

A company in crisis can be lost without clearly defined secondary communication channels. Many companies create a ‘dark website’ – a crisis website hidden from public view until it is needed. This forms part of a crisis communication infrastructure which might also include a dedicated call line, dedicated Twitter feed and a cloud-based critical communications platform to ensure that if internal email goes down, managers and staff can still communicate.

Crisis communications: points to remember

Ensure your crisis communications plan is solid and workable. If you are uncertain, follow the British Standards Institution advice in its crisis management handbook, BS11200.

When crisis hits, think of your stakeholders first. Are they at risk? What can you do to ameliorate that risk? How can you best communicate this and support them? Listen to them and respond accordingly.

If your company makes any form of error, apologise genuinely and quickly. People want an apology from the CEO, especially if they are well known. If that’s you, gird your loins and go for it.

As you are unlikely to face many crises in your lifetime, you’ll need to practice your response in a safe environment well before everything goes pear shaped. Run annual crisis training scenarios to ensure you are up to the job. As a hacking crisis is very specific, and as data breaches are becoming increasingly common, make sure you have plans in place for this, as well as for more general crises.

Be open, transparent, honest and genuine. Be yourself – the best you can be. If you’re not sure exactly how to achieve this, get in touch and I’ll be happy to advise.