Commentary: How Facebook’s Response Ignited the Cambridge Analytica Scandal
In a crisis, it’s not the event itself that counts. It’s the response.
Unfortunately for Facebook’s shareholders, it appears Mark Zuckerberg, Sheryl Sandberg, and the company’s other leaders did not understand this basic rule of crisis management when handling the Cambridge Analytica scandal.
For my 2017 book, Chief Crisis Officer: Structure and Leadership for Effective Communications Response, we looked at more than 12,000 statements of companies in crisis. Here’s what we found: In every single crisis that made front page news, there were certain common elements. The most noticeable? In each and every case, the company in question screwed up the initial response—and that, rather than the severity of the event itself, was what made the event a crisis.
From United Airlines to Equifax to Target to Sony, even going back to the BP oil spill, in each case, the first days or weeks of the crisis were characterized by fumbled responses, statements that corrected prior statements, and falling back on legalisms and obfuscation. Then the company found religion, got its act together, and started repairing the considerable damage that had been done.
But often for the organization, it was too little, too late.
In Facebook’s case, CEO Mark Zuckerberg finally responded, after days of delay, to the Cambridge Analytica data crisis facing the company, appearing on media platforms to explain that mistakes were made, apologize, and vow to set things right.
Zuckerberg did a decent job defending the company in these interviews. But nearly every story was preceded by numerous questions regarding the silence of the company and its inept initial response—both to this and other recent crises—going back to questions regarding Russian actors’ use of Facebook to manipulate the 2016 U.S. presidential election.
Based on our research, in fact, there can be little doubt that the speed and impact of a company’s communications response to a crisis makes all the difference. Consider the Toyota sudden acceleration crisis that made headlines in October 2009. It wasn’t even the biggest auto recall that month. Between September and October 2009, Ford initiated a recall of 15 million vehicles with overheating switches in cruise control systems, the second-largest auto recall in history.
Toyota’s recall didn’t even crack the top five, but it’s the one we remember most. After news of the defect broke, company executives spent months emphatically denying that any sort of problem existed, and continued to deflect blame until both its U.S. head and worldwide president were hauled before Congress to explain what happened. Ford, by contrast, issued two voluntary recalls, and did so in such a straightforward manner that the head of the National Highway Transportation Safety Agency commended the company for “stepping forward to resolve [the] issue.”
There is a cliché in the crisis response business that you can’t plan for everything. Like most clichés, however, this is only partially true. While you can’t plan for every variation of crisis that might face your organization, you can plan for crises that are closely related to your main business functions. And in virtually every case we reviewed, the front-burner crisis involved an episode at the core of the company’s business—in other words, it was foreseeable.
With the advent of modern technology to facilitate a swift communications response, you can prepare for a sudden crisis in the future. Yet few companies do so properly. Instead, they wind up desperately responding to what’s falling apart at the moment, with little thought about the day after.
Finally, modern leaders often act detached as a crisis unfolds. Remarkably, many of these corporate leaders and companies are still working from the playbook developed by Johnson & Johnson over 35 years ago, when people began dying due to cyanide being maliciously injected into Tylenol pill capsules. Johnson & Johnson was lauded in its response to the crisis, but this occurred in the days before social media, the Internet, and 24-hour cable news, when careful consideration as to the tone and content of public communication could be timed to a daily, weekly, or monthly news cycle. Information now moves at the speed of the next tweet or Facebook post, and crisis plans that haven’t evolved are left on shelves gathering dust.
Companies’ legal counsel and advisers, who perhaps were trained during the cyanide-in-Tylenol days, fall back on old maxims that no longer apply—such as “We will not comment on an ongoing investigation” or “We’ll inform the public as soon as when know the complete facts.” In this modern environment, such responses can be deadly. Even if a company doesn’t know all the facts, and even if its investigation is ongoing, it needs to reassure the public that it understands the severity of the problem and their concerns, and that it has the crisis under control.
Equally deadly is a sense on the part of corporate leadership that nothing can be done once the crisis begins. It’s Facebook’s turn this week, leaders think, and next week it could be us—but there’s precious little we can do in a crisis except to keep our heads down and wait until public attention moves on to someone else. You would never find this type of thinking in any other area of corporate planning, yet based upon the interviews conducted for my book, it is a frequently used excuse for not planning at all.
Companies of all sizes, and in all industries, need to understand that effective crisis communications response requires proper leadership, structure, and technology. Organizations should have a permanent internal team tasked with continuous monitoring and management of crisis events and a crisis plan always at the team’s fingertips—via laptop, tablet, or smartphone.
If a company’s crisis plan is a binder sitting on a bookshelf gathering dust, its greatest use will be in propping the door open as executives run from the building when a real crisis breaks.
James F. Haggerty is an attorney, author, communications consultant, and founder of CrisisResponsePro.