In recent conversations, several people who teach crisis management have bemoaned to me the lack of case studies that really capture how social and digital media drive the modern crisis.
Older case studies don’t help teach techniques that students must understand for today’s threats.
Any crisis plan that is older than two years old is going to be next to useless when the worst does happen.
Any crisis case study from more than five years ago is unlikely to yield much in the way of teaching for how it might happen tomorrow.
But it is instructive to look at those old, if you like, ‘classic’ crises, to understand how much better prepared an organization must be in 2017.
Let’s begin with the mother and father of all the pre-digital classic case studies, Tylenol.
What happened?
The Tylenol crisis was a series of deaths from poisoning resulting from the tampering of Tylenol capsules in the Chicago area that began in September 1982. The response by Tylenol’s owner, Johnson & Johnson (J&J), considerably raised the bar for standards of transparency and accountability.
Not only was J&J rightly praised for its recall decision and communications, the episode reflected a fundamental shift in public perception about the responsibility of a corporation to its customers.
Twenty years later, looking back on how the handling of the incident had become the foundation of J&J’s stellar reputation, Judith Rehak of the New York Times (‘Tylenol Made a Hero of Johnson & Johnson’, March 23, 2002) wrote:
“What placed apart Johnson & Johnson’s handling of the crisis from others? It placed consumers first by recalling 31 million bottles of Tylenol capsules from store shelves and offering replacement product in the safer tablet form free of charge.”
How might it look different today?
The equivalent nowadays of external bad actors holding a company’s products and reputation to ransom would look more like the cyber-attack suffered recently by HBO (and previously by Sony in November 2014).
In July, HBO revealed it had been the victim of an attack which had accessed large amounts of its data, including forthcoming episodes of popular show such as ‘Game of Thrones’ and potentially sensitive email exchanges.
When it happened to Sony, the media coverage quickly pivoted from an outrage at the crime of hacking and instead looked at the explosive content of the emails. Sony’s then CEO eventually lost her job.
What’s the lesson?
Johnson & Johnson took a brave decision which strengthened the company’s reputation long term, protected consumers and saved the Tylenol brand. But they had time to consider options, confer and discuss with experts. The landscape was very difficult but more controllable – physical product sitting on actual store shelves.
In examples like HBO and Sony, there is so little to control.
The data is already out there to be revealed whenever the perpetrator feels like it and the motives are entirely unclear.
It’s not obvious that the company will get support from the media and consumers as the victim of a crime – there is blame for not protecting the data and who knows what the stolen emails will reveal.
Any organization now must have a crisis response plan ready for this kind of threat, and it must be accessible and actionable from anywhere and at any time.
And cyber security needs to be reviewed and strengthened on a frequent basis.
