Crisis Comms

HACKED! It's 5.25pm on Friday when the email hits. Subject line: Urgent data breach notification: client data affected.

This is code red. I'm working with a childcare startup that's trying to improve working families' lives. But our supplier's database just got hacked, and the sensitive, personally identifiable information of thousands of children and parents has been stolen. 

Within minutes I'm on a conference call with the CEO, head of engineering, and lawyers. I'm leading the crisis communications response. My first questions are:

1. Is the cyberattack ongoing? --> No. But we have 72hrs to notify everyone affected.

2. Do we know exactly what's been stolen? --> No. It's a big scary list of maybes.

3. Are we in control of the narrative? --> Right now we're the only people who know. But other companies were almost certainly affected, meaning this will be headline news by Monday.

Over the weekend, I work with the legal and engineering teams to establish which customers were affected, and to what extent, based on the scant information available.

Normally I'd activate the crisis response plan, but there isn't one, and I've only been in post for 2 weeks. This is an exercise in staying calm, leading colleagues through a nightmare, and making big decisions with limited information and time.

Monday morning comes and we're ready. I've put in place:

• Three different emails, approved and signed by the CEO, tailored to three distinct audiences (staff, investors, and affected customers)

• A briefing sheet for our customer service team including answers to likely client questions, a route to escalate complaints, and where to direct media enquiries (i.e. to me).  

• A dedicated crisis response line available 24/7, via a specialist agency. (I ghost called them a couple of times before the news went live, to check their team was on point.). 

• Access to free credit monitoring to help affected families reduce fraud risk 

By the end of the week we had:

• Zero negative media coverage

• Reassured all investors & received full support from the board

• Lost less than 1% of our affected clients

• Received emails of support and gratitude from the 99% of retained clients for how we handled the news and supported them in our actions after 

The CEO and COO praised my leadership skills and calm, and successful crisis management. I went on to deliver further improvements for the organisation, helping to secure £10m in Series A investment within 12 months.