A blink of the FBI

“they blew their reputation
for a few measly bucks”

“People in the US must have felt really badly let down by the FBI. It was national scandal. They’re looked on as the very model of modern crime busting and have security and probity at its heart yet they badly let us down that day.”  So says the well-connected reputation expert Gary Monk of the FBI’s rank stupidity in not realising that its own National Infrastructure Protection Center (NIPC) effectively then the bloodhound of cyber-crime, was under attack by a virus and then passed it on to thousands of other users.

The fact that the NIPC managed to dent the FBI’s ability to detect cyber-crime by passing on the Sircam virus was a disaster waiting to happen, according to Monk. “All the FBI had to do was to install effective antivirus software on its computers. It was that easy and they blew their reputation for a few measly bucks.” The difference between a drama and a crisis is down to good management – or more specifically, good communication.

“In the minutes and hours following a potential business crisis, how you communicate with shareholders, other business partners, employees and the media is critical,” adds Monk. “Get it right and the crisis may even strengthen your corporate reputation. Get it wrong and you can imagine the consequences.”

The ultimate test of any organisation’s communications skill is how it deals with a corporate or organisational crisis. And as the FBI mess shows, even the most competent institutions can face humiliation. It’s not difficult to see why. With universal access to information via the internet, attacks on corporate reputations can come from the most unexpected quarters and rapidly escalate. It does not take an aircraft crash or a product recall to create a reputation crisis, one that begins to spiral out of control, seriously threatening a company’s revenue stream or ability to operate and doing extensive damage to a business.

Boo, Who?

“A crisis is a great educator for everyone. No matter how learned and experienced the people regard themselves, and a corporate crisis has a nasty habit of producing the unexpected,” says John Meachan, a former IT adviser to the achingly fashionable online clothing store Boo.com which crashed and burnt in the heady dot com days of the early 1990s owing its creditors a mere $400 million.

“Boo.com badly mishandled the media so everyone in the media gave it a good old kicking when the company found itself in trouble. It didn”t help that our website was very slow loading and had poor usability. That rattled a lot of people but we ignored it. In a very short time we had a legion of disgruntled customers and in a frighteningly short time, the company was facing oblivion.”

If Boo.com existed in the same format today says Meachan its demise could have been stopped by managing communications better and looking for obvious trip-ups such as ignoring the media.

“A crisis is a great
educator for everyone.”

“I learnt the hard way that the art of crisis management is to think forwards and aim to stay ahead of the media, anticipate negative coverage and take steps to mitigate reputation damage. There’s no better learning vehicle than to observe and learn from the actions of others. That’s because it’s much harder to see things objectively when they happen within your own organisation. It pays to be honest about facts that might emerge at some future stage, and to have prepared responses for any anticipated speculation or spin by other stakeholders.”

“In Boo”s case we tackled the apparent trigger of the crisis rather than identifying and addressing the actual cause which was our communications style, rather than the soundness of our product which was good. So the more we argued, the worse the crisis became. Eventually we lost out and imploded,” Meachan concludes

Attacking a Reputation

Now that the the web has reduced from days to minutes the time in which a reputation can be attacked on a global scale, companies must face the fact that the public is deeply cynical about the motives of organisations that wriggle and squirm in an attempt to protect their brand.

“There’s been an increasing drop in corporate and government trust and at the same time an increase in the corrosive effect of cynicism,” says Mike Davies, head of international issues and crisis management at Edelman, the US-based corporate communications consultancy. Davies believes this cynicism makes it harder for companies battling through a product recall or a lost data disaster for example to persuade public, investors and media they are doing the right thing. All the more reason to ensure mechanisms are in place to avert a crisis or, once an event has happened, to minimise the havoc it can wreak on a corporation’s reputation, he maintains.

“Early detection is crucial. Looking at the smallest events – such as customer complaints – as potential risks can ensure a problem does not escalate. into something more serious.”

“The big problems all staff face,
particularly those in IT, is making
 sure that systems are not breaking
 down and servers can cope with a
possible massive surge in traffic”

This includes measures such as training key identified staffs on how to handle difficult queries especially from the media as journalists tend to not go through the proper channels if there”s a crisis brewing. “In the past, reputation risk or reputation as a whole has fallen between corporate communications and risk management,” says Peter Cutlip, a freelance corporate reputation lawyer. The idea is to try and bridge that gap. “The big problems all staff face, particularly those in IT, is making sure that systems are not breaking down and servers can cope with a possible massive surge in traffic. If the simple things fall down idle gossip can start to pollute the brand and that is when reputation starts to fall.”

When the Ratner hits the Fan.

“Aren”t you
making fun
of your customers?”

No amount of early detection, however, can prevent brands being damaged by unforeseen events such as that which happened to Gerald Ratner when he delivered his infamous “crap” speech. It was something that cost him a £650,000 salary, £500m wiped off the value of his company and £1bn in lost sales. That was the monetary cost. There was also seeing the brand his father started in 1949 erased in a few days – and the knowledge that his name would for ever be associated with the word “crap”. Ratner became chief executive of the family business of the same name in 1984 and by 1990 it had annual sales of £1.2 billion and profits of £121 million.

