Your inbox is exploding, your engineering team is running around like their hair is on fire and your marketing team is brewing their eighth cup of coffee today. You might have found yourself in the middle of a crisis.
Good thing you’re prepared for this. You can just pull out your crisis communications plan and follow the processes you’ve already put in place. Planning ahead of time makes these situations, as stressful as they are, go a lot more smoothly.
We’ve put together the most complete resource you can possibly find on how to prepare and execute your crisis plan. If you work with customers, you’ll find everything you need to make sure your next crisis goes much better than the last one.
I’ve always hated paying for travel insurance. Paying for something that you hope you never have to use seems counter-intuitive and wasteful. But actually, I only hated paying for insurance until that one time that I fell down a ski hill and needed to go to the hospital in a foreign country. And then I was incredibly relieved that I had a plan in place and was prepared for the worst. My leg was still broken, but at least I wasn’t left with a huge medical bill on top of it.
Creating a crisis plan for your company is similar to insurance. You hope you never need to use it, and putting it together seems like a hassle you don’t need. Surely there are other things to spend your valuable time on (like trying to prevent the crisis in the first place!)
But the unfortunate truth is that Shit Happens. No matter how thorough your QA is, no matter how careful your marketing team is, how consistent your customer service is — catastrophe can strike at any time. Len Markidan wraps it up succinctly on the Groove blog:
“You never want bad things to happen to your business, but the reality is that nobody is immune to catastrophe.”
A crisis can be anything that causes disruption to a lot of customers, or a serious threat to your company’s well being. It might be technical, or it might be reputation related. For example, common crises include:
The important thing to remember is that you can not prevent every crisis — often it’s out of your hands. Instead of trying to control everything, focus on what you can do: respond in a confident, well-prepared way that keeps your customers' trust, even when things have gone wrong.
If you’re reading this guide, you probably already agree that a crisis plan is important. Perhaps you’ve already had an incident that didn’t go so well and are looking to do better on the next one. Regardless of how well you’ve planned in the past, this guide will make sure you leave no stone unturned the next time something goes wrong. At the end of reading this guide, you’ll be better equipped than ever to communicate with your customers, collaborate internally and weather the storm of any serious crisis.
When things go wrong, really wrong, the most important goal is to contain the damage. Crises tend to cause customers to leave, negative reviews to spread and can severely damage your company’s reputation. If handled properly, a crisis might even win you new fans who are impressed with your response.
A great crisis communication plan accomplishes 5 things:
In this guide, we’ll go over the different points of a crisis (identifying a crisis, acting during the incident and the post-mortem) and what you need to prepare to deal with each stage effectively. We’ll also break down examples of great real-life crisis management situations and one that didn’t go as well as it could have.
You can’t plan when a crisis strikes, so it’s important to always be ready to deal with one. When a crisis is brewing, acting quickly can be your best defense.
There are several ways that you can monitor your environment to identify a crisis. If you work in technology, development teams can use a variety of plug and play monitoring systems to identify spikes in response times, complete outages and increasing error rates, such as:
These tools automatically check your system and alert the right teams when something seems off. This helps your company be the first to know if your system isn’t working properly and start communicating with customers proactively rather than scrambling to keep up.
Besides monitoring your own system performance, there are a few other things to keep an eye on to get a jump on a new crisis. For example:
There’s an old saying in public relations: “control the narrative, control the world.” If you discover a crisis before the customers do, you can be more proactive in shaping the messaging. For PR issues, and security breaches this is critical because getting the right information out early will drastically improve the public response to the issue. For technical issues, being ahead of customers means that your engineering team has more time to resolve the issue without affecting customers.
Being ahead of the game is also more efficient for customer support. If you post publicly that you’re working on an issue, customers will see that you’re working on it and not need to submit a support ticket or start a chat to find out more. Customers are instantly put at ease when they know you’re on top of the issue. When writing into customer support it’s much more comforting for a customer to be told that the company already knows about the issue, and it’s on the way to being fixed. When a customer has to go through the troubleshooting stages about a mystery, it’s not only a big hassle but it also diminishes their faith in your ability to resolve the issue quickly.
