This post was originally published on this site
https://content.fortune.com/wp-content/uploads/2022/12/GettyImages-1240105409-e1671019065592.jpgAll businesses face significantly higher levels of risk today–just listen to board discussions or evaluate skyrocketing corporate insurance rates.
In our ubiquitous media universe, now a 24/7 environment, boundaries between traditional media outlets and digital platforms have blurred, making them somewhat indistinguishable from one another.
Customers, competitors, employees, advocacy groups, unions, investors, regulators, vendors, and the media see any post instantaneously–whether the post has been approved by the business or not.
Against this backdrop, boards and leaders should be reasonably educated on three potential crisis areas in 2023: cyberattacks, unauthorized leaks, and political missteps
In the face of such Black Swan events, last year’s thinking is ineffective at best. Those ill-prepared will suffer more than their 15 minutes of shame.
So, throw away your crisis plans. Most won’t work in 2023.
My password was compromised. Now I must rename my mother
Cyberattacks are one of the most complex issues facing companies: attacks pillage budgets, create business disruption, and put reputations at risk.
“If it were measured as a country, then cybercrime–which is predicted to inflict damages totaling $6 trillion globally in 2021–would be the world’s third-largest economy after the U.S. and China,” reported Cybercrime Magazine. That number is expected to rise to $265 billion by 2031. Estimates suggest global losses could hit $10 trillion by 2025. So financial costs of an attack to an individual company in 2022 could be in the tens of millions.
There are three basic categories of cyber or digital attacks–all have reputational consequences.
Cyberattacks can come from outside the organization: Crime syndicates, overseas competitors, and state actors may try to steal or destroy data, money, and intellectual property. The goals of bad actors can vary: disruption, extortion, ransom, retaliation, denial of service, or simply warning of their attack capabilities.
Attacks by trolls and activists may also target the reputation of a company via individual attacks against top leaders or boards. There are also conflicts with labor or other advocacy groups, product or service liability retaliation, brand or reputational injury, and operational mistakes, which are compounded by inept fact-gathering and communications.
Finally, disgruntled current or former employees can carry out cyberattacks from within the company. These attacks are motivated by retaliation over disagreements, commercial espionage, and financial gain.
Time is not on your side
In the Righteous Brothers’ 1965 hit, Unchained Melody, the duo sang: “…time goes by so slowly, and time can do so much.” Charming and romantic.
Today, the instantaneous digital world demonstrates time is not on our side. Consequently, we must think quite differently about time than we did just a few years ago.
In our 2011 game-changing book, Digital Assassination: Protecting Your Reputation, Brand, or Business Against Online Attacks, we established a standard digital response process, as well as a response time for digital harm of eight hours.
Today, that concept is even more important, as the speed and magnitude of attacks and leaks dramatically accelerated. We are now facing a “two-hour digital day.”
In today’s instant, mobile environment, when the company is attacked or a sensitive document is leaked, you have one or two hours for an initial response. Delays in response and conflicting statements written in legalese or gibberish result in a fiasco.
Unfortunately, in many corporate cultures, business leaders and their advisors are simply not organized to operate at digital warp speed.
How internal communication vanished into cyberspace
Leaked documents are posted online and distributed at warp speed. It has transformed how we must think about, prepare, and protect these so-called internal documents. Most communications must now be treated as if they were public.
Recent headlines remind us no institution is immune from leaks: Apple, Amazon, Beyond Meat, Ferrari, Google, Meta (Facebook), Uber, and even SCOTUS, all had to mop up following public cyclones caused by unauthorized leaks of internal documents.
In an absurd turn of events that reveals how leaks come from everywhere, even Conti, a Russian group identified by the FBI as one of the most prolific ransomware groups of 2021, suffered the consequences of leaked documents.
You are on the news. Now what?
While the leak of the SCOTUS draft opinion in Dobbs prompted a broad spectrum of reactions, many people were appalled that the sanctity of court deliberations was violated.
Faced with the unprecedented leak, Chief Justice John Roberts’ response was spot on (from a crisis management viewpoint). He confirmed that the leak was an authentic draft, that justices were still deliberating, that they often used draft opinions to try to persuade each other, that no final opinion had been voted on, and that he would direct an investigation into the source of the leak.
Business leaders would be well served to look at the chief justice’s crisis response–and to follow his lead when facing an analogous situation.
When crafting internal documents there are simple principles to consider. First, define what you want to communicate and understand that the document could go public. What exactly is its purpose? Is it meant to share information, function as a call to action, or change opinions? What is the tone?
Second, the message must be clearly and concisely conveyed in plain English. As British social commentator J.B. Priestley said, “The more elaborate our means of communication, the less we communicate.”
One quick and simple test is to ask an entry-level employee to read the document and then tell you the one or two things they remember about it. If their comments do not encompass your key messages, consider rewriting.
If you can’t take the heat, get out of the media kitchen
Some CEOs have been speaking out on an array of political issues. That’s a problem for boards and companies as noisy internal or external groups continue to push business leaders to comment publicly on controversial matters.
One company that has been hurt by speaking out is Disney–the current case study on how not to deal with stakeholders. Disney did little publicly to address the new Florida law until after it was enacted. The company did not sign the petition numerous companies in the state issued before the policy proposal became law, then later jumped in, seemingly unprepared, by abruptly announcing opposition at its annual shareholder meeting.
In today’s polarized politics, no matter the issue, roughly 45% of people will support you and 45% will be against you, and about 10% will be undecided. The harshness of any pushback depends on the gravity of the issue–and how the undecided lean.
It is not that CEOs should be quiet on issues, but rather that it’s important to understand all circumstances, players, timing, and dynamics–and then pick your fights.
So before embarking in the political arena, leaders and boards should examine answers to basic questions about the quest: Is the issue mission critical to the company? Have leaders been briefed on where all sides stand? Will taking a position help or harm the company’s equity value, sales, reputation, and ability to attract and retain top talent?
Are you prepared for digital assassination in 2023? In the 24/7 media environment, corporate survival requires new thinking and critical adjustment accomplished at lightning speed. This is not a slow evolution. Those who fail to adapt will be reduced to a footnote in corporate history.
Richard Torrenzano is the CEO of The Torrenzano Group, which helps organizations take control of how they are perceived. For nearly a decade, he was a member of the New York Stock Exchange management (policy) and executive (operations) committees. Richard is a sought-after expert and leading commentator on financial markets, brands, crises, media, and reputation management.
The opinions expressed in Fortune.com commentary pieces are solely the views of their authors and do not necessarily reflect the opinions and beliefs of Fortune.