Caught in the PR storm: Mastering crisis communication in a tech whirlwind

The PR Post Bureau |
From CrowdStrike’s update snafu to Disney’s Nullbulge nightmare, recent headlines underline a critical truth: technical glitches and cyber attacks can erupt in a PR inferno. But fear not, fellow communicators! In this feature report, Adgully delves into the art of crisis communication, equipping you with the strategies and tactics to navigate even the stormiest PR waters. Learn how to build trust, mitigate damage, and emerge stronger from the other side.


What are the key takeaways from both the incidents?

Thorough testing and validation processes are crucial before deploying software updates, especially in critical systems like cybersecurity, says Bhaskar Majumdar, Co-originator, CommsAdda. “Robust cybersecurity measures and continuous monitoring are essential to detect and mitigate breaches promptly, ensuring customer data protection. Effective communication strategies during such crises are vital to maintaining trust and transparency with stakeholders,” he says.

Reflecting on the incidents involving CrowdStrike’s software update glitch and Disney’s data breach by Nullbulge, several pivotal lessons in crisis management emerge, says Priya Sharma, Co-Founder, PRZSM Communications. Firstly, she adds, these events underscore the necessity of robust crisis management plans.

“Preparation enabled both companies to swiftly mitigate the impact. Secondly, the importance of transparent communication cannot be overstated. The timely updates from CrowdStrike and Disney played a crucial role in maintaining trust and controlling the narrative. Additionally, rapid response efforts were vital; CrowdStrike’s swift identification and rectification of the glitch, and Disney’s immediate actions to secure compromised data, were key in managing these crises. Lastly, these incidents remind us of the importance of learning from experiences. By conducting post-crisis analyses, organisations can identify vulnerabilities and refine their strategies, ensuring they are better equipped for future challenges,” Sharma explains.

Effective crisis management in the digital age requires a combination of preparedness, rapid response, clear communication, and sensitivity towards affected parties, says Deepak Jolly, Founder and Director, Consocia Advisory.

“Learning from incidents like CrowdStrike’s software glitch and Disney’s data breach helps companies enhance their crisis management strategies. This involves having detailed pre-crisis management strategies, including robust training and simulations drills, crisis communication plan, balancing transparency with sensitivity, and continuously improving policies and procedures. By adopting these best practices, companies can better navigate crises and maintain trust with their stakeholders,” Jolly adds.

Deepak Jolly takes a look at what both companies did to resolve the crisis.

CrowdStrike’s Software Update Glitch

Incident Summary:

  • What Happened: CrowdStrike, a cybersecurity firm, released a software update that caused system disruptions for their clients. Microsoft, which is helping customers recover, said in a blog post they estimate that CrowdStrike’s update affected 8.5 million Windows devices.
  • Nature of the Issue: The update led to unexpected system behaviour, affecting clients’ operations severely.
The Impact:

  • Reputation Loss: CrowdStrike’s reputation as a reliable cybersecurity provider was tarnished. Clients trust cybersecurity firms to prevent disruptions, not to cause them.
  • Financial Loss: The glitch likely resulted in operational downtime for clients, leading to potential financial losses and compensation claims.
  • Client Trust: Trust is crucial in cybersecurity. The incident eroded client confidence and could deter potential clients.
The Response:

  • Immediate Communication: CrowdStrike quickly acknowledged the issue and provided frequent updates.
  • Technical Resolution: They worked swiftly to roll back the problematic update and restore normal functionality.
  • Client Support: Offers support to affected clients to minimize the disruption.
Disney’s Data Breach by Nullbulge

Incident Summary:

  • What Happened: Disney experienced a data breach by the hacker group Nullbulge, compromising sensitive information. Nullbulge claimed responsibility for leaking over 1.2 terabytes of internal communications.
  • Nature of the Breach: This breach allegedly includes sensitive information about upcoming projects, advertising campaigns, and even employee data.
The Impact:

  • Reputation Loss: Disney’s ability to protect customer data was questioned, undermining customer trust.
  • Financial Loss: Financial repercussions included legal fees, fines, and compensation for affected clients, channel partners and other stakeholders, as well as costs to enhance security measures.
  • Customer Trust: The breach could lead to a loss of customers, impacting brand loyalty and market position.
The Response:

  • Timely Disclosure: Disney promptly informed affected stakeholders and the public.
  • Collaboration with the Authorities: Worked with law enforcement and cybersecurity experts to investigate and secure systems.
CrowdStrike Falcon’s outage has significantly impacted businesses worldwide, says Ganapathy Viswanathan, independent communication consultant. Typically, he adds, technology crises are temporary and soon forgotten, but this incident has resulted in substantial losses for many companies. It exemplifies crisis management in the tech industry, he adds.

“While some may mistakenly associate CrowdStrike Falcon with Microsoft, it is crucial to note that Microsoft’s reputation is also affected. CEO Satya Nadella has responded on social media, stating that they are providing technical guidance to restore the system. Transparency is essential now. Clearly stating the problem and providing a solution can prevent speculation and reassure the public. Setting up a dedicated helpline for technical support and monitoring online platforms to address queries promptly will also be beneficial,” Viswanathan adds.

Best practices

What are the essential elements or best practices of an effective crisis management plan in the digital age?

Priya Sharma is of the opinion that an effective crisis management plan in today’s digital age must be comprehensive and dynamic. She suggests that it is crucial to have a dedicated crisis communication team with clearly defined roles and responsibilities. This team, she adds, should utilize advanced monitoring tools to detect potential issues early, allowing for proactive measures.

