The Institute for Crisis Management (ICM) has issued its annual crisis report and not surprisingly 2017 was another record year for crises in the news.
Overall, the ICM tracked 801,620 crisis news stories last year, an increase of 25 percent from 2016. It noted a portion of the increase was due to the fact they continually add new sources, which impacts its year-over-year comparisons.
According to the report, the most crisis-prone industries in 2017 were:
Among the most well-known organizations and brands that experienced crisis situations and damaged reputations last year were Fox News, Uber, Papa John’s, Volkswagen (again), Samsung, Wells Fargo, Equifax, Verizon, Google, NBC News and United Airlines.
According to the report, nearly 29 percent of all crises were the sudden type with the remaining 71 percent considered “smoldering;” a situation that starts out small, thus providing an organization with an opportunity to fix it before it gets out of control and becomes public.
The top three categories for crises stories tracked last year were:
One area of particular interest last year was cybersecurity, representing 4.47 percent of the crisis stories tracked. According to the report, there was a record number of breaches (nearly 1,600) in 2017 impacting 179 million records in the U.S. alone.
Among the organizations experiencing the largest breaches in 2017 were Equifax (which reportedly led to the theft of Social Security numbers, birth dates, and other data on almost half of the U.S. population), Verizon and FedEx (which is said to have cost the company $300 million).
We recently hosted a breakfast seminar titled, “Communicating in a Cybersecurity Crisis” featuring Jennifer Beckage, CIPP/US, a partner with the law firm Phillips Lytle LLP whose practice is focused on the nexus of cybersecurity, data breach litigation, risk management, regulatory law, and law enforcement; and our own Matt Davison, senior vice president and managing partner of Martin Davison Public Relations (MDPR).
Based on her background as a former technology business owner and extensive experience providing legal and incident response counsel to organizations that have been subject to ransomware, malware attacks, employee errors, disloyal employees, and other data security issues, Jennifer provided guidelines and suggestions for navigating the “tricky waters” associated with cybersecurity.
She cautioned that cybersecurity is an ongoing process and a team effort, as the landscape is constantly changing, as are an organization’s obligations and potential responses.
Jennifer and Matt also shared some best practices and examples for communicating a breach, including a checklist of the proactive steps an organization can take to be prepared for such a situation, including:
o Identify the crisis team
o Develop a communications chain of command for multiple scenarios
o Meet with elected officials, regulators and policy makers
o Determine your lobbying, forensic and legal firm before a crisis
o Conduct a mock crisis situation or table top exercise
o Keep the crisis team lean and empower a decision-maker
Matt also provided attendees with a handout prepared by MIT Technology Review Insights titled, “Crisis Communication After an Attack” that outlined additional steps organizations should take to activate their plan and communicate with key stakeholders in the event of a breach.
The PR team at MDPR has extensive experience in crisis communications and issues management, having provided our clients with confidential planning and counsel associated with a variety of situations.
If your organization needs assistance with reputation or issues management and crisis communications planning or media training, please contact me at firstname.lastname@example.org or 716.242.7476.