Shirbit's crisis is a reminder for organizations of the importance of transparency and honesty
"The rules of the game have changed dramatically over the past decade. This is a lesson learned by companies that tried to hide information, faults and unfit products," writes Meital Levi Tal
The unprecedented cyberattack on Shirbit, an Israeli insurance company made headlines across all local media outlets. Usually news about cyberattacks are buried in the technology sections, unless it involves substantial financial damage or involves an attack between enemy nations, but this hack made it to morning shows and prime time programming, which means that someone must have been doing a good job.
This time the winning prize was awarded to the hackers. As the crisis began, they created a Telegram group, which was open to the public, where they kept embarrassing the company. There was no need to search for sources, filter through documents, or search the Darknet – everything was out in the open for everyone to see. It seems the hackers had learned a thing or two about how to manage their campaign in public.
The rules of the game have changed dramatically over the past decade. This is a lesson learned by companies that tried to hide information, faults and unfit products (such as, the cyberattack on Leumi Bank six years ago, Telma's contaminated cornflakes, and more). Shirbit's crisis is not over yet, and they still have a difficult task ahead of them in restoring their image among their clients. But what have we learned from this?
- Transparency with consumers – It is true that companies usually do not admit to such attacks. Most will likely deny it completely. But a company that deals directly with consumers is not the same as a B2B company that provides services to other businesses. In the old days, before Facebook, WhatsApp, and Telegram, it was possible to conceal information. Scandals in big companies were buried under "huge intermediary filters" that created a gap between the company and the public. This is not the case anymore. Companies need to take responsibility for their scandals, they must communicate with their public on an "eye to eye" level. They must explain the situation and deal with them personally – even if this requires large investments. Never wait for the customers to find out that they are involved in a crisis from the media or from their friends. Take the initiative and let them know yourself.
- Create a real dialog with the media – Do not hide, lie, or dismiss information. A crisis such as a cyberattack, can happen to anyone. With enough motivation and will, any company can find itself under such an attack. Recruit the journalists by giving them information and by collaborating with them. You will likely find a sympathetic ear – but for this to happen you should not issue statements that throw the responsibility onto someone else and tries to belittle the event. Create a concrete and honest dialog with the journalists based on reliable information. This is the first step to minimize the damage.
- Multi-channel crisis management – Deal with the crisis through all your digital assets, not just through the journalists. Most companies have their own Facebook page. These pages are usually dormant and marketing managers around the world invest much thought on how to make them more engaging to clients. When a crisis begins you can be sure that the consumers that are hurt by it, will visit this page, and not only them. Use these pages to create an active dialog with your clients. Yes, it could be unpleasant because the hand is light on the keyboard, but so what. Answer the users' questions, create an informative FAQ page that can let anyone who visits the page understand where the company stands in handling the crisis.
- Select a single spokesperson from within the organization and put him/her at the front - Many of the companies that have found themselves in a crisis send a spokesperson to the media. I think this is a mistake. Affected consumers expect to see a senior executive from within the company who will answer questions. The rule is simple. If you are hiding – this is a sign that you have something to hide. In such cases, a company director should present himself/herself to the media with a clear and reassuring message to consumers: We take responsibility and are dealing with it day and night so that you, the consumer, will not be harmed. It is not certain that customers will not leave, but the management's courage to stand up in front of their customers will provide more reassurance and confidence.
In conclusion, an attack of the kind directed at Shirbit is a vicious attack. It is very difficult to defeat such an attack in the public consciousness when on the other side there is a "ghost", an anonymous entity, who has deliberately become an agent of chaos whose purpose is to deeply harm the company through its customers. But precisely in such a deep crisis, one must remember that the best lie is the truth.
Meital Levi Tal is a PR and Employer Branding expert for the tech industry and co-founder at PR firm Extra Mind