“Developing clear communication protocols ensures both internal and external messages are consistent and accurate. Engaging key stakeholders with regular updates and addressing their concerns promptly is essential. Preparing media statements in advance and designating spokespersons for press interactions help maintain a unified message. Regular crisis simulations and training sessions keep the team prepared and responsive. Post-crisis evaluations are equally important, as they allow organisations to identify strengths and areas for improvement, ensuring the crisis management plan evolves and improves continuously,” she says.

In today’s digital age, says Bhaskar Majumdar, effective crisis management plans must encompass key elements and best practices.

Preparation and Planning: For instance, CrowdStrike’s incident highlights the critical need for thorough testing and validation before rolling out updates to vital systems.

Timely Response and Communication: An example is Disney’s swift and transparent handling of the Nullbulge data breach, demonstrating the importance of promptly informing and maintaining transparency with affected parties.

Transparency and Accountability: Equifax’s data breach serves as a cautionary tale, illustrating the severe consequences of delayed disclosure

Transparency with sensitivity

How can companies balance transparency with sensitivity to affected parties during a data breach or technical crisis?

According to Bhaskar Majumdar, companies can balance transparency with sensitivity to affected parties during a data breach or technical crisis by:

  • Promptly disclosing the incident with clear and factual information.
  • Acknowledging the impact on affected individuals or customers.
  • Providing regular updates on the investigation and remediation efforts.
  • Offering support and resources to those affected, such as identity protection services.
  • Respecting privacy by not disclosing unnecessary details that could further compromise security or cause undue alarm.
According to Deepak Jolly, essential elements of an effective crisis management plan in the digital age are:

Pre-Crisis Preparation

Risk Assessment: Regularly assess potential vulnerabilities and threats within the organization.

Training and Simulations: Conduct regular drills and training for employees, including both technical response and communication strategies.

Crisis Communication Plan: Develop a comprehensive plan that includes:

  • Designated Spokespersons: Identify key personnel to communicate with the public and media.
  • Communication Channels: Establish primary and backup channels (e.g., social media, press releases, customer emails).
  • Messaging Framework: Create templates and guidelines for consistent messaging.
Incident Response

  • Immediate Action: Quickly contain and mitigate the issue to prevent further damage.
  • Internal Coordination: Ensure seamless communication among internal teams (IT, legal, PR, customer support) for a unified response.
External Communication:

  • Timely Updates: Provide frequent, transparent updates to stakeholders.
  • Clear Language: Use plain language to communicate with non-technical stakeholders.
  • Own the Mistake: Acknowledge the issue and take responsibility.
Post-Crisis Management

  • Evaluation and Learning: Conduct a thorough post-mortem analysis to understand what went wrong and how to improve.
  • Policy Updates: Revise and strengthen policies and procedures based on lessons learned.
  • Customer Support: Offer ongoing support and remediation to affected customers.
Balancing Transparency with Sensitivity

Clear and Honest Communication:

  • Timely Updates: Provide regular updates as the situation evolves.
  • Avoid Jargon: Communicate in plain language for better understanding.
  • Acknowledge Mistakes: Own up to errors and explain corrective measures.
Sensitivity to Affected Parties:

  • Personalized Communication: Reach out to affected customers individually when possible.
  • Support Services: Provide resources such as hotlines, FAQs, and compensation if applicable. Offer support like free credit monitoring or identity theft protection.
  • Privacy Considerations: Ensure that communication respects privacy and does not disclose further sensitive information.
Balancing Act:

  • Transparency: Be open about the nature and extent of the breach or glitch without causing unnecessary panic. Provide facts and avoid speculation.
  • Sensitivity: Show empathy and understanding towards affected individuals and their concerns.
How can companies balance transparency with sensitivity to affected parties during a data breach or technical crisis?

Best Practices in Crisis Communication

  1. Proactive Monitoring: Utilize tools to monitor for potential issues and respond before they escalate.
  2. Unified Messaging: Ensure all communications are consistent and come from authorized spokespersons.
  3. Stakeholder Engagement: Keep all stakeholders informed and engaged throughout the crisis. This includes employees, customers, partners, and regulators.
  4. Crisis Team: Have a dedicated crisis management team with clear roles and responsibilities. This team should be trained to handle various crisis scenarios.
  5. Post-Incident Review: Conduct a comprehensive review and update the crisis management plan regularly. Learn from each incident to improve future responses.
Balancing transparency with sensitivity during a data breach or technical crisis is crucial for maintaining trust and credibility, says Priya Sharma. “Timely disclosure is essential; affected parties should be informed as soon as possible with clear and concise information about the incident and its impact. Demonstrating empathy towards those affected and offering support and resources helps manage the situation effectively. Ensuring all communication is accurate and factual avoids speculation and misinformation. Regular updates on the progress of resolution efforts maintain transparency. Respecting the privacy of affected individuals is also important, avoiding unnecessary disclosure of personal information. By following these strategies, companies can effectively address concerns while maintaining a positive relationship with their stakeholders,” Sharma adds.

Priya Sharma feels that social media plays a vital role in crisis communication, offering both challenges and opportunities. Companies can leverage social media effectively by providing real-time updates, keeping stakeholders informed and engaged.

“Engaging with the audience by responding to queries and concerns promptly demonstrates responsiveness and care. Monitoring social media sentiment helps gauge public reaction and adjust communication strategies accordingly. Consistency in messaging across all social media channels is crucial to avoid confusion and maintain credibility. Honesty and transparency in social media communications, addressing issues directly, and acknowledging mistakes when necessary are also critical. By implementing these strategies, companies can effectively manage crises in the digital age, maintaining trust and minimizing reputational damage,” she concludes.