Evidence from real-life events bolstered by research demonstrates that people increasingly use social media to get and share information in urgent situations. At the same time, anecdotal experience also bolstered by real-life incidents shows that many organizations are not using social media well—or at all—to communicate in crises. In general, they either think it’s not an effective way to reach their target audiences at all, or only effective for product and service marketing purposes.

Here are three reasons why they should reconsider:

1. Listening informs smart doing.

The first communications action we advise clients to take in managing a crisis is to start intensive real-time media and social media monitoring, analysis and reporting. It’s essential to know who is saying what so that decisions are not made in a vacuum. Is information in the public domain accurate? Are persistent or important questions unanswered? Are influential voices weighing in? Is concern escalating or waning? Without at the very least having the immediate capacity to listen, timely and effective responses to critical situations will be delayed. So even passive engagement is valuable.

2. Other players are.

In any kind of physical emergency, first responders like fire and police routinely use social media to alert people to the danger and provide them with instructions and the latest information. Think back to the Calgary flood or the Toronto ice storm for excellent examples of civic leaders and agencies communicating with citizens via Twitter to keep them up-to-date. They quickly became THE sources of accurate information. Regulators in many sectors including, food, pharma, financial services and natural resources are doing much the same.

In organization-specific crisis situations, the absence of the key player is noted and quickly becomes a focus of negative attention. It’s also a lost opportunity. Using social media provides a platform for conveying other important messages of concern for those affected, about actions taken and perspective that puts the situation into context; messages that only the affected organization can deliver.

3. Opponents, instant experts and uninformed observers are doing it too.

Social media is very democratic, giving anyone with a following some influence over not only the “facts” but also the perceptions of what has occurred. This commentary can spread rapidly and broadly, leaving enormous and lasting reputation damage in its wake. Organizations that allow misinformation and innuendo to go unchallenged and uncorrected do so at their peril. If damage occurs on social media, it must at least be addressed on social media, although interaction may simply take the form of tweets and posts that link audiences to statements or that redirect them to corporate websites. It can also be used to correct or update the facts without getting into debates or arguments that serve primarily to add credibility to critics and opponents.

But an effective social media presence can’t be established in the midst of a crisis. Organizations need to create a presence on the platforms they choose in advance, find an audience and establish the rules of engagement that will govern online behaviour in an emergency. This is simply an element of good crisis planning.

It’s impossible to think of a crisis today that doesn’t start, unfold, escalate and/or resolve on social media. There’s no virtue in ignoring that reality and at least three reasons to embrace it.

Jane Shapiro, SVP, National Practice Leader, Corporate Communications, Crisis Communications and Issues Management, H+K Strategies Canada

The consensus is clear: it is no longer a question of if your business will experience a cyber-attack, but rather when and how that will occur. We are far and away the most experienced cybersecurity communication partner out there. And choosing a partner for something like this is a bit like choosing a surgeon. It’s great to have someone with a subscription to the medical journals; far better to have one that has done the procedure – more often and more successfully, than anyone else.

Cybersecurity threats have affected some of the best-known companies and institutions – including the federal government and leading academic institutions. Hundreds of millions of Americans have been adversely impacted in recent years and that trend is not abating. We now see upwards of one data breach reported per day, and the number of affected records is approaching 1 billion worldwide.

Cyber incidents occur suddenly and are most often seen first in the rear view mirror. They pose an existential threat to sensitive personal information, confidential commercial data, physical systems, financial assets, commercial strategies and intellectual property. As the trove of data stored in networked systems continues to grow exponentially, the pace of the threat is quickening and the average scope and scale of the impacts is growing as well. And with each successive incident, stakeholder expectations of breached organizations increases.

When a cyber-attack occurs, demonstrating competence is essential. Changes in media – the ways consumers, investors and other stakeholders access and act on information – make previously successful strategies obsolete today. Ineffective media relationships can lead to a loop of negative coverage. Social media offers channels for engagement, but without the right strategy and messages, those tend to flood with criticism.

Acting to preemptively bolster competence and reputation is the best strategy to weathering a cyber-incident, but effectively preparing for one requires skill, experience, adequate resources, smart thinking and leadership.

We have a proven system to efficiently assess and weight the risks an organization might face so that planning can address real and imminent threats. With a better sense of the threats in play, we work with our clients to develop or upgrade incident response plans and line up the requisite assets so that the organization has a better sense of what to expect. When it’s necessary, we’re able to deploy teams quickly to add internal resources and offer immediate insights for managing through a cyber-event. Utilizing previous experience and proven best practices to inform communication strategies and tactics, we stay engaged for as long as necessary to help guide our clients through the complexities of the response, follow-on investigations, litigation, or regulatory actions.

Cyber incidents tend to produce a string of focusing points months or even years after the initial announcement. Having a responsible partner in place before the incident will exponentially improve the quality of the outcome as well as the cost of the incident.

We’re ready. Are you?

Kevin R. Elliott. Senior Vice President and Director, U.S. Risk+Crisis Communication Practice