Sometimes it’s easy to look from the outside and say: “well, that’s not how I would do it.” It’s not until you are in the middle of a crisis that you really know how you would react. Even the best laid plans and all of the business continuity drills in the world can’t prepare you for the real thing.
Last week, Garmin (the maker of GPS-enabled wearable devices) experienced a crisis when a cyber-attack took down all of their online systems. There has been a lot of criticism in the media about their handling of the crisis. My question is this – what would you do?
On Thursday 23 July, Garmin’s online services were interrupted, including website, customer support, applications, and company communications. Almost everything that you use to communicate to the public and your staff is gone. Business continuity planning typically considers one system is down, or you can communicate internally but not externally. They lost it all.
If you’re Garmin, you immediately begin to assess the nature of the attack and trying to get systems back online. You call your crisis team together. You need to tell customers why they can’t track their runs, why planes can’t fly and why boats can’t navigate (turns out they do more than just fitness watches). You can’t use the apps, messaging services or your website. You turn to social media.
Sure their posts were a little uninformative:
What would you say if all you know is your online systems are down, and you don’t know why?
Across all channels (Twitter, Facebook, Instagram) and on all country pages, they posted once a day. They provided FAQs on the website (when it was back up). By Monday they had made a public statement announcing there had been a cyber-attack, but no customer data had been lost.
Should they have spoken to the media earlier? Probably. Should they have been more transparent that it was a hacker? Maybe, depending on what the hacker was demanding and what the police were recommending. A little more understanding and empathy for their clients? Probably, but it wasn’t life or death and If we take them at their word, no personal information was lost. I think they could have appeared a little more human in their communications shown more understanding of how frustrating it was for users.
What impact will this crisis have on Garmin? I would say very little over the long term. Has trust been lost? Maybe, but probably not for long. Most commentary that I looked through on social media was followers joking about not wanting the world to see how slow they ran. Users wanting answers about when their data could be synced and when they could see the map of their runs. Will there be financial implications? Probably initially, but in the long run, Garmin has a strong brand, and most people buy it for its features, not its data integrity.
I’m not a Garmin user so this was just my assessment from the public view of the problem. If you are a user, what was your perspective? What could Garmin have done better?
If your organisation was in this system, what would you have done differently? What can you learn from this experience?