Babel talks security and crisis comms at the Churchill War Rooms
Former British Prime Minister Winston Churchill once said:
"Success is not final; failure is not fatal: it is the courage to continue that counts. If you're going through hell, keep going. Never, never, never give up."
Of course, Churchillwas referring to the arduous times of World War Two, one of the 'deadliestconflicts' in our history to date. But almost 75 years on from the end of thewar, Churchill's words still ring true. But today, the battleground has changed- we're now fighting a fierce cyber war, with hackers, nation states and cyberterrorists putting businesses and their customers through so-called 'hell.'
So, it seems fitting that yesterday morning, the Churchill War Rooms - an underground bunker that became the heart of Britain's military operations during World War Two - became the backdrop for a breakfast event Babel held discussing this new cyber battleground and how businesses can effectively navigate it.
Overlookinga crowd packed with comms and marketing professionals within security and ITorganisations, Babel Director Jenny Mowat kicked off proceedings, explainingour motivations behind holding the event. The stark reality is, securitybreaches are a matter of when, and not if, for companies of all size and sectorglobally. In 2018 alone, we witnessed just shy of 1000 data breachestaking up column inch after column inch in media outlets, and consumers wereleft scratching their heads as to why their favourite brands didn't really seemto care about their personal data being stolen by hackers.
This prompted GDPR - legislation that would forceorganisations to think again about how they were securing sensitiveinformation, or else face the legal and financial consequences. Almost a yearon from it becoming law, we're still seeing businesses struggling to becomecompliant, and Brexit may complicate matters for organisations that move databetween the European Economic Area and the UK.
Hackers don't always have the same goals and motivations,but if organisations have valuable data to lose, they can and willtarget them for their own gain. So, if you know your business could be a targetfor cyber-attack, what can you do to limit the damage to your organisation,employees, customers and bottom line? How can you salvage your reputation? Asan outsider looking in as companies are breached, how can you add valuableinsight to the debate when speaking to media?
With those questions in mind, we turned to our esteemedpanellists to provide some food for thought for our audience. The panel, madeup of Sophie Curtis, Technology and Science Editor at The Daily Mirror, DannyPalmer, Senior Reporter at ZDNet, Jack Stubbs, European CybersecurityCorrespondent at Reuters and Dan Raywood, Contributing Editor at Infosecurity,had some interesting insights to share about how to approach their respectivepublications, either with comment on another company's security faux-pas orinformation on your own organisation's breach.
The common themes from all panellists were:
- Don't fob journalists off - be open, proactive and willing to share information (provided it's factual and you're able to share it) if you've been breached or hacked.
- On the flip side, if you're commenting on another company's incident, be opinionated, colourful with your language and available should the journalist want to speak to you further.
- For the likes of ZDNet and Reuters, unless you're the company who has been breached, or you have specific and unique insights into an incident, then don't bother hitting send on that generic comment you're blasting out to everyone. It won't get you coverage.
- Jack Stubbs of Reuters likened unsolicited comments from unknown companies to 'someone you don't know offering you a sandwich on the street.' Would you accept that sandwich?
- For pitching contributed articles to Infosecurity and similar titles, exclusivity is the word of the day. Don't pitch the same topic to five publications, and don't offer a theme that has been exhausted on the website already. Pick a new angle- this will grab the attention of the editors.
- Pack your content with opinion rather than context - the more opinion, the better.
- Know the readership and remit of the publication you're targeting and ensure you have something to add to the narrative before you pick up the phone to media.
After the panel discussion, we then divided attendees upinto three groups, and provided each with a specific task: you've either beenbreached, or you're a company that wants to comment on a company that hassuffered a breach. If you've been breached, how do you tackle the media? Whichstakeholders do you need to speak to and when? What steps do you need to put inplace to remedy the situation and stop it from snowballing? If you'recommenting on someone else's potential demise, what sort of comment would youput together? Would you even comment at all? Who would you target? All of thesequestions and more were explored in a peer level workshop discussion andconcluded with a Q&A of our panellists on a variety of topics, ranging fromHuawei to dream spokespeople.
All in all, the event was a fantastic platform to bringjournalists and companies together to dispel some myths and inform one anotheron concerns, challenges and how to cut through the noise of a very saturated,fast-paced sector. We thank everyone that was able to join us yesterday at theChurchill War Rooms, panellists and attendees alike! If you weren't able toattend, and you'd like to speak to Babel about our crisis comms packages, ourwork with clients in the security sector, and how we achieve cut-through with abreadth and depth of media, then please do get in touch and we'd be happy tohelp!