Not just at Xmas

Black Friday may be a bonanza for retailers in revenue terms but it also represents a key risk day for them and their customers, in the guise of the heightened threat of a cyber-attack, according to the consultancy ThreatMetrix. It has warned that online criminals will be super-active over the festive period, starting from today and is predicting hacks will double this year compared to the data-breach levels it measured last year.

Of course, data-breach causes crisis for a company whatever the time of the year. The IT and reputational challenges are considerable. But now in the wake of Ashley Madison and Talk-Talk, victim companies are likely to be more in the spotlight than ever as the media look for further examples of data-hacking and to assess how the company concerned is handling their crisis.

There are various PR lessons to be learned from recent high-profile cyber-events which we summarise here:

  1. Dont speculate on the perpetrator:  it’s fine to say the police or NCA are investigating so it would be inappropriate to comment.
  2. Don’t overplay the victim card: customers will have little sympathy that IT systems weren’t robust enough to keep hackers out.
  3. Do be clear, honest and transparent on the data accessed and the implications – identity only, bank details, photos or whatever. Trying to hide the true extent will only come back to bite you. However it may be possible to take some heat out of the problem, if you can relativise it or talk of active customers or whatever.
  4. Do give logical advice and assistance about password changes required.
  5. Do try to communicate with customers directly and not just through the media – post FAQs on your website, have extra phonelines manned 24/7, respond rapidly to tweets and social media posts. A customer back-lash on twitter for example can fast become a traditional media story the next day if not swiftly dealt with.
  6. Do judge when the CEO should front-up to media enquiries to show you are taking the issue seriously.
  7. Do apologise to customers: don’t let the lawyers talk you out of that one, regardless of the class action lawsuits in the wings. You can ask for patience and understanding in the eye of the storm as you fix things but sorry is important to say.
  8. Don’t be afraid to be transparent about some of the IT fixes being put in place. It can hopefully be done without opening the company to further risk. However the tech and financial community will judge you wisely if you are investing in the right upgrade.
  9. Do offer customers compensation of some kind after the event: this can go a long way to take any bad taste away for the fact their data has been stolen, even if the threat was notional and not in fact hugely impactful.
  10. Do be prepared to talk about your experience after the event. For customers and stakeholders to know you have learnt from the experience can be hugely reassuring and it helps draw a line in the sand to be able to move on.

Bell Yard has worked on various breach situations both in the background giving objective advice away from the fray, and in the front-line handling media on a client’s behalf. The crisis typically lasts 3-5 days and then the calm comes…until any fine from the ICO resurrects the issue.


26 November 2015

Litigation PR

Litigation PR
Babar Ahmad Babar Ahmad was arrested in London on 5 August 2004 following an extradition request from the US on allegations of terrorism, by dint o...
Litigation PR
U.S. copyrights dispute Bell Yard has assisted members of an iconic British band from the 80s, seeking to take advantage of US statute which allows for the rev...
View more Ligitation PR Case Sudies


Reputation Management
Separating personal from professional Bell Yard’s advice was sought in respect of handling media enquiries into the extra-curricular activities of a member of Chambers, wi...
Reputation Management
Employment dispute Bell Yard advised a UK set on the preparation of appropriate reactive public engagement, drafting internal and potential external commu...
View more Reputation Management Case Sudies


NatWest Three Bell Yard advised three former NatWest executives who faced extradition to the US, in both their Judicial Review of the decision of the...
Chris Tappin Bell Yard assisted Chris Tappin and his family in attracting media interest in the absurdity of his extradition to the US. After his ap...
View more Campaign Case Sudies

Contact us

Bell Yard Communications Limited
21 Fleet Street

Sw: +44 (0) 20 7936 2021

M: Melanie Riley, Director: +44 (0) 7775 591244