Over and out(age) - communications in a crisis

R eputation is your company’s most valuable asset and the way you react to a crisis can define how you are perceived, for better or worse.

For decades, the fundamental pillars of crisis communications have remained the same; truth, clarity, and accountability. These principles should inform every decision you take when handling a difficult decision. Looking back on some Fourth Day notes on crisis management from 2002, two familiar points stood out. The first is that protecting ‘credibility’ is paramount. The second? That if a crisis doesn’t happen on a bank holiday, the chances are it’ll be a Friday.

On 19th July, a Friday, an update from CrowdStrike brought an unprecedented halt to business worldwide. The defective antivirus software collapsed Windows PC’s infrastructure; thousands of planes were grounded, health services were constrained, broadcasters knocked off-air and countless companies were left paralysed. Microsoft estimates that at least 8.5 million computers were affected. 

So as we reflect on one of the biggest IT outages in history, how did the two tech companies at the heart of the crisis handle their communications, and how well have they protected their credibility?

The CEO of CrowdStrike, George Kurtz, addressed the issue on X (formerly Twitter) but was criticised for his failure to apologise for his company’s role in the growing catastrophe. It was suggested that a leaf should have been taken out of Shawn Henry’s book, CrowdStrike’s Chief Security Officer, whose post on LinkedIn did not shy away from taking responsibility for the role the company played in the outage within the first line; “on Friday we failed you, and for that I’m deeply sorry”. 

"For decades, the fundamental pillars of crisis communications have remained the same: truth, clarity, and accountability."

Forbes dubbed Kurtz’s post as a “PR blunder”. He did however, that afternoon, apologise in a live interview with CNBC. While the initial statement wasn’t well received, his later, more measured response, did limit some of the damage done to CrowdStrike’s reputation. Demonstrating accountability when you are clearly at fault is a crucial step to reconstructing your brand perception. 

The company did further attempt to regain control of the narrative as it offered a $10 apology voucher to the staff and firms who had worked with CrowdStrike. The gesture however was taken negatively by some after the BBC reported a small, online backlash as Uber had blocked the cards of customers attempting to redeem vouchers as the high usage rates were flagged for fraud.

Microsoft’s approach, in contrast, was to protect its own credibility by distancing itself from CrowdStrike, ensuring audiences understood that it was ‘an independent cybersecurity company’. The company stated, in a short blog providing guidance to affected users, that the outage “was not a Microsoft incident”. It also tried to deflect attention by blaming the EU for a regulation which prevented it from blocking potential damage. Satya Nadella, CEO of Microsoft, offered a concise statement that global IT systems had been impacted and that Microsoft, CrowdStrike, and others, are working to solve the issue but overall the company appears to be creating as little noise as possible. It appears that its communication strategy has received little scrutiny as a result, indicating that it can be effective to scale back your communications to insulate your own brand. 

"Demonstrating accountability when you are clearly at fault is a crucial step to reconstructing your brand perception."

Every crisis is unique, and delivering the perfect response isn’t straightforward. CrowdStrike and Microsoft have shown us that the same crisis can elicit completely different approaches to crisis communications. As our co-founder, Xanthe Vaughan Williams, wrote on the subject, “there’s no silver bullet to handling a crisis”. The article considers five key strategies to tackling crises; an important guide around which to prepare.

As the dust settles on the crisis, experts are warning that another global IT outage is likely to happen. If this is the case, we’ll be watching with interest to see how the companies involved manage their public communications and protect their reputations. They should probably be on alert for the next bank holiday, just in case.