SolarWinds, Peloton Show Importance of Seeing Crisis as Long-Term Endeavor

A school of thought argues that a crisis never ends. Reminders can crop up years later. And digital technology now makes it easy to find and post words, images and video of long-ago crises.

Then there are a few crises that actually don’t end. At this moment, it’s not easy to see the pandemic ending.

And the frequency of cyberattacks against large targets makes it seem cybercrime will never end. As we went to press, Accenture admitted Aug. 11 it was hacked.

While cybercrime has existed for years, it seems it started late last year with the SolarWinds mess.

Since linked to agents of Russia’s SVR intelligence agency, SolarWinds broke through last Christmas, when news coverage was all-COVID-19, all the time. Its potential for disruption spread to 33,000 public and private customers, as well as U.S. government agencies.

And SolarWinds has legs. It continues to generate stories as more information leaks about it. As soon as a cyberattack is spotted, one of the first questions to arise is whether or not it’s linked to SolarWinds.

And just when you thought cyber would recede from the news cycle after it dominated the June Summit between President Joe Biden and Russian leader Vladimir Putin, Russian hacking returned it to the headlines.

In July, the Republican National Committee revealed it was hacked. Initially, SVR was considered the culprit. Days after the July 6 announcement, another Russian hacking group, REvil, claimed responsibility.

It’s not as if cyber’s longevity, and SolarWinds’s in particular, is unexpected. Cyber communication experts Kaylin Trychon, then a VP at ROKK Solutions and now at Google, and Kristin Miller, director, Ping Security, told us in January 2021, when we wrote about SolarWinds for the first time, information about this breach would dribble out for months, if not years.

When we next visited Trychon and Miller for the debut of the Crisis Never-Ending feature in March 2021, their January prediction held. It still does.

A takeaway is that cyber begs communicators to take a long-view of crisis.

Besides establishing back-up channels so you can communicate during a cyberattack, expect fallout to last months, if not years.

This argues in favor of hewing to crisis basics early on: Issue a prompt, be authentic in your response, be transparent and communicate plans to bolster your network.

Other Lingering Crises

Yet the premise of this column is that all sorts of crises can linger.

Consider Peloton. Owing to COVID-19 and shuttered gyms, demand for its stationary bicycles doubled in 2020. Meeting demand was Peloton’s biggest ‘issue.’

The company was soaring for much of early 2021, too. Then came problems with its treadmills. For months, critics alleged they were unsafe, leading to 29 injuries and at least one death.

Initially, Peloton held firm, downplaying criticism, including from the federal government. It also deflected blame, insisting its treadmills were safe when users followed directions.

In May 2021, Peloton succumbed, apologizing and admitting it acted too slowly. It agreed to recall its treadmills and halt sales of one model. It was a blow to Peloton’s reputation and finances. Still, with shares gaining 434 percent in 2020 and revenue doubling (vs 2019) to $2 billion, Peloton was riding high.

There were cracks, though. Peloton investors got nervous about the future. Should the pandemic ease or end, gyms will reopen and demand for Peloton products would fall. Indeed, Peloton shares lost about 25 percent of their value since Jan. 1, 2021.

Did this financial crunch lead Peloton to make a desperate move? Perhaps.

In late June, it removed an option from its Tread+ treadmill that let users walk on the machine without connecting to Peloton’s $40/mo digital workouts.

Essentially, critics said, the company was forcing customers to pay a monthly fee for the privilege of using a treadmill they’d bought for $4,000. Peloton claimed removing Just-Run was a safety.

After customers complained, Peloton backpedaled. It promised the fee was temporary. At our press time, The Verge confirmed Peloton made good on that promise.

Still, for a company with a dinged reputation, why mess with customers, even for a limited time?

Gail Strachan, a Toronto-based crisis and PR pro, accepts at face value that the Just-Run option was a safety issue. Still, she says the company goofed when it failed to hold a “thorough conversation with stakeholders” prior to adding the safety charge.

Yet should it emerge that Peloton was masking a revenue enhancement in the name of safety, the reputation damage will be “substantial,” she says.