In this episode of CHATTINN CYBER, Marc Schein interviews Jamie Singer, Managing Director FTI Consulting formerly, Executive Vice President at Resolute Strategic Services and Resolute Public Affairs. She is an experienced strategic communications advisor with deep expertise in crisis communications, and has counseled Fortune 500 companies through some of the biggest reputational crises of the past decade. During the conversation, Jamie and Marc explore the need, process, and tips for effective crisis communication in organizations.
Crisis communicators are partners to legal and breach counsel. The latter engages them in a tri-party agreement to protect privilege, helping them act as an interplay and an ongoing dialogue for risk mitigation.
When must an organization have a crisis or strategic communication with an expert? Jamie Singer explains that strategic communications need to start early when an organization engages with its forensics firm and insurance carrier. This is partly due to the increasing number of ransomware cases organizations face today (both internally and externally), rendering their systems inoperable for operations.
However, communicating a data privacy breach or incident with the clients or media should happen only after careful thought and investigation. Because the cyber world is fluid – information and facts change quickly. It’s possible that in the time you communicated an incident, the positions have changed and the risks mitigated; but by then, the organizational trust would have gotten in jeopardy. Organizations must be careful about the cadence and timing of reporting such incidents.
It’s all easy until the media comes into the picture. With the internet always up-to-date with the recent advancements in any space, cybersecurity traders and bloggers are also the first to break any reports of security breaches in organizations. The nature of the news, however, is often ‘report and move onto the next’, a fact that organizations can leverage. Jamie Singer explains that companies can use media to get their key messages to the key stakeholders through written statements (and not LIVE interviews as they might backfire).
What can organizations do to mitigate cyber risks and reduce cyber incidents? Work on the communications aspect – consider your communications protocol, review and improve messaging. It includes finding a way to communicate even when corporate emails are unavailable.
For more, tune in to today’s episode!
“A common pitfall we see is companies saying too much and too quickly – Crisis Management 101 – you should communicate the minute something went wrong as transparently as possible. The problem with cyber is, investigations are quite fluid, information and facts change frequently. And so the early bird doesn’t always catch the worm in these situations, if you communicate too quickly, before your systems are remediated, or before you have all the facts that can actually erode trust.”
“There’s often a lot of focus on what we say to customers and media and external stakeholders, but we continue to see the employee audience being forgotten, and they shouldn’t, because they wear two hats there, they could be impacted by the incident and they interface with customers. So they need to know what’s going on.”
“We approach media typically as a transaction, how can we use media to make sure we are continuing to reiterate our key messages to our key stakeholders, and often that can be accomplished through written statements.”
[01:55] – When must an organization have crisis communication?
[03:21] – Why you must think before communicating with the rest of the world about a potential (or observed) data security breach
[06:19] – Managing the media in the event of a cybersecurity threat
[08:02] – What can companies do to be better prepared in the event of a cyber incident?
Connect with Jamie: