What went wrong?
Optus took around 7 hours after the outage started to respond in a meaningful way. The delay in the CEO’s response allowed other stakeholders to control the narrative and diminished the effectiveness of her response.
Social and mainstream media responses were not synchronised. When a crisis hits, companies are expected to action the social and digital elements of their crisis plan with the same level of priority as other elements. This includes switching to a dark site that consolidates all relevant customer communications and adopting a tone of voice that recognises the severity and impact of the issue on all its customers.
Finally, last year’s data breach crisis is still fresh in the minds of Optus consumers and shareholders, and while they may have forgiven the company once, they were expecting it to have learned from its mistakes.
What does best practice look like?
The three main principles of good crisis communications are:
1. Tell your story before others do: You need to take control of the narrative and be the single source of truth – to all stakeholders, across all channels. If you don’t talk about what is happening, someone else will. When thinking about when to make a statement, companies should consider the following steps:
- Do your stakeholders expect you to do or say anything now?
- Will silence be perceived as indifference to the crisis or an admission of guilt?
- Are others speaking about you now and shaping the narrative?
- If you wait, will you lose the opportunity to shape and control the narrative?
- If the answer is yes to any of these questions, the company should make a first statement immediately, focusing deeply on customer retention, brand reputation and operational resilience.
2. Speak early, speak often: in managing any critical scenario, companies should be in a position to say something quickly – demonstrating control, acknowledging impact and setting out a timeframe for updating customers.
3. Be prepared: the first time a crisis plan is opened should not be in a crisis. Preparation is key – including running detailed simulations and having holding statements that cover the most likely scenarios that could impact your business.
Want to learn more about crisis preparation?
FTI Consulting has teamed up with Herbert Smith Freehills and Coveware to discuss how to run a cyber crisis simulation, what you need do to prepare, and what best practice looks like.
They will also explore how regulators in Australia have made it clear that they expect companies to have a comprehensive response and recovery plan, and that this plan must be tested and tested regularly.
Join FTI Consutling on Tuesday 14th November 2023 as we take a closer look at what makes an effective management and board crisis cyber simulation.