To regain public trust after a hack, businesses should provide as much transparency as possible.
“Transparency equals trust,” said Laurie Roberts, chief operating officer of Parris Communications and leader of the firm’s crisis communications practice group that advices corporate clients.
Still, there are limits on how much information can be shared.
“It’s important to not share information that could be confidential from a business intelligence perspective,” Roberts said. “You wouldn’t want to release information that would help your competitors. Those things are factored in when we help companies decide how much they can say.”
The decision process can be a balancing act.
“When we gather around a client’s table to discuss this,” Roberts said, “we always have the company’s IT or security person there just to make sure that our statements in and of themselves don’t create more risk for the company. So it’s not that we’re trying to hide information, it’s just that we’re trying to protect the company from further breaches.
“Oftentimes, you can say there’s been a breach, and you don’t have to share information that would expose you to more risk of a similar thing happening.”
Roberts also works closely with her clients’ legal counsel to best determine what to say or not to say after such a crisis. It can be especially sensitive if emails between company executives or other highly private information has been exposed, she said.
“Historically speaking, public relations people and legal counsel have been at odds on how a company should respond to such a crisis,” she said. “Legal counsel would say, ‘Never apologize.’ But I’ve seen a huge shift in the thinking of the legal community in that area.
“But before you know everything that you’re going to find out, you can’t make a statement that’s so definitive that we have to turn around later and take those words back. So it’s important that communications folks and legal folks are around the table when those statements get made.”