This is the third and final article in a three-part series that explores the notion of trust in today’s digital economy, and how organisations can practically build trust. In part 1 we took a deeper look at the meaning and underlying principles of trust. Part two explored best practice approaches to using regulatory compliance to build trust.
In this piece, we look at the role of reputation management in building trust on privacy and security issues.
The way an organisation manages its reputation is unsurprisingly tightly bound up with trust.
While there are many aspects to reputation management, an effective public response is one of, if not the most, critical requirements.
In the era of fast-paced digital media, a poorly managed communications response to a cyber or privacy incident can rapidly damage trust. With a vocal and influential community of highly informed security and privacy experts active on social media, corporate responses that don’t meet the mark get pulled apart very quickly.
Accordingly, a bad response produces significantly bad outcomes, including serious financial impacts, executive scalps, and broader repercussions like government and regulatory inquiries and class actions.
A google search will quickly uncover examples of organisations that mishandled their public response. Just in recent weeks we learned Uber will pay US $148m in fines over a 2016 breach, largely because of failures in how it went about disclosing the breach.
Typically, examples of poor public responses to breaches include one or more of the following characteristics:
- The organisation was slow to reveal the incident to customers (ie. not prioritising truth, safety and reliability)
- The organisation was legalistic or defensive (ie. not prioritising the protection of customers)
- The organisation pointed the finger at others (ie. not prioritising reliability or accountability)
- The organisation provided incorrect or inadequate technical details (ie. not prioritising a show of competence)
As we can see courtesy of the analyses in the brackets, the reason public responses often unravel as they do is that they feature statements that violate the key principles of trust that we outlined in part one of this series.
Achieving a high-quality, trust-building response that reflects and positively communicates principles of trust is not necessarily easy, especially in the intensity of managing an incident.
An organisation’s best chance of getting things right is to build communications plans in advance that embed the right messages and behaviours.
Plans and messages will always need to be adapted to suit specific incidents, of course, but this proactive approach allows organisation to develop a foundation of clear, trust-building messages in a calmer context.
It’s equally critical to run exercises and simulations around these plans, to ensure the key staff are aware of their roles and are aligned to the objectives of a good public crisis response and that hiccups are addressed before a real crisis occurs.
If you enjoyed this and would like to be notified of future elevenM blog posts, please subscribe below.