Once you’ve identified a potential crisis looming, it’s time to start notifying everyone who needs to know. For each type of crisis, the most urgent person to alert will change. However, the first points of escalation should almost always be the person who will fix the issue and the person who will craft the public messaging.
Technical escalations are simple if you work in a small office and the issue occurs during business hours. You can just yell at the next desk over. It gets more complicated if the team is bigger, the right person doesn’t sit next to you, or if they are asleep. In this case, setting up escalation tools like PagerDuty or OpsGenie will help make sure that the right person is notified. If you don’t want to use these tools, create a copy of a phone tree with cell phone numbers for everyone who should be called, in the order they should be called in.
Depending on your company structure and the type of issue, it will depend on who needs to be involved in communicating the issue externally. Decide who needs to be contacted for each type of issue and include that in your crisis communication plan. Some people that you might want to consider including in your escalation path is the:
Once you’ve got everything rolling along on the fix and the customer communication it’s time to circulate the information more widely. It’s important that everyone in the company understand at least as much as customers do because they might get asked questions about it. For example, salespeople need to know about downtime before they jump on an upcoming live demo. Marketing needs to know about issues so they can pause upcoming email newsletters.
At this point, it might make sense to set up a way for everyone in the company to work together and coordinate (more on that later). LiveAgent and Groove both suggest setting up a Slack channel dedicated to the specific crisis for coordination, but some teams might use an email thread or set up a conference room in the office for everyone to be together.
Crises are often chaotic. Without having clear accountability around who does what, things can easily drop through the cracks — which is the last thing you want. Part of your crisis preparedness plan should definitely include a list of responsibilities that need to be taken care of. When a crisis arises, start by assigning roles out to everyone who is available.
The most important tasks to get covered are:
For those who aren’t directly given a responsibility during the crisis, they might support others in their roles or just carry on with the day to day work. A crisis shouldn’t derail your entire company — customers still need to be responded to.
When everything gets crazy, it can be difficult to stay on task. But managing a crisis requires staying cool under pressure, communicating effectively with both your customers and your teammates. Read on to find out how your team can have the best chance of getting through your crisis efficiently.
“Good crisis response happens long before a disaster; there’s no time for planning after a crisis, only
The way you talk with your customers during a crisis can make a big difference in how your customers perceive your competence at handling issues. Staying quiet, being vague or overpromising instant resolutions will make customers even more upset about the issue.
Rather than keeping customers guessing about the situation and assuming the worst, be specific and clear about what is going on. Instead of saying “we apologize for any inconvenience” say “Users on Pod 32 are seeing slowness when loading the dashboard and our engineering team is investigating.” That way, if customers are seeing something different than the specific issues you’re communicating, they can still get in touch.
For ongoing issues that haven’t yet been resolved, it’s important to keep updating customers at regular intervals, even if nothing has changed. This can make providing helpful updates difficult, so try and focus on anything new you might have learned or what your engineers have eliminated as potential causes. For example:
“We’re still seeing issues with sending messages through the app, but our engineering team has isolated the issue and are rebooting the servers. Stay tuned for more
SorryApp suggests that the frequency of status updates depends on the length of the issue, but could be anywhere from 10 minutes to an hour.
“The regularity of content will likely vary depending on the scale of the event. If you’re likely to be down all day then every 15 minutes is probably a little excessive and tiresome; but if you’re only likely to be down for 30 minutes or an hour, updates every 10 to 15 minutes would
Apologizing when something goes wrong is more effective than refunds or credits:
“The Carey School of Business found that only 37% of upset customers were satisfied when offered something in return for the issue. However, if the business said sorry on top of the credit, satisfaction increased
But saying sorry the right way is important too. It needs to be genuine and offer a resolution forward. Here are a couple examples of good apologies:
“We know you expect us to provide a consistent experience and we didn’t do that this time. We’re sorry for any trouble this caused you today, and we’ve committed to scaling up our servers to better handle this issue going
“We messed up. We’re learning as we go, and this issue wasn’t something that we anticipated and we’re sorry to anyone that this decision impacted. To help us avoid such issues in the future, we’ve brought on a HR consultant to serve on our executive team until we can find a permanent team
As SorryApp explains, it’s important to tell the customer how this update affects them using simple terms. Does this put their security in danger? Do they need to take any action? Will data collection be affected? Provide any workarounds that customers can use while they are waiting for the issue to be resolved. Any information you can give to make the issue less of a hassle for the customers is good to include in your communications.
