Archive for the ‘Crisis and Risk’ Category

How leadership and communication can help navigate a crisis

Posted on: March 15th, 2023 by Morgan Arnold

Last week, in an effort to retain its famous impartiality, it was the BBC that came under fire. Responding to a tweet from pundit Gary Lineker, criticising the Government’s new asylum policy, the BBC was swift in doling out a suspension that led to sports programming chaos, and the biggest crisis the broadcaster has experienced under the current Director General.

With the crisis playing out so publicly for all to see, it can be all too easy to focus on external communications – what the media is reporting, what the public is saying. However, a crucial element that shouldn’t be overlooked is an organisation’s internal communications.

The importance of internal comms

After all, it was not just the viewers that were left in the dark when programmes were disrupted this weekend, it was also the BBC’s staff. As more presenters dropped out in solidarity with Lineker, staff looked towards management for clarity. With rumours swirling and chaos mounting, it was imperative that the BBC reassured their employees on the plan to mitigate the situation.

However, it has been reported that it was a full day before staff heard from the plans, and that they were provided limited, and vague, information on what would be happening to the programming schedule.

In any organisation facing a crisis, the importance of empathy, as shown through internal communication and leadership cannot be understated. With a clear lack of it present this weekend, BBC staff were left to their own devices according to reports, unsure what they should be doing, or whether they should even be turning up for work.

Consistent and regular internal communication can help build confidence and reassure employees during a crisis. A lack of information can be unnerving for employees, particularly when social media is rife with speculation. While ensuring accuracy is key, staff also need to know what actions are being taken, and be reassured that their leadership team is resolving the crisis as quickly as possible. As we saw , confusion breeds confusion and only fuels your crisis, leading to further headlines.

Preparing for a crisis

While the BBC could not have anticipated the magnitude of the crisis it faced, there were ways that its impact could have been lessened. One of the most important elements of crisis communications is preparedness; by the time a crisis is in full force, it can be too late. Preparing an organisation in advance of a crisis can help ensure that messaging remains consistent and aligned, staff remain updated and decisions are made quickly and effectively. As crises escalate, comms must keep pace, and a robust preparedness programme ensures that an organisation’s response is adequately stress-tested and delivered with disarming confidence.

Not only should there be a clear crisis communications plan in place, there should also be a leader to see it through. This leader is in charge of mobilising their pre-determined crisis team, ensuring a consistent flow of information and taking decisive action. As such, leadership plays a crucial role in mitigating the effects of a crisis. Effective leadership can help an organisation navigate through the crisis, maintain its reputation, and emerge stronger.

What happens when one cultural institution goes against another? The answer: a crisis that dominates headlines and conversations, both online and offline. Taking place over just a few days, now, the damage is done, and the BBC has been left scrambling. Although it is never ideal to have a crisis play out so publicly, in this instance it was inevitable, and someone had to yield.

Bowing to the immense pressure caused by Lineker and social media, the BBC has apologised and vowed to undertake a review of its social media guidelines. Citing the many grey areas of its three-year-old policy, it is now up to the BBC to reconsider its approach and learn from the frenzy caused. This is, however, just the beginning, as the review will now be under huge scrutiny and may yet lead to a further extension of the crisis they face. Indeed, the BBC will have to look deeper, as its guiding principles and values are tested.

Heightened Threat of Cyber-Attacks

Posted on: January 17th, 2023 by Morgan Arnold

What is the risk?

We have seen a significant increase in sophisticated cyber-attacks from the last quarter of 2022. These include attacks this week on Royal Mail and the Guardian that prompted the Financial Times front page headline: “Attacks on Royal Mail and Guardian stoke fears over surge in cyber crime”.

For the Royal Mail this resulted in a large-scale system closure. At the Guardian, sensitive and confidential details, including financial and personal data of employees and customers have been taken. This data can be used to facilitate fraud or sold on the dark web. We have also seen a resurgence in ransomware attacks that significantly impact company operations.

Our Crisis & Risk team have worked in recent weeks on cyber-attacks that potentially mirror the assault on the Guardian where it is believed an employee password authentication process was replicated and breached in a phishing attack. These attacks target employees, who allow the criminals access to company systems by accepting requests for access and authentication that are sophisticated and seem authentic. Another recent attack led to a company’s confidential data being removed from their servers, including commercially sensitive details on clients and suppliers. This was then ransomed back to the company and the criminals provided notice of the breach to selected stakeholders.

Why is this a reputational risk?

Data breaches, where customer or stakeholder data has been compromised, have attracted low and diminishing levels of media interest in recent years. However, in recent weeks the impact, such as the damage to overseas mail, and scale of attacks, including the increased number and amount of data lost, has generated significant media interest and prolonged scrutiny from journalists.

Reputational risks originate from:

  • Leaks: Reporting around the attacks has included disgruntled employee commentary and leaks of internally communicated actions or impacts
  • Employees: Cyber-risk is now a duty of care issue as attackers also seek to acquire personal and financial information about employees
  • Customers and data subjects: Trust in your business can be damaged by concerns of fraud and poor security
  • Operations: Disruption or closure of operations impacts customers lives or client and supplier businesses
  • Systems: Scrutiny of the systems you have in place or lack of it.
  • Confidential data: Commercially sensitive information or inappropriate internal messaging and actions become exposed.

Media interest has also focused on claims the increase in attacks is linked to geo-political issues and state actors including Russia and China. Whatever the reality of those claims, businesses risk significant damage to operations, stakeholder trust and wider reputation in the event of a significant and sophisticated attack.

What should you be doing now?

In light of the increased reputational threat, we would urge organisations to:

  • Review crisis protocols and your cyber crisis response team to ensure you have the right people in place and fully trained.
  • Ensure your IT team are reporting potential attacks to legal, communications and HR teams.
  • Draft or review and update your cyber response playbooks, including draft communications to every stakeholder, not just a media holding statement.
  • Identify and understand how customers will contact you, and how that contact will be managed, to avoid further criticism from stakeholders in a breach.
  • Ensure all materials are accessible should you lose access to your server. Alternatives to regular email communication should also be secured.

Critically you must remind staff of the rising threat of phishing and other attacks.

Contact Us

Should you wish to learn more about this risk or would like support, please contact [email protected] or call Barnaby Fry, Head of Crisis & Risk on 020 3128 8761