What communication lessons does the (new) Pemex crisis teach us?
On Monday, November 11, 2019, #Pemex became a trending topic once again. The reason? A cyber attack on the entire company. Images like the one at the top of this post were shared on Twitter. Twitter was buzzing with rumors and speculation: journalists, experts, workers…have been waiting for the company’s response. Apparently, it was a ransomware attack: a virtual kidnapping by hackers, who demand money in exchange for releasing the systems.
The silence is never a good response during a crisis.
What do we know by 7 p.m. about what is happening to one of Mexico’s most important institutions -the time of this comment-? NOTHING. The company has not communicated anything, neither its director nor the Secretary of Energy. Well, she did scold those who share a supposed risk of gasoline shortage. But not a word about the real problem. Apparently, Pemex’s priority is to share a tweet about Evo Morales and his arrival in Mexico, rather than informing its suppliers, clients, and investors about what they are doing to solve the problem.
In a crisis, you cannot wait to know what and how the problem happened.
Many companies use the argument of “if I don’t know what’s going on, how can I say anything?” While it is a responsible approach, it is not valid in a crisis. Why? Because in the absence of information, the void is filled with gossip, speculation, rumors, etc.
By the way, saying that “operations are running normally” when you already have a huge problem that is public knowledge is not a good decision.
What can a company do in the face of an attack and the crisis it generates?
- Making a key public map to ensure that all relevant audiences will be informed.
- Writing and sending an official statement (tweet, press release) that briefly explains what is happening and what they are doing to solve the problem (within 2 hours of the start of the crisis).
- To explain that there are protocols in place to address a situation like this (if there are any).
- Direct questions from different stakeholders to specifically designated spokespersons who can take note of their concerns.
- Post every two hours about any updates, no matter how brief they may be, such as “the cybersecurity team is working with cyber police”.
- Inform that there is information that cannot be shared due to strategic and security reasons, but that progress is being shared transparently.
- Not “scolding” the media or trying to control what is said on social media.
The #communication for #CrisisManagement helps to reduce the pressure on the company in trouble.
UPDATE. After 8:00 pm, the company issues a press release that is a model of HOW NOT TO WRITE A PRESS RELEASE IN A CRISIS:
- Do not show your anger or feel under attack: “in the face of the wave of rumors and fake statements…”.
- Don’t lie: ‘Operates normally…’ Employees have shared that nobody has used their computer today.
- Do not scold society or your key publics: “we invite the oil community… to avoid rumors”.
- Don’t focus on “the picture“; what matters is how you are addressing the problem.
- Don’t take more than 24 hours to respond and don’t minimize the problem: “Yesterday…”
By the way, if this explanation were true… why did it take so long to issue a statement? #OuchPemex
The new media ecosystem puts pressure on companies to give quick responses to scandals and crises. Best practices for crisis communication include having a manual, guide, or communication protocol in place and training the committee and its spokespersons because when a ship starts sinking, it’s too late to learn how to swim.