Last week I said there would be more to come on this story – and there was…
M&S stops online orders and issues refunds after cyber attack – BBC News
Mixed Messaging
It appears to me that the main complaint from customers is not that services are unavailable or that there is a cyber incident at all – it is about the poor and sometimes conflicting communications from M&S. Interestingly M&S stock dropped 5% – probably due to this cyber-attack – so I wonder how much of the messaging was not from the IT/Cyber support and Customer Support departments but from the department responsible for the stock value of M&S?
A cyber incident is a problem for an organisation – to state the bloody obvious. How the organisation is seen to respond to the challenge will determine how their customer base, stock price and reputation rebound after the event. Trying to preserve all three of these during an incident is probably not possible. Choices need to be made and to help make those choices the truth will help.
Your Takeaway
I wrote about incident communications as part of my Ransomware Primer – if you have not read it, you should. Although it primarily covers ransomware the advice will help with other incidents as well.
Clive Catton MSc (Cyber Security) – by-line and other articles
Further Reading
Try this for a little light relief on this story: Because It’s Friday – What is a planet?
Image Credit: Clive’s Blog – The Original Marks and Spencer store.