Just because things are going wrong you shouldn’t completely abandon your company brand and voice. Staying true to who you are will help customers trust your messaging. This is equally true if you’re normally professional or normally more casual. Switching your tone and voice confuses customers. Something that can help keep your message consistent is to use the same communication across multiple channels. Write once, but then share everywhere. It’s effective and it prevents miscommunication.
There are several ways to keep your customers up to date, including emails, social media, status page, live chat, push notifications or a blog post. The best method will depend on how serious the issue is, how many people are affected, the type of customers you have and how long the issue is going on for.
Notifying big segments of your customer base.
Individual issues, non-critical issues, constant updates
When you want to notify a large percentage of your customer base about an issue, email notifications are a simple way to get a lot of information in front of them. Most people will read urgent emails, so you can be sure your message will get read. This notification method doesn’t depend on customers seeking the information from you, it delivers it to them. However, this also means it can be a bit annoying if you’re sending out irrelevant or overly frequent notifications. Someone who doesn’t check their email often might log in to their inbox and see five messages from your team, but never even have known about the issue. Be selective in how frequently you send messages and segment as often as possible — for example, only sending to customers who have logged into the specific product with an issue in the last 3 months.
You can also create an emergency mailing list for specific customers who want more frequent notifications through email. Some status pages will have a subscribe option which works similarly to an email mailing list.
Public updates for ongoing issues, keeping tech-savvy customers up to date.
Customers that may not have social media or urgent issues that customers really need to know about.
Social media is a low-stress way to keep customers up to date with ongoing issues. Because customers need to check your feed to get the update, it’s not as intrusive as other forms of communication. However, it is very public, so keeping the right tone with every update is crucial to avoid making the crisis even bigger. If you say anything that minimizes the issue (like inappropriate humor over a serious situation) or gives consistently unhelpful answers (like “we’re sorry for the inconvenience” every 15 minutes for 6 hours) your customers are going to get publicly upset. Even people who don’t use your product or service might jump on the bandwagon and start pestering you on social media about your bad responses. This is a two way street though — if you provide great, transparent, helpful messages, you might even gain a few new fans who see how you interact with your customers.
But something to keep in mind: if you have an important update to communicate with every customer — such as a security issue — posting on social media isn’t enough. The update might come and go on their feed and not every customer will have a Twitter or Facebook account. In this case, using a push notification or email would be a better option.
Ongoing detailed updates that customers can subscribe to, including automatic status updates from monitoring tools.
Nothing really, status pages are great when used properly!
I can’t think of a single downside to having a status page available to your customers. If you’re posting consistently and providing helpful information, status pages help customers manage the amount of information they get from you. They can subscribe to specific updates through either email or Slack and they know exactly where to check first when they notice something not working correctly.
Status pages are the backbone for modern technological crisis management. Because of this, we’re going to spend a little more time talking about setting one up here. As the CEO of Ramen says: all SaaS companies should have a status page. It’s pretty helpful for pretty much any online company though. It’s low-effort to put one up, and extremely beneficial to your customers when something goes wrong. There are a ton of benefits to having a status page up, including:
Free tools: If budget is a concern for you, you can try and duct tape a status page together on one of these platforms. But beware: you get what you pay for. They don’t have all the features that the premium pages come with, and if you’re hosting them on your own server, they could potentially go down along with the rest of your website. Not ideal. Besides, the amount of time you spend creating the status page with one of these free tools might be more costly than the monthly fee for one of the good products. Your choice!
