By Jim Preen, Crisis Management Director at YUDU Sentinel
‘Get fit’ says the prime minister who would be proud of one of my colleagues at YUDU who used lockdown to get into a serious fitness regime. So serious in fact that he bought himself a pricey Garmin watch to log his runs, PBs and all the other gruelling activities he undertakes.
He was less than impressed with his watch a few days ago when he got a message asking him to check back shortly as Garmin was down for maintenance. It proved to be a way bigger problem than that as it quickly emerged that Garmin was subject to a ransomware attack.
Days later a Garmin spokesperson said the firm was: “the victim of a cyber-attack that encrypted some of our systems. We have no indication that any customer data, including payment information from Garmin Pay, was accessed, lost or stolen”.
This got a witty response from one wag on Twitter: ‘Phew, the hackers don’t have access to my embarrassingly slow 5k PR times, or how much weight I’ve gained during lockdown’.
Poor comms response
But on a more serious note this was a poorly handled crisis, particularly as far as Garmin’s corporate communications were concerned. The firm tried to keep the story under wraps for almost a week but that didn’t stop social media, particularly Twitter, from giving the firm both barrels. And when they did make a statement it was as sterile as an operating theatre: ‘We are working to resolve this issue as quickly as possible and apologise for this inconvenience’. A sentence that is hardly likely to inspire confidence among your already irritated band of customers.
Own the crisis
If a company has a problem which is causing their customers’ pain the firm must own the crisis and be seen to do so. At the very least they should put out a message detailing in simple terms what the problem is and what they are doing to fix it. If they don’t, social media is given free range and what we used to call ‘the information gap’ is filled with hostile and negative comment all directed towards the company and not the real bad guys; the hackers.
Cyber-attacks are a fact of life, we understand they happen and may even have some sympathy for the victim, but by saying virtually nothing Garmin become an anger magnet.
In many ways the Garmin response seems incredibly old fashioned, like something from twenty years ago when firms tried to bury bad news. That option no longer exits. Why? A little bird told me.