What is the blog about

This blog is the platform for the class of 2019 in the Master Elective Public Relations, Media & the Public, where students post blogs and interact about current issues in Public Relations and about the latest findings in Public Relations research.

Thursday, October 10, 2019

Blogpost 3 by Iris Weerdenburg

Source: www.entrepreneur.com/article/311308












‘Marriott Data Breach’ or ‘Starwood Data Incident’?

By Iris Weerdenburg
October 10, 2019

A recent blog by Zalfa Farah took me back to a lecture I attended about a year ago in which I was introduced to the topic of crisis communication. In this lecture, the communication response by Marriott International Inc. to a huge data breach at their subsidiary Starwood was given as the example of how organizations should definitely not deal with a crisis situation.

In her blog, Farah approaches Marriott’s crisis strategy from an academic perspective, e.g. by applying the CONSOLE-tool. However, I think we can take some more lessons out of this case. Hopefully, by learning about Marriott’s failure, we can make sure a comparable situation won’t happen to us in the future.

Crisis? Crisis!
In case you haven't heard about this breach, I'll quickly sum up what happened. The crisis entailed one of the largest cyber-attacks ever, exposing the personal information of over 500 million guests of the hotel company Starwood. Whereas Starwood was taken over by Marriott International in 2005, the latter was held (partly) responsible for the situation at its subsidiary. 

If you want to know more about the case, watch this video by CNN Business

So what to do now?
Since every crisis is unique, there isn’t one ready-made manual that tells you exactly what to do in times of crisis. However, there are many theories that provide some guidelines. Looking at the response of Marriott, they were probably unaware of these theories....

 Marriott, you're making it even worse...
Source: edition.cnn.com
The overarching strategy of Marriott was to completely distance itself from the situation: they denied a crisis on their behalf and referred to Starwood. According to one of the first and most prominent theories on crisis communication strategies by Timothy Coombs, pointing at a group outside of your organization is named the scapegoat strategy. The only situation in which this strategy can be a good idea is when there is a false rumour circulating and you sincerely have nothing to do with it. However, in this case, it does not make sense to use this strategy at all. Firstly, because the crisis is based on facts instead of rumours and secondly because Starwood is a part of Marriott, so it isn't an external organization. 

 Moreover, Marriott also tried to frame the crisis situation: whereas the media approaches this crisis as the ‘Marriott Data Breach’, the organization itself sticks with ‘Starwood Database Incident’. In other words, Marriott tries to frame this crisis into something they are not involved in. However, from a recent publication also referred to by Farah, Marriott should have known that this strategy doesn’t work, since the news media often reframes an organization’s crisis response anyway. Nice try, Marriott.

Last, it’s striking that Marriott only posted one Tweet (and three responses) about the breach. The next day, they went on with their normal posting behaviour like nothing happened. They did publish a press release on their website, but as academic research showed out, Twitter is found to be the leader medium in times of crisis, so their focus should have been on this medium. They should have posted the information on Twitter or at least refer to the press release once because in this way people are unaware of the existence of the press release.

The Twitter feed of Marriott International Inc. on the day of and after the data breach

 As Farah mentioned, you can imagine that the general consensus is that the company failed to provide reassurance to their clients and made the situation worse by denying its involvement. So, what would have been a better approach?

Perceptions versus reality
First of all, Marriott should have never denied its involvement in the crisis in the first place. Whether Marriott is directly responsible for the breach at Starwood or not, it is about being perceived as responsible. Therefore, before distancing itself from the situation, Marriott should have thought about a famous quote by William Benoit: ‘perceptions are more important than reality’. In other words, because Marriott is perceived as responsible for an event that is experienced as negative or wrong, they were in a crisis and they should have acted like it. And how could they have done this?

Some recommendations
Again, we go back to the Situational Crisis Response Theory by Coombs. Since the crisis was due to a technical-error accident, the attribution of Marriott to the crisis is low. Therefore, they should have chosen one of the strategies to diminish the situation, instead of denying it. This means that they could have chosen to minimize the damage or to excuse for the situation. Looking at the impact of the breach, the first strategy wouldn’t have been appropriate. Therefore, Marriott should have excused for the situation by denying intent to do harm and by claiming inability to control the event that triggered the crisis. And by doing that, they should have shown some genuine concern towards their clients. Not only because this is scientifically proven to be the best way to deal with a crisis, it's also seems from common sense, right?

 -------
About the authorIris Weerdenburg fulfilled her bachelor’s in political science at the University of Amsterdam. Her interest in the field of communications grew because of her work experiences at a PR-office and the communications department of De Nederlandsche Bank. At the moment, she is finishing up her master’s in political communication, also at the University of Amsterdam. Click here to see her full resume. 



Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)