Premium tools: The tools that come with a price are easy to set up, require minimal development resources and do the job they were designed to do. In fact, a good status page can even make you better at crisis management.
Setting up your first status page is fairly straightforward, although the set-up process can differ depending on the tool you use. Generally, here are the steps to consider as you set up your status page:
On-site updates for your customers, and providing an easy way for customers to communicate and ask additional questions.
Times when you don’t have enough people available to keep answering customers.
To be totally honest, if we have an (extremely rare) outage at Chatra, it often involves issues with our own chat product. However, if live chat is still working, we support customers the same way we would through email. We apologize for the situation, let them know that we’re working on it and answer any additional questions they might have. When everything is back to normal, we send them another message with information on what happened and what we’re doing to prevent it from happening again in the future.
Updating a large number of customers about a critical issue that doesn’t require a lot of information.
Continuous updates, nuanced updates or information every customer doesn’t need to know.
For critical issues that might dramatically impact your customers life or workflow, push notifications make sure they get the information they need to act fast. For example, banking or financial apps can send out push notifications when card payments are failing. The biggest issue with push notifications might be if they are built on top of the same platform that is failing. You might not be able to rely on the notifications going out as expected!
Transferwise does a great job of notifying customers of potential issues with their card through push notifications, like this emergency maintenance notification. It’s clear and helpful.
Bulk updating customers that have reported the issue or asked about ongoing issues.
Specific crises that are unique to each user.
When customers report issues through live chat or email, it’s important to close the loop and keep updating them with any new information. If you tag your customer support tickets, most helpdesks will offer the opportunity to bulk update a selection of tickets. This is an easy way to get back to customers who have already encountered the problem.
Regular updates can be anywhere from every 15 minutes to every few hours, depending on the length of the event and how much new information you have. Don’t forget to share the good news when everything is resolved!
Long form conclusions on critical issues, PR crises or a live-stream of what’s going on..
Niche issues that aren’t applicable to all users.
A blog post is one of the easiest ways to share a lot of information in an easy to share place. Because it’s searchable and linkable, customers can find the information when they need it. You can be as detailed or as brief as you need to be. In 2013, Buffer (a popular social media publishing platform) appeared to be hacked and users were reporting seeing spam messages going out on their accounts. Throughout the incident Buffer published ongoing updates into what they had found out, what their engineers had tried to stop the messages and what users could expect in the future. After the issue was resolved they added their post mortem as well.
But look at the bottom of the post: they have over 500 comments of customers thanking them for the updates, and rooting them on. Considering the service was hacked and down for over a day, it’s a pretty impressive response from customers!
There are several super common ways that teams can make mistakes during a crisis — especially during their first few. There are a lot of things to think about, and things slip through the cracks. Here are a few things to think about, that are likely to go wrong at least once:
If you work in customer support, it’s unlikely that you’ll be directly involved in resolving the issue. However — you can still be helpful in communicating information internally and making sure that the fixers have all the information they need to do their job.
Learn how the fixers (whether it’s technical or marketing related) want to receive new information. Are they looking for more examples of customers affected? What additional information would help with the investigation? Pass on information in a way that’s helpful to the team who needs it. That might mean structuring feedback with specific ticket numbers or only sending an email once an hour. Without structure, new information might get lost or overwhelm the team that is trying to triage the information.
Along the same line, it’s important to avoid side communication between teams. Appoint one person to be the go-between so that rumours and mis-information doesn’t get spread. For example, if one developer is talking to their friend in marketing and saying that everything is looking good and that marketer goes back to the team and says “everything looks good!” — how is that information verified before it goes out to customers? While it can be difficult to limit these “side of the desk” conversations, it’s critical to control the flow of information during a crisis.
Make sure customer support is in the room where the important conversations are happening. That might be physically picking up your computer and moving to the developer’s office, or it might be joining the crisis communication Slack room. Being in the right place will make sure you know the answers to what customers are asking — and you can advocate for what customers need.
