The CIPR has launched new crisis communications guidance focused on terrorism and cyber-attacks.
Developed with the Centre for the Protection of National Infrastructure (CPNI), the guidance provides detailed steps on what to do before, during and after a crisis occurs.
This includes how to create a crisis communications plan, from analysing the potential risks to what it should contain.
Why is THE GUIDANCE important?
Terror threats are a potential risk for many organisations today. Owners or managers of places where large numbers of the public gather could be a target. The same is true of key infrastructure providers, such as energy, communications or transport.
Likewise, cyber-related attacks are increasingly likely. Many organisations hold personal data of some description and are responsible for keeping it secure. Hotel operators, airline companies, broadband providers and social media channels have all been compromised recently.
Getting the communications right if a crisis happens is vital. Organisations are responsible for the welfare of stakeholders and will be expected to provide leadership and support. If they don’t do this or handle the situation poorly (from being insensitive to not managing the issues) huge reputational damage will be caused. Any sympathy for the organisation will depend on what has happened and whether it could have been prevented.
HOW IS THIS DIFFERENT from “normal” crisis communications?
While there are many similarities between traditional crisis comms and the new guidance, there are four areas that stand out to me:
- Focus on employee wellbeing: crises take an emotional, physical and mental toll. Most in PR describe the role as “always on”, but if a terror attack occurs this becomes true as international interest will make this a 24/7 event. Organising shift patterns, bringing in extra resource (from within and outside the business), and managing staff welfare during and after the crisis are covered
- Security focused communications: communications and security teams must work closely together to develop proactive communications that describe security assets and people (broadly, not too detailed). This may be enough to deter a hostile from targeting the organisation. Staff should be empowered to contribute to communications and the public should be aware of security measures (without creating fear)
- The importance of relationships: building relationships before the crisis occurs makes it much easier to work together if something happens. It also allows time for testing and refinement of crisis plans. Stakeholders include Local Authorities, emergency services and Local Resilience Forums
- Have a Plan B: existing systems or processes may fail or be compromised, e.g. the IT system goes down or people have to evacuate. Low tech solutions, back-ups and off-site access to key information and resources should be part of any plan
What does a crisis look like from a communications perspective?
A flowchart within the guidance provides a quick checklist for communications teams (below).
The guidance also includes:
- The differences between terror and cyber-attacks (in terms of public perception and organisational response)
- The process for working with the police
- Examples of communications during a crisis
- The importance of leadership
- Dealing with the “long-tail” of the crisis, including the investigation process and anniversaries
The full guidance is available here. Check out #TerrorCommsGuide on LinkedIn and Twitter for other launch content.
how was the guidance created?
The content was based on a series of interviews with senior communications and security professionals working within local authorities, emergency services, and places such as venues, transport hubs and energy infrastructure. Most had experienced a terrorist or cyber related attack and spoke about the actions they took during the crisis, outlining what worked, what didn’t and how it has influenced their preparations for the future.
I was one of the authors, alongside Sarah Pinch (Pinch Point Communications), Claire Spencer (i to i Research) and Phil Morgan (CIPR). If you have any questions, please get in touch or leave a comment below.