A single crisis, regardless of the form, can have lasting repercussions to a firm’s bottom line through lost revenues and redirected resources necessary to deal with the incident. Compounding this reality is watching your positive reputation, established through years of hard work and success, quickly tarnish—diminishing your credibility in the eyes of both current and prospective clients.
Impact of Reputation Damage
How can reputation impact a firm’s business so substantially? In the legal community, the fundamental essence of your reputation is based on your expertise, capability, and trust, and firms face a growing list of potential crises that could irreparably harm their reputation, including cyber-breaches that compromise private information, mismanagement, fiscal misconduct, and the departure of high-profile attorneys from the firm amid today’s lateral frenzy.
Understanding that an incident could strike quickly and without warning, firms should position themselves for immediate action on two fronts: managing the crisis effectively while clearly and swiftly communicating essential information to impacted stakeholders. Implementing these steps will lessen negative reputation impact and transition your firm into a speedier recovery.
Rising Cyber-Risk for Small Firms
The word “crisis” has been defined in many ways, but for the sake of this series, a crisis will be described as any internal or external force or incident that threatens life, property, or reputation. And while a crisis can encompass any number of employment, fiscal, and leadership defection scenarios, smaller firms may be at a higher risk for a cyber-breach owing to integrated technology systems designed to manage operations more effectively.
Consider the many tools a firm may use in this digital age to maximize efficiencies, such as cloud-based programs, e-mail, WiFi, and remote access options that create flexible solutions designed to reduce operational tasks and regain time to focus on client work. They all come with imbedded security systems to protect you, right? Yes, but dependence on these safeguards doesn’t ensure a breach won’t occur. Unprotected devices used on public WiFi networks, weak passwords, and our growing dependence on our mobile devices that are easily lost or stolen pose a risk. In addition, the design of these useful tools prioritizes information sharing rather than information protection.
In the face of phishing schemes, hacking attacks, and just plain human error, the most common concerns for law firms include a potential breach of consumer data, payment information, and, most importantly, personal and confidential information housed in electronic case files. Firms should also consider the potential for theft of intellectual property, data destruction, or the disabling of vital infrastructure systems.
Cost of Crisis
There are both tangible and intangible financial impacts of a cyber-crisis. The tangible costs include post-crisis restitution, additional legal and regulatory expenses, insurance fees, public relations and stakeholder notifications, and additional costs to make the situation right. A growing concern for law firms, however, are the intangible costs associated with reputation, include lost clients, lost contracts, disruption of service to remaining clients, name devaluation, and lost intellectual property. The Ponemon Institute’s 2016 Cost of Data Breach Study: Global Analysis indicates that average crisis recovery costs have increased 29 percent since 2013.
Not only are the costs associated with a breach growing, but the odds that your firm may experience a breach is escalating, too. Data from the Symantec Internet Security Report suggests there is a 26 percent increased chance that your organization could face a cyber-breach within the next 24 months. Thus, savvy firms will not only invest in preventive measures to avoid a crisis, they will also thoroughly plan their crisis-incident procedures and crisis communications long before they ever need them.
Growing Importance of Swift Response
Crisis communications planning has become critical to reputation management and recovery in the aftermath of a crisis incident for several reasons. First, we live in a 24/7 news cycle that is itching for new material in an ever-competitive media environment. Yesterday’s daily newspaper, radio stations, and selective broadcast networks are being threatened by cable news, bloggers, social media, and satellite radio, and they are all vying for the latest news story to retain their audience and capture ad revenue.
Another challenge we face is the growth of non-reputable news sources and the advent of amateur reporters uploading inaccurate social media posts and blogs to a growing fan base seeking salacious news. Regardless of the truth, once it is out there and shared, you may be losing the uphill perception battle, so how quickly you communicate your response is critical.
What Can You Do?
The key is to develop a tool kit of communications strategies and messages so when a crisis hits, you can begin the counter-measures quickly, lead the narrative, and ensure your story is the one being told. Critical to any communications plan is organization: conducting a media audit, creating key messages for pre-identified audiences, knowing who the spokesperson or people are, and having them trained for the camera in advance. But it doesn’t end with the crisis. Recovery planning is every bit as essential to regain lost credibility and should be an essential strategy of any crisis communications plan.
Where does a firm begin? The next installment of this series will include strategic planning steps to consider when preparing your crisis communications plan.