Finally, be kind to each other as you’re communicating. As the stress levels rise it can be tempting to become short with other people, speak harshly or cast blame for things that go wrong. But remember, everyone is doing their best and it’s important to assume positive intent. No one wants customers to be frustrated or for the company to suffer.
At the end of the day, you’re a team. You’ll get through this a lot more effectively if you’re all on the same side.
Stress is a normal part of crises. It might feel like everything is falling apart, that there is too much to do and nothing is going well. Stress can help you focus and act quickly — but too much stress can make it difficult to think clearly, make rational decisions and perform to your best. In a crisis, it’s important to manage stress. Not only just for you — but for your team as well.
According to Forbes: “40% of adults say they lie awake at night plagued by the stressful events of the day.”
It’s extremely common, and also extremely harmful to our health and our productivity, which is why it’s so essential to manage it when times are tough. Makin it Happen offers 7 ways to deal with stress during a crisis:
If you’re responsible for a team, check in on them throughout the day to make sure they are doing okay. Schedule breaks and bring in food when you can. Make sure everyone is hydrated. These simple things will make sure your team comes out on the other side stronger than ever.
Phew, take a breath. Everything has calmed down, and everything is back to normal. The crisis is over. However, there’s still a list of things to consider before you wrap up this chapter. In particular, it’s time to reflect and see what went wrong, what you did well and learn from this experience. You’ll also need to circle back to customers to close the loop, communicate any final updates and offer compensation if you need to.
After the crisis has been wrapped up and everything has returned to normal, it’s important to look back at what happened and identify learning opportunities so we can do better going forward. This isn’t about pointing fingers or assigning blame, but rather about discovering the issues in our everyday workflows and improving them.The Etsy engineering team has coined this process, Blameless Postmortem. This meeting involves asking the right questions to prevent people from simply accepting blame and pointing to the simplest root cause: I messed up. But rarely is human error the only cause of issues. The point of the post-mortem is to uncover where better checks can be put in place, where confusion arises and how future errors can be prevented.
Debriefing a crisis starts by looking at what happened before things went wrong, and asking deep questions about the failures that led to the issue. Etsy offer a great example in their blog post on postmortems where a poor choice in dashboard set-up led the deploying engineers to read an eight as a zero. Without walking through the exact workflow they used before the crash, the team wouldn’t have identified the issue.
Besides identifying the root cause of the issue, crisis post-modems should also review the response to the crisis. This helps improve future crisis management. The following questions will need to be answered:
Consider every crisis an opportunity to improve your crisis management strategies and processes. You’ll learn something new with each unique incident. And while you hopefully don’t need to face a ton of stressful, urgent problems every day — more practice will make you more skilled at handling them as a team. Just like a well-oiled machine.
Even as you’ve been giving updates to customers throughout the crisis, it’s important to wrap everything up after you’ve done the postmortem. This is where you can share some of the things you’ve learned and what you’re going to do better in the future. Final updates are important to rebuild the trust your customers may have lost in you. This is especially true if the same crisis has happened more than once — what make this time any different? How are you going to ensure this doesn’t happen again?
Some of the things to cover in your final update include:
When you’re deciding how much detail to put into your wrap-up communications, it’s important to consider your audience. While they might want a full explanation of why the issues happened, they likely don’t need all the nitty gritty details of exactly what your devops team did to bring everything back online. However, they might need to know things like security policies you’ve put into place, any changes to the API that they might notice and enough detail to be sure your technical team is in control of the situation.
As SorryApp puts it, in their guide to crisis communication:
“People probably aren’t too fussed as to whether your database server in Asia is playing up, or that the switch in your west European cluster has gone down; they simply want to know you’re on the case and what you’re doing
to fix it.”
After every crisis, the question arises as to whether it’s necessary, or even helpful, to offer compensation to anyone affected. There are a few considerations that go into making this decision:
If you have enterprise customers that have service level agreements built into their requirements, you are legally required to maintain a certain level of uptime. If you don’t, there are likely credits that you’re required to provide. Calculate and communicate these proactively, rather than dragging your feet on them. It will be seen as a sign of good will (and you’ll have to do it anyways). There are tools that will monitor SLAs for specific enterprise customers automatically for you (Pingdom, for example) and it’s worth setting these up as soon as you start signing contracts with uptime requirements.
