Summary
Highlights
Jake O'Neill introduces the webinar on crisis communications for terrorist incidents, featuring Sarah Pinched and Dan Joella. Dan begins by outlining the research behind the guidance, which involved interviews with over 30 communication and security experts across various sectors. The guidance is based on real-world incidents from the past 10-15 years in the UK.
Dan identifies common mistakes: not sending staff home for rest (which leads to burnout), over-reliance on technology (losing access to IT systems), and forgetting to cancel scheduled, inappropriate automated communications. Sarah adds that organizations often don't practice enough and need mirror communication teams for backup.
Dan explains that terrorist incidents differ from normal crises in terms of scale, speed, global media interest, and prolonged lifespan, often extending through investigations and anniversaries. Public reaction is also distinct. He contrasts terrorist events, which receive public sympathy, with cyberattacks, where organizations may face blame. Messaging strategies vary: terror events focus on safety and facts, while cyberattacks emphasize solutions and recovery. Organizations should avoid being drawn into political, mental, or religious backgrounds of terrorists.
Dan highlights the importance of effective crisis communication to avoid reputational damage, ensure public safety, and demonstrate organizational control and support for affected individuals. Large organizations or venues have a responsibility for the safety and welfare of many people, necessitating robust communication plans for evacuation, victim support, and family inquiries.
The guidance is structured around a step-by-step process covering 'before,' 'during,' and 'after' an incident. 'Before' focuses on preparation and pre-planning for smooth operations. 'During' addresses milestones that occur during a crisis. 'After' deals with long-term impacts like anniversaries and legacies. Sarah will expand on 'during' and 'after' later.
A unique aspect of the guidance is planning to reduce the possibility of an attack. This involves risk analysis (people, assets, operations) and fostering a security-focused culture through internal communications. Deterrence communications promote security assets like CCTV, plainclothes officers, and 'See Something, Say Something' campaigns to make potential terrorists view the location as too difficult to target. Transparency about security measures should be general, not detailed, to avoid revealing vulnerabilities.
Different stakeholders are crucial, especially contractors, temporary staff, and local resilience forums (LRFs). LRFs are key for building relationships with emergency services and local authorities. A crisis communications plan must include a well-being strategy for staff, as they may be exposed to distressing information and work long hours. Systems and resources also need consideration, such as grab bags with essential offline information (SIM cards, contact lists, hard copies of documents) in case of building evacuation or IT system loss. The plan should be regularly tested and updated.
Strong organizational and communication leaders are essential, both demonstrating quick response under pressure. An integrated communication function within the business ensures senior understanding of the crisis plan. Key tips include strong relationships between operations and communications teams, prioritizing the preventive aspect of security culture, and regular plan review and testing.
Sarah discusses 'during' the crisis, emphasizing that organizations must become a trusted source of communication, even with limited initial detail. Constant, consistent communication is vital. Organizations will likely be under the control of the police and government, especially through bodies like Cobra, which means communication sign-offs will be restricted but also supported by experienced authorities. Social media messaging needs to be appropriate, and routine/planned messages should be shut off.
While authorities dictate overall command, the communications lead must maintain control over internal messaging. They need gravitas to challenge and suggest messages. It's crucial to identify internal sign-off chains, including backups. Employee well-being is paramount; consider who to send to an incident and have external support for the comms team. Organizations must show empathy for those affected and be sensitive about images, even asking people not to post distressing content. Resilience in the team is key to continuous communication.
Staff play a key role, so keep them informed through dedicated internal channels, using personal contact details (with permission) if IT systems fail. Prepare 'grab-and-go' bags for support staff, including login details and passes. Internal and external messages should be aligned, as staff share information with their communities. Building partnerships with other organizations and networks (like local Chambers of Commerce or PR bodies) in advance is crucial for support and shared messaging during an incident.
Sarah summarizes the 'during' phase: review resources and have backup, prioritize team welfare, ensure consistency in internal communications, avoid over-reliance on online networks, have clear roles/responsibilities, and do not underestimate the scale or media interest. Recognize that the 'golden hour' for response is now much shorter.
After an incident, prepare for further incident waves, real or hoax. Guidance from police and government will continue. Organizations should focus on restoration of confidence rather than promotion, especially after cyberattacks. Expect ongoing investigations from various bodies. Don't do PR for hostile actors; police will guide on language. Staff well-being remains important, sometimes surfacing around anniversaries. Internal evaluations and human empathy are vital for the comms team.
For cyber incidents, avoid giving too much detail about how the attack happened to prevent future vulnerabilities. Complete transparency can be difficult. Expect many organizations to be involved in the investigation due to complexity, requiring extensive stakeholder management.
The top five tips are: plan in advance and practice drills, prioritize team welfare, don't rely solely on networks and technology, have clear responsibilities and sign-off procedures, and develop a robust system to respond to the scale of interest.
Regarding language for terrorist incidents, Sarah advises against glamorizing activity, sticking to facts, and using calm, reassuring, empathetic language, guided by the police. For activist incidents, Dan explains the approach depends on the nature of the activism. If it's protest, emphasize listening and addressing concerns while distinguishing between peaceful protest and actions that endanger safety or property.
Sarah states that only the police should confirm if an incident is an act of terror. The organization's role is empathy and supporting staff. For organizations reacting to global terrorist incidents (like US shootings), the immediate focus is on protecting the organization and its people, providing general security assurances without sensitive details, and offering empathy and welfare support to victims and their families.
On high-risk businesses without social media: Sarah suggests that public-facing organizations can establish a presence during a crisis if police can speak on their behalf. For B2B or covert high-risk entities, police/government guidance would dictate communication. Dan adds that establishing a new account risks being seen as a fake. Instead, prepare a 'dark site'—a simplified, pre-built website page with only key information and updates to go live quickly.
For cybersecurity issues, Sarah recommends being honest but not speculative until facts are confirmed. Dan emphasizes acting quickly; delayed announcements (like the British Airways incident) cause more reputational damage. Better to advise customers to take precautions (e.g., change passwords) immediately, then conduct investigations. For agencies supporting small in-house teams: Agencies can play a vital role by building relationships, understanding the client's business, participating in training, and being ready to provide immediate support, possibly by co-locating or offering their premises.