But the following year, the business literally collapsed overnight after he had given a talk to the Institute of Directors saying he could make good profits from “luxury” items such as a sherry decanter and six glasses because the quality was “crap.”

The remark would have passed un-noticed if a journalist from the Daily Mirror, a mass market national newspaper had not asked him: “Aren”t you making fun of your customers?”

When he got into his car the next morning, his driver handed him the newspapers. The Mirror”s front page carried the headline: “You 22-carat gold mugs.” Sales dried up. The shares plunged. At the City”s urging, Mr Ratner appointed a new chairman, who eventually threw him out.

In Ratner”s case, the cost to his company extended far beyond his own job; once lost, a corporate reputation is hard to rebuild. After his spectacular downfall Gerald Ratner spent seven years sitting on his sofa watching daytime TV and going cycling all day, every day, to keep himself sane. But he”s done fine since. He borrowed money, bought a health club for £650,000 and sold it three years later for £3.9 million. He now drives a Bentley Continental GT and is still in demand for after dinner speaking.

“I am in demand to make speeches, but you can take my tips with a pinch of salt,” he says.

The Golden Hours

As Ratner discovered companies cannot afford to wait before putting a crisis plan into action.

“You have to be prepared to communicate before you have all the facts,” says Mike Davies, “because the public and media’s need for information outstrips the available data. That creates an information vacuum and into that flows speculation and alarm.”

Often cited as an example of how a speedy response can avert a reputation crisis is the 1989 Kegworth air disaster in which a British Midland Airways jet crashed near the UK’s East Midlands airport. In a series of TV and radio interviews, Sir Michael Bishop, the airline’s chief executive, immediately addressed the scale of the disaster and answered questions from the public and investors.

To prepare companies for managing “the golden hours” – the crucial first few hours after a crisis has hit – public relations consultancies, run extensive crisis simulations. Participants play everything from members of the public who have been affected by the mock event to journalists asking difficult questions of senior management.

Ian Mitchell, a former communications adviser to several large corporations and now a freelance PR consultant says the real skill in crisis management is maximising the value of every asset at your fingertips, whether people, information or systems. “By crisis I don’t mean emergencies or even major IT failures. I’m referring to events that spiral out of control, that can overwhelm management and threaten the very existence of a company. These require strategic thinking, good logical analysis and imaginative solutions. They demands a broad, objective perspective That’s different from the one inherited from your day job. It also requires very good teamwork.”

“it’s the reality of the modern business which often has outsourcing, complex supply chains and virtual team working. Crisis simulations are essentially opportunities to come to terms with a company’s limitations and realise what skills and objectivity it might lack so we managers can develop the best strategies and solutions if the worst happens – it really could be the difference between sinking and swimming following a real business crisis,” says Mitchell.

Maxx Damage

It’s a message that TJ Maxx could learn from after the US retailer told the media it had information stolen from at least 45.7 million payment cards used by customers last year. The company had data accessed on TJX’s systems in Watford, Hertfordshire, and Massachusetts over a 16-month period from July 2005 and covers transactions made by credit and debit card dating as far back as December 2002.

It was, according to Sandra Quinn from the Association of Payment Clearing Services (Apacs) the largest compromise of security on a scale not seen before. Yet a few days later a group of banks began to claim that a staggering 94 million accounts – almost twice the T J Maxx estimate – had been affected in the theft of personal data. The fact that T J Maxx had put a relatively low number on the number of accounts hackers managed to access generated a new wave of damaging publicity, despite the fact that the company seemed to have successfully drawn a line under the incident without suffering any serious impact on sales.

“The key learning point is that, when in a crisis, avoid leaving room for future, sensational claims or speculation that might undermine your hard work in rebuilding your reputation.” advises Ian Mitchell: “In particular, pay attention to digging holes for yourself: don’t! Reputation has always been recognised as an important asset, but what even CEOs of global brands don’t understand is that if the company’s technology is knocked sideways, and in some cases destroyed, so can the brand be. it’s important that CIOs or CTOs inform the business head or the board of that,” adds Mitchell. Most important, he says, is commitment at board level to protecting a reputation. “If the company you are employed by, or own, or are advising is upfront to all of its internal and external audiences then people will be easier to influence, ” he says.

“The most natural reaction in a crisis is to wait until everything has been sorted out before communicating properly. In fact the opposite tactic is the best option, although the greatest mistake is disseminating information that has only been half thought through,” Mitchell concludes.

Final checklist

• Get ahead of the situation and stay there
• Explore all areas of vulnerability – especially web-sites, internal email and databases
• Put in place damage limitation procedures
• Agree in advance all internal & external communications systems
• Do not declare a crisis unnecessarily
• Always practice worse-case scenarios
• Prepare background information (including key biographies) for instant release.