It’s inevitable that some customers will ask for refunds or discounts — it’s just in their nature. However, if the situation does indicate the need for reimbursement you shouldn’t wait to be asked. Be proactive in your generosity.
Compensation will be better received after the issue is resolved. Offering a discount on future service when the existing issue is still ongoing doesn’t solve the problem and it doesn’t give customers what they want — a solution. If anything they will be more upset that things are still broken and you’re trying to get them to buy again already.
Rather than calculating the “fair” amount of compensation down to the prorated minute, be generous in your credits or discounts. As SorryApp says: “It’s about going above and beyond, doing everything and anything possible to set things right.” You’ve lost the trust of your customers during the crisis — this is the time to make it up to them and show how much their business matters to you.
Get creative when it comes to deciding how you can win back customers. When Equifax went through their security crisis in July 2017, they offered all affected customers a free subscription to a credit protection program. This helped prevent customers from seeing any side-effects of a bad breach, and also showed that Equifax was looking out for them. While Equifax obviously didn’t handle that crisis exactly right (hiding security breaches from your customers is never ideal), their use of creative compensation is a great strategy to remember.
When calculating the cost benefit of compensation, consider this: it’s between five and 25 times more expensive to acquire a new customer than retain an existing one. If you’re stingy and your existing customers walk out the door, that’s an expensive problem to solve. Even if you offer very generous compensation, discounts and recovery incentives to your affected customers, it’s still likely more affordable than trying to replace all of them. When you’re considering if you can afford to compensate customers — it’s more likely that you can’t afford not to.
There’s a phenomenon that can happen when a company manages a very bad crisis very well — they come away with happier customers and more fans than before the crisis. This is called the service recovery paradox.
It’s a paradox because we automatically assume that if something bad happens, especially if it’s our fault, that customers will be upset and leave. But that’s not always the case. When companies do a great job of responding to an issue it actually builds trust that they will do the right thing, no matter what. As we mentioned above, Buffer’s excellent response to their crisis gained them really positive publicity.
Customer Thermometer explains it well:
“Companies with the best customer service understand the paradox: customers are often more loyal after a service failure (so long as the recovery has been swift and good) than customers who have not a service failure
In other words, the silver lining of your crisis is that you can show what your company is really made of.
If handled well, customers will become even more loyal than before the downtime. Hmm… should we try unplugging the server, just to see if we can gain more fans? (Just kidding, we’d never advocate for creating a crisis on purpose, no matter how thoroughly you’ve planned for it!)
If you’re lucky enough not to have a lot of crises to practice with, you can always give your crisis communication plan a run through to make sure everyone knows what to do when something does happen.
The crisis might need to be vague and general — but understanding who needs to be contacted, where that information is found and how customers are notified is key to a fast reaction.
When it comes to providing a good experience for your customers in the worst of times, real life examples are key to learn from. Understanding how real companies respond in the face of a crisis can help illuminate the good and bad approaches to crisis management.
Faced with a crisis more severe than any of us in the tech industry likely have to deal with, Southwest Airlines handled the issue with heart and grace by focusing first on the people involved. On April 17th, 2018 a failed engine sent debris into the fuselage killing a passenger onboard and necessitating an emergency landing. This crisis, although many times more serious than a tech crisis, had all of the common features of one that we might face at work. As Conor Shrine wrote for The Dallas Morning News:
“For every potential crisis, Southwest Airlines has a plan, carefully crafted by a specialized group of employees and regularly drilled by team members to hone the instincts that will kick in at a moment’s notice, even as they hope that moment never
Because of how Southwest handled it, there are many lessons we can take from them.
Even as they were rerouting the plane to an emergency landing, their team was giving updates to families and the public through social media. As facts came in, they continued to notify the public with short statements, linking to a longer, more thorough update on their website. Their tone was factual, but balanced with a human, empathetic voice. They avoided boilerplate phrases like “thoughts and prayers” but still conveyed how heartfelt their grief was.
