BA, Amex and a lesson in crisis comms

Listening to LBC last Saturday, I heard host Maajid Nawaz discussing the week’s biggest tech story: BA’s data breach. But unlike other outlets, which focused on the scale of the crisis and BA’s reaction, Nawaz honed in on the response by his credit card provider, BA’s partner, Amex.

He noted how Amex had proactively contacted him to let him know its team was monitoring his card for fraud and would notify him right away if there were any issues, that he didn’t need to do anything and would never be charged for fraudulent transactions, therefore putting his mind at rest. So impressive was the company’s response, that Nawaz publicised it to his listeners across the capital, promoting the brand and its customer service capabilities.

In contrast, BA’s response to the breach has been held up as an example of how not to respond to a crisis.  An article in The Conversation, which has been widely syndicated, noted that while “there have been some poor responses to cyber-attacks on major companies in the past, the airline’s actions in this case could be one of the weakest in recent history.” One incident, two brands, and two very different outcomes.

As this example demonstrates, how a business tackles a crisis can, and does, get widespread media attention; if it responds well, it has the opportunity to garner favour with the public, and turn the situation around. If it responds badly, its handling of the situation can become a crisis in itself. In today’s digital age, where stories can be broadcast to thousands in the blink of an eye, crisis comms has never been more important.

It’s for this reason that having a crisis comms plan in place is crucial. This way, if the worst happens, your company is better placed to rapidly respond and mitigate potential fallout. As part of the plan, businesses should identify prospective issues, and ensure they know how to mobilise key people to manage the situation. Companies should also ensure they practice crisis situations to help test responses – this should include ‘war games’ style exercises, where those involved in managing a crisis respond to a breaking situation. Such exercises can be run by a third party, who can evaluate the response and share feedback in a safe environment, equipping teams with the skills they need to manage a real-life situation. As part of this, organisations should also conduct ‘stakeholder mapping’- working out who would be impacted by the crisis, and how best to engage with each audience. In the instance of BA, this was clearly something Amex got right, showing great understanding of its customers and their needs.

While every crisis situation is different, the importance of preparing should not be underestimated. Although businesses don’t have a crystal ball, identifying which crises could hit and mapping out a response, is critical. Data breaches have become increasingly commonplace and sadly are almost accepted as an inevitability, making it surprising that BA wasn’t better prepared to handle the fallout. There is a lot that companies can learn from the airline’s and Amex’s respective responses to the breach, and the incident should serve as a key reminder of the power of proper crisis handling.

To find out how Babel can help your business with crisis comms, please get in touch.