Advert
Advert
Join CIPR
Search by title
A figure of a hooded person leaning over a laptop. Written across the image are lines of machine code, a large exclamation mark and the word hacker
Oselote on iStock
PUBLIC RELATIONS
Tuesday 17th January 2023

The challenges of reaching and supporting consumers in a crisis

What happens when communications teams are left picking up the pieces?

When a crisis hits, companies are faced with the responsibility of reaching out to thousands, sometimes millions, of people to support those impacted. But what happens when systems crash, contact data is lost, and communications teams are left picking up the pieces? 

At a recent CIPR Crisis Communications Network event, I was joined by Nic Daley and Kimberley Rushton to discuss how businesses and organisations can mobilise their customer communications at a time of crisis.

In the event of a cyber attack

In 2017, Kimberley Rushton experienced one of the biggest cyber-attacks the country had ever seen while working for an NHS trust.

“The first thing anyone knew of it was when IT asked everyone to turn their computers off, then we were rushed into an incident management team meeting,” said Kimberley.

As you’d expect, the main priority in this scenario was patient safety. With a full hospital, as well as a steady stream of patients coming though A&E and other urgent care routes, there was no one-size-fits-all approach to contacting patients to inform them of the attack. With all the computer systems down, patient information, including vital data such as medications and existing conditions, was inaccessible.

“We had prepared quite a lot for something like a chemical spill or if there was a major disaster, but we hadn’t prepared as much for a cyber-attack, particularly one so prolonged.”

While there are a lot of logistics involved in cyber incidents, when communication platforms are compromised, the first and most critical step is finding ways to overcome this.

The quality of the contact data

This initial challenge is where many organisations get stuck, because in order to get communications out in a timely manner, you first need to have accessible and up-to-date contact information. On average, companies have only 80% of their customers’ email addresses. The other 20% is postal, or sometimes just a phone number.

For those without a crisis response plan in place, this proves to be a predominant sticking-point. Our own research showed that only 7% of businesses that had experienced a data breach were able to inform customers within 24 hours, and 42% of businesses do not have customer response plans in place.

The importance of communication  

In the eye of the storm, many companies fail to establish the basics: who to communicate with and when.

For any organisation, there are many affecting factors to consider. These include:

  • Multiple channels (i.e. email, postal, WhatsApp).
  • Level of risk – whose data has been compromised and to what severity?
  • Foreign business – there may be complexities across borders, both from a legal and regulatory stance, but also in terms of communication, such as language barriers and the need for translation.
  • Various cohort groups, such as employees, consumers, suppliers, contractors, etc.
  • Suddenly you’re working with nearly 100 communication templates to reach out to the different groups.

Similarly, to outbound communication streams, you must also review inbound streams. Once the communications are sent out, around 1% of the people receiving the communications will be concerned and will have follow up questions. This results in inbound responses, which will require scripts to have the approval of legal and compliance teams.

Communications teams are at the heart of helping to support customers in a crisis, and it’s a business’s responsibility to support its teams by preparing what it can in advance.

The changing landscape of cyber threats

“The cyber landscape has changed, and there are now a lot of different tactics that these ‘threat actor’ groups employ. At FleishmanHillard, about half of the crisis work that we do is in the cyber space, particularly ransomware attacks. And yet, in many ways, the pressures remain the same,” says Nic Daley, co-head of UK issues and crisis at FleishmanHillard.

While cyber incidents first present operational challenges, compliance also demands timely action from organisations. GDPR stipulates that businesses must tell a data subject without undue delay, that their data has been impacted. This pressure from regulators is not new, nor is the customer demand for better support and transparency. The only thing that’s changed is our ability to respond to these factors. 

Overcoming challenges 

When it comes to reaching and supporting customers in a crisis, there are many challenges to overcome. We can’t plan for everything, but between data solutions and pre-emptive planning, companies who prepare now will save themselves from a lot of loss in the future. 

Jim Steven is Head of Crisis & Data Breach Response Services at Experian

This post was originally published by the CIPR Crisis Communications Network. Read the original post.

Image by Oselote on iStock.

pr-strategycrisis-communicationbusiness