“We are deeply saddened to confirm that there is one fatality resulting from this accident. The entire Southwest Airlines Family is devastated and extends its deepest, heartfelt sympathy to the Customers, Employees, Family Members, and loved ones affected by this tragic
Southwest immediately jumped into full crisis mode to confirm the safety of the other planes in their fleet. Frequent updates were provided as they performed safety checks. The CEO recorded a video that went through more technical details of the failure, but also expressed compassion for those affected.
Following the event, Southwest Airlines has stayed in contact with everyone affected to check-in on how they are doing. Passengers were provided with $5000 to help cover immediate expenses. A special flight was chartered, with veteran crew members and frequent compassionate updates, to see the shell struck passengers to their destination.
Many experts have noted that Southwest’s culture is what enabled them to respond quickly and effectively to a terrible crisis. It’s not something that can be built when the crisis is occurring — it needs to be developed in the months and years leading up to it.
On November 30th, 2018, Marriott released information regarding one of the largest data breaches in history. Over the last four years, 500 million customers had their data exposed through the Marriott reservation system, including passport numbers, personal identifying information and travel details.
While it’s a difficult situation to deal with, Marriott massively missed the mark for a couple big reasons.
Marriott knew about the attack as early as September, and still waited until the end of November to notify customers about the security issue. This erodes trust that Marriott would do the right thing, if they didn’t believe they had to.
Marriott initially only offered a half hearted apology to customers who may have had personal data exposed. However, after the US government began to look into the breach and suggested further recompense was necessary, Marriott has offered to pay for new passports, but only if customers can prove fraud has occured this is a bad move on several fronts. First of all, the burden is placed on the customer to prove they’ve been inconvenienced. Secondly, it’s the exact opposite of proactive. Instead of getting ahead of the fraud, Marriott wants to wait until customers have actually been targeted for identity theft before helping resolve the issue.
From the very beginning where they didn’t quickly notify customers, all the way through to their SEC filing of the breach stating this wouldn’t affect their financial health in the long term, Marriott has treated the incident as something minor. Not only that, but they’ve treated their customers’ data as something inconsequential. As a customer, it would be hard to trust them with my data in the future.
Most people working in tech will remember GitLab’s epic meltdown of January 2017. Even if you didn’t know what GitLab did before their crisis, you probably did after: they handled a really bad situation so radically transparently they gained a lot of fans in the days after.
On Jan 31st, GitLab, a continuous deployment and versioning tool for developers, was down for 18 hours. Many software companies rely on GitLab for updating their products, and it’s a business critical tool. As described in their very thorough post-mortem blog post: “The outage was caused by an accidental removal of data from our primary database server.” Yep, they accidentally deleted a bunch of their customers’ source code. Yikes.
But right from the very beginning, GitLab involved their customer base in the resolution. As they uncovered what happened, they started documenting their findings in an open Google document that they made public. As they started to fix it, they streamed their devops team’s problem solving process on YouTube. Customers (who were also developers) were encouraged to get involved and help offer solutions to get the issue resolved. In a feature on GitLab’s crisis response, Entrepreneur lists all of the ways GitLab communicated effectively with the public and their customers:
It would have been tempting for any company to stop talking to their customers, try and hide the extent of the issue and just hope everything turned out alright. But GitLab’s culture is one that encouraged transparency, accountability and collaboration. That resonated with their potential customer base and they saw a growth in users because of their steadfast commitment to transparency.
Having a contingency plan in place for when things go wrong is just good business sense. You don’t “wing it” when things are going well, so why would you choose to improvise when the stakes are even higher. A thorough crisis management plan can help turn an angry mob of customers into a loyal crowd of fans who are patient, trusting and willing to stand by you while you fix whatever is wrong.
If you’ve read all the way down to this conclusion, I want to give you a brief TL;DR you can take away with you. These are the most important points to make sure you have covered for your crisis plan.
Identifying a Crisis:
Responding to a Crisis:
Wrapping up a Crisis: