Maybe hiding money under the mattress isn’t such a bad idea after all.

One could easily come to that conclusion after reading “Cyberwar: The Threat from the Internet” lead commentary and lengthy analysis in this week’s “Economist” The cover piece should be required reading for public relations professionals, especially those working for entities managing extremely complex and sensitive digital data (e.g. defense agencies/contractors, stock exchanges, banking institutions, major retailers, hospitals, public utilities, insurers, air traffic controllers…).


These institutions may even want to seriously consider hiring from what should be a new class of communications professionals with extensive backgrounds in not only crisis management PR, but also with a keen understanding of computation, IT and/or electrical engineering.

Is this just an ill-timed call for another SG&A (selling, general and administrative) expense at a time when we very well could be staring in the face of a double-dip recession? Here’s another question to ponder: How expensive will it be if entire communities are indefinitely deprived of power, denied access to financial resources or discover that their sensitive personal information has been compromised? We can be sure that not all of impacted people in these unfortunate circumstances would have been wise enough to hide sufficient hard-earned cash under the mattress or in the coffee can.

Last February, this blog recounted the State of California’s 1989 response to the massive 6.9 on the Richter Scale Loma Prieta (Bay Area) Earthquake, a more conventional crisis communications incident.

Recently, we read about the recurring Toyota recalls, the seemingly out-of-control NYSE-computers that plunged the market nearly 1,000 points in less than 10 minutes, and of course, the Mother of All Oil spills, BP’s environmental (and public relations) nightmare in the Gulf of Mexico.

In each of these cases and others that are similar, the text-book crisis communications response really boils down to the journalistic who, what, when, why, how and most important what is being done about it. We can measure the Richter scale reading for an earthquake; count the number of Toyotas that were recalled; determine the staggering amount of market capitalization that is lost when the NYSE computers decided to get a mind of their own, and measure (and measure again) the number of gallons per hour of crude that are pouring into the gulf.  More importantly, we can usually respond expeditiously about what happened and what is being done to rectify the problem, even in this age of ever-shrinking news cycles.

We have all read more stories than we care to count about the vast potential of social media in successfully branding an organization. We also know of examples of how these same digital tools can quickly undo even the best marketing and branding campaigns very same Internet has even more potential to promptly wreak havoc on any organization, including entire countries.

According to the Economist, more than nine-tenths of Internet traffic travels by means of undersea fiber-optic cables, some of them bunched up in not-very-nice places including the Red Sea, the Horn of Africa and the Luzon Strait. About 90 percent of the 140 billion e-mails sent daily around the world are spam, and about 16 percent of these are money-making scams. The US government believes that $1 trillion is lost each year to cyber crime.

What happens in a denial-of- service (DDOS) attack impacting thousands, if not millions, of personal financial or medical records, shutting down regional energy grids or making it impossible to simply access money? Who is the culprit? The answer is obviously somebody, some group, some competitor, some adversary, some nation with access to the Internet. One of the first public relations problems associated with a cyber attack is going to be purely diagnostic: What happened? Why did it happen? When did it happen? Who is responsible? What is the extent of the damage?


If you have no concrete responses to these questions how can you offer solutions to editors, reporters, analysts, bloggers who are demanding immediate answers? And if you do not have enough credible information to provide intelligent commentary, will journalists allow you to buy time? Or will they turn to others for quick answers to provide copy and fill air time? And what are the agendas of these other “sources?” Are they the same as your agenda? For better or for worse, all voids are going to be filled one way or another.

As we can see through the example of the 2008 compromise of the personal records of 285 million Verizon Communications customers, these cases will surely recur the future. Do they constitute warfare? Corporate espionage? Terrorism? Vandalism?  One thing is certain, large organizations will benefit from those who know not only how to manage information and calmly communicate in the cyber crisis’s’ of the future. They will be crisis comms pros, who will also have a working knowledge base about the digital systems that are vulnerable to attack via the Internet and can describe complex IT systems in plain understandable English or whatever constitutes the vernacular.

And in the case of outright theft or foul play, an organization will need to cooperate directly with law enforcement or in certain cases national security. If the cause is not just sinister intent, but real or perceived lax IT security by your client, then you can be virtually assured that the trial bar will see an opportunity to tap deep pockets on behalf of aggrieved “plaintiffs.”

Whether an organization decides to hire a new breed cyber crisis communications specialist or not, we do know for certain that the Internet-driven world of the 21st Century has brought forth a variety of new digital opportunities and threats that were not even conceivable a mere generation ago. Welcome, regardless of whether you are ready or not or whether you agree or not, to the brand new world of cyber crisis communications.