This is the question that was debated at the European Association of Communication Directors (EACD) Forum at HSBC’s London headquarters last week, in a session on the best communication strategies for handling the increasing risk of cyber attacks.
Naturally, the recent high-profile TalkTalk security breach was referred to on a number of occasions. Everyone seemed to concur that Dido, CEO of TalkTalk, came across like a deer in the headlights, when speaking to the media pack following the announcement.
Most agreed this was the result of poor communication strategy, Dido was obviously not equipped with the right level of information on the situation, and wasn’t the appropriate IT security expert to handle technical questions with authority. Not ideal when you’re the most authoritative figure in a company.
Others saw this as strategic from an investor relations standpoint. When faced with such a business blunder, a publicly listed company needs to communicate it is taking the situation seriously to all stakeholders. And it is usually the figurehead that assumes public responsibility. The argument was that when you take on the position of CEO, you accept this associated-risk as part of the package.
We’ve seen numerous CEO public apologies in our time, some receive kudos and others outrage. The BP oil spill is always pinned up as an example of how not to do PR; cue images of then CEO Tony Hayward walking along the sand in a white shirt while apologising for the 2010 catastrophy.
The key to a successful public apology: be transparent and authentic.
Here are a few more communications recommendations to IT service providers to prepare for a similar security breach or outage, and remember, it’s a matter of “when, not if”:
For more advice on building a global PR operation, see our eBook below: