Not just at Xmas

Black Friday may be a bonanza for retailers in revenue terms but it also represents a key risk day for them and their customers, in the guise of the heightened threat of a cyber-attack, according to the consultancy ThreatMetrix. It has warned that online criminals will be super-active over the festive period, starting from today and is predicting hacks will double this year compared to the data-breach levels it measured last year.

Of course, data-breach causes crisis for a company whatever the time of the year. The IT and reputational challenges are considerable. But now in the wake of Ashley Madison and Talk-Talk, victim companies are likely to be more in the spotlight than ever as the media look for further examples of data-hacking and to assess how the company concerned is handling their crisis.

There are various PR lessons to be learned from recent high-profile cyber-events which we summarise here:

  1. Dont speculate on the perpetrator:  it’s fine to say the police or NCA are investigating so it would be inappropriate to comment.
  2. Don’t overplay the victim card: customers will have little sympathy that IT systems weren’t robust enough to keep hackers out.
  3. Do be clear, honest and transparent on the data accessed and the implications – identity only, bank details, photos or whatever. Trying to hide the true extent will only come back to bite you. However it may be possible to take some heat out of the problem, if you can relativise it or talk of active customers or whatever.
  4. Do give logical advice and assistance about password changes required.
  5. Do try to communicate with customers directly and not just through the media – post FAQs on your website, have extra phonelines manned 24/7, respond rapidly to tweets and social media posts. A customer back-lash on twitter for example can fast become a traditional media story the next day if not swiftly dealt with.
  6. Do judge when the CEO should front-up to media enquiries to show you are taking the issue seriously.
  7. Do apologise to customers: don’t let the lawyers talk you out of that one, regardless of the class action lawsuits in the wings. You can ask for patience and understanding in the eye of the storm as you fix things but sorry is important to say.
  8. Don’t be afraid to be transparent about some of the IT fixes being put in place. It can hopefully be done without opening the company to further risk. However the tech and financial community will judge you wisely if you are investing in the right upgrade.
  9. Do offer customers compensation of some kind after the event: this can go a long way to take any bad taste away for the fact their data has been stolen, even if the threat was notional and not in fact hugely impactful.
  10. Do be prepared to talk about your experience after the event. For customers and stakeholders to know you have learnt from the experience can be hugely reassuring and it helps draw a line in the sand to be able to move on.

Bell Yard has worked on various breach situations both in the background giving objective advice away from the fray, and in the front-line handling media on a client’s behalf. The crisis typically lasts 3-5 days and then the calm comes…until any fine from the ICO resurrects the issue.


26 November 2015

Litigation PR

Litigation PR
Group Action Law firm Edwin Coe LLP, acting for a 500 strong consumer group bringing a multi-million pound class action lawsuit against timeshare...
Litigation PR
Banking Bell Yard advised the beneficial owners of two companies suing a Swiss bank at the High Court in London for breach of duty over the sal...
View more Ligitation PR Case Sudies


Reputation Management
Data hacks Bell Yard advised on crisis communications for a digital retail business which was the victim of a data-hack and theft of customer data...
Reputation Management
Global 100 Law Firm Bell Yard provided public relations support to an international law firm with offices in London, Europe and the Middle East. Our brief...
View more Reputation Management Case Sudies


US/UK Extradition Since 2004 Bell Yard has driven a campaign against the UK/US extradition legislation, enacted in January 2004, which poses particular d...
Legal Services Commission Bell Yard was mandated to conduct a campaign on behalf of a law firm to highlight the disastrous consequences of the Legal Services Com...
View more Campaign Case Sudies

Contact us

Bell Yard Communications Limited
21 Fleet Street

Sw: +44 (0) 20 7936 2021

M: Melanie Riley, Director: +44 (0) 7775 591244