When Worlds Collide: IT Experts vs PR Professionals
Data breaches and cyber-attacks are two of the biggest reputational risks facing organisations today. This was emphasised by The Chancellor’s announcement last week that the Government is investing £1.9billion in cyber defences. Responding to these incidents means IT and Communications teams must work together closely to ensure the operational response to a cyber threat is supported by a strong communications strategy. How successfully the technical specialists and PRs work together can determine whether a business suffers long term reputational damage or quickly recovers from short-term criticism.
An effective relationship between these two groups must acknowledge that they have different areas of expertise and varied interests. They probably operate within different cultural environments and aren’t familiar with each other’s terminology. So how can they overcome these challenges to ensure that businesses are protected against reputational risks related to cyber security?
In my experience, a successful partnership between IT experts and PR professionals depends on three key factors:
- Collaboration ahead of the crisis
- Understanding each other’s priorities
- Transparency in the heat of the moment
Collaboration ahead of the crisis
Planning ahead of the incident is essential for success. Organisations should prepare for cyber-risks by assessing their technical vulnerabilities and creating crisis communications plans which establish processes, assign responsibilities and develop messaging.
This means the PR and IT teams should be working together long before any incident. Ideally they will partner to run a crisis simulation which gives senior executives the opportunity to test plans in a realistic scenario. The two teams should then work together to evaluate the business’ performance during the simulation and key learnings should be used to refine plans.
Understanding each other’s priorities
When responding to an information security incident, the key priority for the communications team is speed. PR experts are often in a race to break the story themselves or are rushing to inform internal stakeholders before they read about it in the press. This is because being the first actor to communicate the issue allows us to control the narrative.
The emphasis on speed means that the PR team requires technical experts to quickly provide an assessment of the situation and answer basic questions like: what type of data is affected, how did this happen and what are we doing to resolve the situation? Speed will become even more crucial over the next couple of years as the European General Data Protection Regulation comes into effect in 2018 and will force organisations to report a data breach within 72 hours.
However, IT response teams often have different priorities. Their immediate concern is making sure the systems are now secure by taking urgent action to repair the vulnerability, for example removing malware. Once this is complete, they begin a forensic investigation - which can take weeks - to confirm exactly what data was accessed and how it happened.
This means PR and IT teams must find a compromise so the business can promptly make a public statement which gives an indication of the scope of the incident, without speculating or giving information which may be contradicted later. If the two teams work together closely and appreciate the different pressures they are under, they can meet this challenge by wording statements carefully based on the limited information available. For example, explaining that there is currently no evidence to suggest that a certain type of data is affected, without completely ruling out the possibility.
Transparency in the heat of the moment
From a reputational perspective, the most important thing the technical experts can do is alert the communications team to the incident as early as possible. As soon as they know about the incident, the PR team can begin to develop a robust strategy to defend the organisation’s position.
This means we need to challenge the misconception that involving the PR team automatically escalates an issue to the status of a crisis. It’s also important that the IT team understands that they can be completely honest with their PR colleagues and that they must trust them to handle the matter sensitively and confidentially. Of course this trust is more likely to exist if the two teams have already worked together ahead of the crisis.
It’s not all bad news
Although data breaches and cyber-attacks pose huge reputational risks for organisations, they also provide an opportunity. They encourage IT and PR professionals to form strong working relationships which respect each other’s expertise and acknowledge differing priorities.
In today’s world the public understands that organisations are constantly under attack by ever more sophisticated actors. Consequently businesses are increasingly judged not simply for the fact they have been breached but, more importantly, for the way they respond to the incident.
This means that when IT and communications professionals work together to provide a robust response, the organisation has the opportunity to win the trust and respect of their audiences.
By Jennifer Giff, Consultant, Issues + Crisis Management