Jonathan Pearl on responding to the mass cyber-attack on Sony Pictures

In 2014 when film, The Interview, about the assassination of North Korea’s Kim Jong-Un went from being a harmless spoof to the cause of a mass cyber-attack on Sony Pictures, Jonathan Pearl was Sony’s General Counsel in the USA. Bringing together his legal expertise and technological savvy, communications firm, Montfort, hears Jonathan’s crisis management pearls of wisdom on communications, how to mitigate long-term reputational damage and retain public trust when hackers do their worst.

Cyber-attacks are not an if, but a when

First of all, with cyber criminals working round the clock to beat security systems, companies should accept that complete safety from cyber criminals is impossible.

“When you have literally thousands of people dedicated to getting into your systems, it’s just a question of when they get in, not if”, Jonathan Pearl warns.

Instead, he suggests, companies should be prepared for how to respond to cyber-attacks focusing on being able to understand whose and what data the criminals have been able to get their havoc reeking virtual hands on.

Transparency and planning are the best tools in a crisis management toolbox

“I think the most important thing is to be transparent with people”, Jonathan says.

Essentially, the earlier consumers can be told what data has and has not been affected the better for the consumer and their trust in the hacked company. It gives customers a chance to change passwords and the company the opportunity to demonstrate they have regained control to ‘handhold’ customers through a stressful time.

To do this, Jonathan says, companies must know how to ‘marshal’ their troops to quickly manage concerns of the press, stakeholders, partners, and crucially, employees whose data may also have been affected.

Otherwise, he frankly warns, “one thing is for sure, if you haven’t prepared you will make terrible, terrible mistakes”.

Legal implications vs reputational cost

As a lawyer, Jonathan explains that crisis management is more of a ‘PR exercise’ than it is about the law.

If communications are handled incorrectly, he says, “the implications for your share price can be much, much worse than the lawsuits you're going to have as a result”.

And thus, even where saying sorry could be viewed as admitting liability in court, he warns that not taking responsibility right off the bat for any wrongdoing could be a company’s biggest reputational, and a costly, faux pas.

“It's not acceptable to say our lawyers told us not to say anything to you.... It just won't wash with people and you'll upset people more than is really necessary,” he explains.

Agility, hacks and most an important lesson

In recounting the extraordinary details of the 2014 Sony Pictures hack, which saw private and damaging communications of senior executives released, Jonathan says each cyber-attack management case is distinct with its own dynamic learning curve. However, if there had to be one rule of thumb for all scenarios, it would be having an agile team of professionals who can refocus communication efforts on a daily basis to put out fires wherever they ignite.

Discussed in this podcast episode:

Meet Jonathan Pearl, technology and legal advisor
Cyber attacks are a certainty 
How to save public trust and protect company reputation
The importance of communications over law
Details of the high profile Sony Pictures cyber attack 
Tips and advice for budding crisis management professionals 

Links

https://montfort.london/
https://www.concordian.net/about
http://www.legal500.fr/assets/pages/gc/interviews/jonathan-pearl.html
https://www.vox.com/2015/1/20/18089084/sony-hack-north-korea
https://www.kaspersky.com/blog/operation-blockbuster/11407/