Last Friday, CrowdStrike pushed out a faulty update to its “Falcon” tool and all hell broke loose. The global tech outage that ensued left few industries unscathed: airlines, banks, healthcare and news media were all affected. Public and corporate panic erupted, alongside outraged demands for solutions now. Never mind that CrowdStrike is a cybersecurity firm led by George Kurtz, a CEO famous for writing “the bible of computer security”—the world wanted answers.
As with any high-profile crisis management situation, all eyes were on Kurtz and Crowdstrike for a response. And critics found his first communication wanting. “Where’s the apology?” was the refrain both in press coverage and social media.
But was the CEO really obligated to give an immediate apology? Here we examine some possible options.
Learn to Hold 'Em
With something as widespread as a global “blue screen of death” event, a CEO, his war-time consigliere and other strike team members must focus on identifying the problem and rectifying it tout de suite. Even as a communications professional who makes her living on valuing the importance of PR, I know that in situations like these, tech fixes come first, and everything else falls in line after. Not to mention, gathering all applicable information is a key facet for handling a crisis communications situation effectively.
This is the exact reason a “holding statement” exists as a crisis tactic. It acknowledges the issue, demonstrates awareness and accountability for steps to be taken, but is otherwise quite short and unemotional. Kurtz’s post was, in effect, a more detailed holding statement that attempted to deliver reassurance at a time where concerns were boiling over.
Launch an Investigation
Once a solution has been deployed, the logical next step is launching an investigation into what occurred, whether it could have been avoided and how it will be avoided in the future. CrowdStrike has already launched a helpful microsite that includes expanded communication from the CEO, as well as important information, resources and updates on remediation. It even acknowledges that this issue will endure, mentioning “adversaries and bad actors will try to exploit events like this,” instead of trying to diminish the gravity of the situation.
Then Comes the Apology
Once the crisis begins to settle, the CEO (and, likely, his comms and legal teams) should turn their attention to delivering a thoughtful apology with all of the facts, solutions and next steps on-hand. This is an appropriate timeline of response, showing the organization values the security of its customers over the security of its reputation.
While it wasn’t the most mushy-gushy apology, it got the job done. Crowdstrike acknowledged the impact and disruption, took accountability, provided clarity on a solution and ongoing support, and used common language versus legal jargon. Plus, Kurtz was even willing to get grilled live on NBC’s Today, a risky move that reinforced the gravity of the apology.
If the public expects a CEO to deliver a “rip your heart out” apology to every blunder, they will be destined to become desensitized. Apologizing without understanding what truly happened, whether it was avoidable, how it can become avoidable and the true scale of consequences is hollow. An apology that is rushed out in advance of solving the true problem is a transparent PR play, leading to dilution of a powerful sentiment that will impact further crisis management down the road.
Apologies are a powerful sentiment, and should be wielded thoughtfully. But it’s important to remember that it’s not the only tool in the crisis PR toolbox that signals you’re taking a crisis seriously.
Gabie Kur is the Senior Vice President, PR of Codeword, a communication design agency.