Crisis always seems to strike at the most inopportune moments. And for tech companies operating on a multimarket or global scale, there often isn’t time to effectively create bespoke messaging after a crisis has struck. But responding with speed and scale is just one piece of effective crisis communications. What should savvy companies be doing to strategically plan ahead for effective crisis communications? What are the best tactics to align internal and external stakeholders, and formulate responses that can satisfy clients, partners, and the press across multiple time zones? And what steps can be taken when a crisis strikes before a strategic plan has been put into place?
TCV principals Katja Gagen and Kunal Mehta recently brought together a team of PR and crisis experts from the TCV portfolio and beyond to discuss the best practices they use when managing a crisis. Whether the incident is a cybersecurity breach or an internal messaging catastrophe, the roundtable of comms pros from Payoneer, Spotify, TCV, and Trulioo shared their specific strategies for navigating crises before, during, and after catastrophe strikes.
Managing a Cybersecurity Incident Before Crisis Hits
As one of the leading providers of instant digital identity verification across the globe, the PR team at Trulioo has found it best to have a plan in place before a cyber crisis strikes. As the company’s PR specialist Alison Gallagher explains, “When it comes to a cybersecurity incident, it’s not really a matter of if, but when.”
To ready itself for an information security crisis that might come down the pike, the Trulioo communications team works in lockstep with other departments to create a robust incident response team that regularly assesses and reassess its plans of action before they’re needed. Below are some of the key takeaways that Lucy Screnci, a senior PR and communications manager at Trulioo, and Alison have put together for managing cybersecurity incidents.
- Create an incident response team that’s larger than just your PR team. By including experts from divisions such as information security (to assess threats and regulations on a market by market basis), IT (to advise on implementing solutions), and legal (to advise on the legal and compliance implications of potential solutions), your organization won’t lose precious time in a crisis scrambling to assemble the right stakeholders.
- Reassess and update your plans regularly. The strategic plan that your incident response team creates shouldn’t be static. Because regulations and compliance directives can change, and may vary market by market, having annual check-ins with stakeholders from the incident response team is crucial to make sure your plan is capable of meeting the moment rather than needing revamping while under attack.
- The key components of a strategic cybersecurity response plan are notification, information gathering, triage, assembly, and post-incident debriefs. When a crisis first strikes, the lead incident response team member should immediately alert the rest of the team. That allows the full team to go into information gathering mode, in order to assess the scope of the crisis and gain a full understanding into what steps need to be solved for. Once that process is complete, the response team can jointly triage the severity of the crisis – Trulioo uses a level one through three model – to determine the appropriate intervention necessary. Once a crisis has been triaged, the incident response team can go back to the strategic plan that was already in place to align around and assemble the key messages that need to be sent to external stakeholders, such as customers, partners, and the press. Once the bulk of the crisis has passed, a post-incident debrief allows the full team to ensure that all loose ends have been tied up, and to reassess what areas of improvement can be updated for future plans.
- Be direct and honest, whether speaking to customers, partners, or the press. “It’s really necessary to be direct and don’t try to avoid speaking on an incident,” says Lucy. “Getting caught not disclosing an incident can come with some grave repercussions in the form of lawsuits or fines, so it’s always best to be open and honest.”
- Navigating a Crisis When You’re in the Eye of the Storm. Payoneer is a leading global fintech company that provides cross-border payments and working capital to businesses of all sizes in nearly every country in the world. When the news came to light of a major financial fraud committed by one of Payoneer’s providers in 2020, which in turn caused major disruption to its customers, the Payoneer team began communicating frequently and through multiple channels to explain the situation and the steps being taken to remedy it. After three days during which Payoneer sent out several communications directly to customers as well as through social media, full service was resumed and shortly afterwards, Payoneer replaced this provider and upgraded this aspect of the service. Irina Marciano, director of corporate communications at Payoneer, says the team learned first-hand that it pays off to have crisis communications plans in place before crisis strikes.
- Multiple points of contact in a crisis are critical for global organizations. At Payoneer, the executive team is distributed across Asia, EMEA, and America. Between time zones and varied work weeks, it is important to ensure that there is always a specific subject matter expert available in the time frame needed to craft and approve a response. By having multiple points of expertise and contact, incident response teams can ensure that there’s always someone able to weigh in on a time sensitive statement, and a team ready to deliver the message immediately.
- Communicate effectively, and quickly. Because Payoneer is both a regulated and publicly traded company, the company always acts with care in how it communicates. The incident in 2020 drew attention to the importance of timely communication for global companies with users who are online in multiple time zones. According to Irina, “You need to say something. Make sure it’s thought out and reviewed by legal, but say something so that your customers know that you are taking this seriously and you’re doing whatever you can to resolve it. If you don’t say anything, you can be sure that rumors will fill the vacuum.”
- Create your crisis comms playbook before crisis strikes. Payoneer built out a crisis comms playbook, especially as the company more than quadrupled in size in just a few years. While many of the processes for a crisis were inherently known, by building out a formal protocol and sample messaging, the company was able to ensure that a response was ready to roll out far quicker for future crises.
Working with Global PR Teams and Global Press to Align on Messaging
When Spotify expanded its podcasting operations beyond the U.S. into more than 17 additional markets across the globe, it found it had to quickly bring both its global comms team and each of their PR agencies up to speed on the company’s corporate messaging. Because many of those teams had previously focused on music streaming, there was an influx of information to impart while also adapting it to the nuances of each market. Beejoli Shah, a former manager of global podcast communications at Spotify, walks us through ways the Spotify PR team aligned its large and disparate group of PR pros around company messaging. We also learn from Sarum PR on working with journalists in markets around the globe, to stay focused on the message while also adapting to the cultural norms and nuances of regional press corps.
- Create a master messaging library with approved external statements. Because crises can strike in any time zone, Spotify assembled a master messaging library of statements that it had previously used when speaking with the press. The document was updated regularly by PR leads across various business units, so that PR leads in the markets and their respective agency partners always had a set of topline messaging at hand, as well as an accurate register of statements that had been provided to press in the past. Even though PR teams were dealing with reporters in their own markets, having a global library ensured that no matter who was responding to a journalist, the company’s message was uniform across markets and across incidents. Beejoli says that the benefits of the master messaging document were two-fold. Not only did it allow for global teams to make sure they had topline messaging at hand, but it also helped PR team members across time zones and agencies know what had been said previously. “There’s always going to be one reporter who says, ‘Well, you said this last time,’ and having a library helps protect you for those moments.”
- Update global teams and agency partners regularly on company goals and topline messaging. Once a year, Spotify would host a summit for its agency partners across the globe. Because podcasting was a newer initiative, the podcast PR team held a separate summit annually where the different business units involved in podcasting were able to elucidate key priorities, topline messaging, and share proactive and reactive comms plans that had worked in the past. Doing so helped create a shared language across markets for Spotify’s podcasting efforts, and established a knowledge base of PR strategies on a global scale. By including links to relevant documents, including previous comms plans, and the master messaging library, Spotify’s agencies across the globe were able to stay aligned on messaging no matter the topic.
- Use your local agencies to respond to crises. While having a unified messaging strategy is critical, journalists will often reach out to anyone they can get a hold of, especially across markets. As Carina Birt from Sarum PR explains, in certain markets reporters can even be particular about wanting to speak to a representative in-market. “We’ve seen that European reporters tend to be more particular about speaking from a European context, and it’s not very effective to have them speak to someone from the US.” To plan for these nuances, having regional spokespeople ready to be deployed in a crisis can be key to maintaining unified messaging across markets.