In the UK, there was a recent, highly publicised “significant and sustained cyber-attack“ on the Telecom company Talk Talk’s website.
According to the news as I write this, it seems that a fifteen (!!!) year old Irish lad and a 16-year-old Brit may be responsible. They might have been able to steal information such as names, addresses, passwords and other personal information including bank details. The phone and broadband provider, which has over four million customers in the UK, said that this information “could have been accessed, but credit and debit card numbers had not been stolen”. This was later corrected and Talk Talk admitted that such sensitive financial information had also been obtained.
When the news first broke, Talk Talk tried to play it down. When people requested to cancel their contract, they were told they would be hit with a hefty £200 cancellation fee! That’s really adding insult to injury isn’t it?
As a result of the ensuing outcry, they later amended their position, saying that they would only waive termination fees for customers wanting to end their contracts if money is stolen from them. The local Consumer group Which? called the offer the “bare minimum”.
“In the unlikely event that money is stolen from a customer’s bank account as a direct result of the cyber-attack [rather than as a result of any other information given out by a customer], then as a gesture of goodwill, on a case-by-case basis, we will waive termination fees,” the company said on its website.
Am I dreaming? Goodwill gesture?!! My brother is one of their soon to be ex-clients and I, therefore, followed the handling of the whole case with interest.
What Talk Talk did was ignore their customers’ feelings. As a result, they are provoking their customers to cancel their contracts as soon as they come up for renewal. That is certainly what my brother will do. If on the other hand, they had said that people had up to a month, or three or six months, to cancel their contract if they so desired, then I’m sure that many would have waited before taking such a rash decision.
That would have given them time to calm down, and they might even have forgotten or forgiven the incident by the time their contract came up for renewal. By forcing people to stay, they are also forcing people to leave just as soon as is legally possible. This is just another example of a short-term gain for a long-term pain / loss.
As if that isn’t enough, reporters facing imminent deadlines, will often go with what (little) information they have about the situation. They can’t wait hours or days for the company to craft an appropriate response that will assure that its image remains intact. As a result, damage is done incredibly quickly to a business as well as to its image when such incidents are handled badly. A good reason for organisations to be prepared for any and all eventualities, by using scenario planning. See “10 Steps & 5 Success Factors to Ensure your Business is Ready for Anything” for more on this topic.
What Talk Talk should have done
As all good crisis managers know, what Talk Talk should have done is to follow best practice procedures. When a crisis happens especially when it directly involves the customer:
- Admit the problem.
- Detail exactly what has happened.
- Say what you are doing to put it right.
- Empathise with customers and offer a solution.
- Explain what you will do so it doesn’t happen again.
These five simple steps are known by all PR professionals and yet when a crisis happens the reaction from so many companies appears panicked and chaotic. It is as if knowing what to do doesn’t ensure a company does what needs to be done. (>>Tweet this<<) In this case, it doesn’t even look like Talk Talk has thought through and prepared for such an eventuality – even though this isn’t the first time it has happened to them! Being prepared is half the battle. (>>Tweet this<<)
Learning from Mistakes
According to an article in the UK’s Guardian newspaper, this is Talk Talk’s third major security breach in the past year! When asked whether such sensitive financial information was encrypted, Talk Talk’s CEO, Dido Harding, said: “The awful truth is, I don’t know”. What is shocking is not only that it has happened before – several times – but that the head of the organisation has not taken steps to ensure such gaps in her organisation’s security were corrected.
Every business and every person makes mistakes occasionally. It’s what we do after making a mistake that makes the difference. As Bruce Lee is famously quoted as saying “Mistakes are always forgivable if one has the courage to admit them.” (>>Tweet this<<)
Excellent leaders and great businesses admit their mistakes quickly and with courage. They see them as a chance to learn and to grow, rather than as an excuse for ignorance and denial. As a recent article in Forbes mentions, “A company in crisis is an opportunity for change”. (>>Tweet this<<) A business should take both short-term and long-term actions as quickly as possible. Doing nothing is the worst reaction to a crisis, as it opens the way for even greater criticism and exaggeration. As already mentioned, journalists love a good story and if you don’t provide it, they will create it with what they’ve got.
“Bad companies are destroyed by crisis. Good companies survive them. Great companies are improved by them” Andy Grove, former CEO of Intel
Being Customer Centric
I spoke about customer centricity in the title because I believe that companies who are thinking customer first, will react appropriately in a crisis. Taking the customers’ perspective will mean that they will do what’s best for their clients first and foremost. They will address the issue for their good, and only then address it internally. Therefore, all businesses which are in the habit of thinking customer first are more likely to do the right thing first.
There are many organisations that have reacted inappropriately in a crisis and their business has suffered, in some cases to the point of closure. Another recent crisis, that of Volkswagen, highlights just how far a company will go to win the approval of its clients. It shows that although they may have understood the importance of their customers, in this case at least, they exaggerated and lied to win their approval. Both such practices will almost always be discovered sooner or later because too many people are involved in keeping secrets. Customer centricity may not be easy, but it’s the right way to conduct business in today’s informed world.
When faced with a crisis, a customer-centric business follows the 5-step process mentioned above, to empathetically respond first to its clients, and then to the press and relevant authorities. It’s a clear sign that the organisation has the right priorities.
If you’d like a useful checklist about what to do in a crisis, I highly recommend the one which Forbes published a few months ago in their article “You have 15 minutes to respond to a crisis; A checklist of Dos and Don’ts.”
Have you prepared several future scenarios to be prepared for the opportunities and challenges your organisation may follow? If not, then let’s discuss possible solutions. Contact me today here.