How would your leaders respond if your organisation was in the media firing line?
CEOs and leaders can often hide behind statements and press releases.
Some are prepared to face the media and deliver calm and collected performances.
But what about emotion?
If something bad happened, would your leaders show their human side and reveal how it affected them?
One crisis media management response caught our eye after a leader did just that.
It came from Australia, where a company called Optus faces a colossal data breach crisis.
The company is the second-largest telecommunications company in the country.
And the breach could impact 10m people.
The exact details of what has been taken are not known at this point. But it is believed to contain names, addresses, email addresses and dates of birth.
Passport and driving licence numbers may have also been compromised for a smaller number of customers.
Unsurprisingly, there has been huge media interest in the incident.
I’ve looked at how organisations have responded to data breaches in many crisis communication blogs.
Often, this seems to take the form of statements containing advice for customers on what they should do to protect themselves, together with an apologetic quote from the CEO.
So, it was refreshing to see Optus boss Kelly Bayer Rosmarin face the media through a virtual press conference.
The session lasted just over 20 minutes, and she answered numerous questions, looking like she was holding back tears at times.
But it was the response to her last question - asking how she felt about the breach happening on ‘her watch’ – where the emotion showed.
“It is a mix of emotions,” she said.
“Obviously, I am angry there are people out there who want to do this to our customers. I’m disappointed that we could not have prevented it.
“I’m disappointed that it undermines all the great work we have been doing to be a pioneer in this industry – a real challenger creating new and wonderful experiences for our customers.
“And I am very sorry and apologetic – it should not have happened.”
In another media appearance, she again seemed close to tears, saying: “We have strong cyber security controls in place. We thwart… thousands of attacks every year, every day.
“But it’s a good warning to all organisations that even if you have strong cyber capabilities, dedicated focus and investment in this area, there are sophisticated actors out there.
“We are working very closely with all the authorities and the Australian Federal Police. This is a criminal investigation.”
The emotional response seemed to go down well with the media:
Optus boss delivers emotional response Sky News
Optus CEO Kelly Bayer Rosmarin’s emotional apology after millions of customers had details hacked Daily Mail
So, should leaders show emotion when leading a crisis response?
Well, yes. It shows they care. When you watch the Optus press conferences, you get the impression its CEO genuinely cares about the situation and its impact on customers.
Emotion can add credibility to what is being said.
But it is also crucial the emotion is controlled.
If a CEO continually sobbed during a crisis conference or TV interview, customers may wonder if that person has the composure necessary to lead the organisation through the crisis.
I thought Ms Rosmarin got that balance right. A data breach is not a type of crisis media management incident where lives have been lost, or people are injured.
But it is still a crisis that causes anxiety to those impacted. So, showing you understand that harm is vital.
Her performance reminded me a little of the video Marriott CEO Arne Sorenson produced at the start of the pandemic. He showed he cared – appearing to fight back tears when discussing job losses. But at the same time, you sensed he was in control as he outlined what was happening to protect the business.
“I’ve never had a more difficult moment than this one,” he said.
“There is simply nothing worse than telling highly-valued associates, people who are at the heart of this company, that their roles are being impacted by events outside of their control.
“I’ve never been more determined though to see us through than I am at this point.”
A message to Marriott International associates from President and CEO Arne Sorenson. pic.twitter.com/OwsF14TZgb
— Marriott International (@MarriottIntl) March 19, 2020
There were a couple of other parts of Ms Rosmarin’s press conference that are worth highlighting.
At one point, she was asked what vendors’ security tech Optus had been using.
It was a tricky question that could have led to the company being seen to try to pass some of the blame to others – not a good crisis media management look.
But the CEO spotted the danger.
She said: “I want to make it clear we are taking full accountability for what has happened.
“I’m not going to go around rattling off a number of our vendors.
“It is our responsibility, and we will be working with all those vendors to set things right.”
And there was also an interesting answer to a question about the action customers should take.
“Unfortunately, because this is not the most vulnerable information, like financial details and passwords, we don’t have a simple message – ‘just change your passwords’.
“Really, what customers can do is just be vigilant. If they receive a notification that one of their passwords has been changed on an online service or bank, and they have not initiated that, they should assume they need to report that and get on top of it straight away.
“It really is increased vigilance and being alert to any activity that seems suspicious, odd or out of the ordinary.”
That seems like a pretty clear message until more details are known. But it would be better without the introduction of it not being simple.
However, this praise does not mean that Optus’ crisis response has been perfect.
It is baffling why it decided to only alert customers to the breach through mainstream media.
When people subsequently complained about the communication on social media, it said: “we issued a press release as this is the quickest way to inform all our existing and former customers.”
Hi Marie, we issued a press release and proactively reached out to media as this is the quickest way to inform all our existing and former customers so they can be on high alert for anything suspicious. Kartik
— Optus (@Optus) September 22, 2022
In her press conference, Ms Rosmarin said the tactic was part of its ‘what’s best for customers’ approach to the crisis.
She said: “We know that in these situations, time can be of the essence, So, we contacted the media in less than 24 hours from when we learned this incident had occurred.”
And she added: “Openness and transparency is what we believe is best. While it doesn’t make for great headlines for Optus, it is in the best interests of our customers. So, we appreciate you having covered this story and giving us the airtime so customers can ramp up their vigilance.”
Sure. But why not ensure the same information is available on social media channels, your website and email when you update the media?
Optus is a telecommunications company - couldn’t it send a text?
If there is one crisis rule that we stress more than any others during our crisis communication training, it is that you can’t over-communicate during a crisis.
Media First are media and communications training specialists with more than 35 years of experience. We have a team of trainers, each with decades of experience working as journalists, presenters, communications coaches and media trainers.
Click here to find out more about our crisis communication training.