Crisis Communications (#40)

Garmin International (https://www.garmin.com/en-US/ ), is a company that “brings GPS navigation and wearable technology to the automotive, aviation, marine, outdoor and fitness markets.” Since Wednesday, July 22, the company has dealt poorly with a ransomware attack. Headquartered in Olathe, Kansas, Garmin is publicly traded on NASDAQ. According to MacroTrends, Garmin’s annual revenue for 2019 was $3.758B and their net income was $952M. The company’s 13,000 employees are led by Clifton Pemble, the CEO. I do not own a position in the company, but I do own a Garmin watch, own a bike computer, and use their software to upload my workouts to Strava and Training Peaks. The attack and the company’s disappointing response has caused the stock to lose 5.57% since Thursday. In an interesting twist, their 2nd Quarter Earnings Call is Wednesday, July 29 at 10:30 AM EDT.

The fundamentals of crisis communications are communicate early and often; address your customers, employees, local communities, and news media; and be as transparent as possible. Garmin, however, has executed a textbook example of how NOT to do crisis communications, starting late on Wednesday, July 22 after discovering the ransomware cyber attack.

Here is the Garmin Crisis Timeline:

As a counterpoint, when Home Depot discovered that 56 million customer’s credit card data had been compromised in 2014, the company notified its customers even before they had fully confirmed the breach. The next day they provided a web post and the day after the CEO held a press conference. Since then, the company has been recognized for its honest, accurate, transparent, and timely communication during the crisis.

In my view, Clifton Pemble, Garmin’s CEO, should have been front and center on multiple platforms explaining what happened, what Garmin is doing about it, and estimates on when Garmin is going to restore their services. As a battalion and brigade commander, I felt it was one of my most important roles as a leader — communicate the organization’s story, both during positive events and negative events. Instead, five days later, the CEO remains silent.

Garmin Logo

Garmin clearly didn’t have a standard operating procedure for their crisis communications, especially dealing with a ransomware or denial of service attack. If you are a small or medium sized business it is worthwhile to revisit your standard operating procedures for crisis communications, organize it using the OPORD format (https://www.thefivecoatconsultinggroup.com/the-coronavirus-crisis/the-opord ) and make sure you and your team know the plan:

Crisis Communications Plan OPORD

Scenario _________________

  1. Situation: (Each crisis you prepare for would have a different situation)

  2. Mission: (Who, What, When, Where, Why)

  3. Execution:

    • Leader’s intent

      • Purpose (A slightly broader why then the one used in the mission statement.)

      • Key Tasks (The How)

      • End State (What does success look like?)

    • Where do you assemble the team during the crisis? Who is part of that team?

    • Who is your spokesperson? The CEO? A member of the PR or Marketing Team?

    • Remember during the crisis the media’s and the public’s interest evolves:

      • First 12 hours — what happened?

      • 12-24 hours — who are the key players and what are their roles?

      • 24-36 hours — why did this happen?

      • 36-72 hours — evaluation of response efforts

    • How are we going to communicate in the crisis to:

      • The customers

      • The employees

      • The local community near where we work

      • The market

      • The board

      • Other businesses that are impacted by the crisis

    • How are we going to communicate on all the platforms:

      • Twitter

      • Facebook

      • Instagram

      • Web Page

      • Email

      • Our App

      • Traditional media

    • Draft messages at 12, 24, 36, 48, and 72 hours

4. Admin, Logistics, and Communications

The almost real-time example of Garmin’s poor crisis communications has caused me to lose a little respect for their brand. I am still waiting for them to get back on-line, communicate with me, and enable me to easily upload my workouts. It is also a good reminder to revisit (or build) your company’s crisis communications plan and make sure you and your team are ready to react to a hack, a hurricane, or other disaster.

Previous
Previous

The After Action Review, Part 2 (#41)

Next
Next

Written Decisions (#39)