The Microsoft outage on 19th July, caused by a software update issue by cybersecurity company CrowdStrike, likely seems a dim and distant memory to most of us. Many organisations impacted by the outage recovered relatively quickly. A poll among our expert network of IT and business professionals, the Vanson Bourne Community, found that 82% of those who told us they were affected were back online within one working day. But what about CrowdStrike? What’s the been the impact on their reputation and brand? And what lessons can other companies take from it, should they ever face the same?
No such thing as bad PR
On the one hand, you could argue that this has been a brand awareness boon for CrowdStrike. If you had asked someone on the street what CrowdStrike is and what it does on the 18th July, the chances are you’d have been met with a blank face and a shrug of the shoulders. Ask them on the 19th July and they might have said something dramatic like “that’s the company which broke the world”. Everyone now knows what CrowdStrike is. It has become a household name overnight.
On the other hand, many might consider it an unmitigated disaster. Their share price fell by 32% in the 12 days following the incident, they are facing lawsuits from investors and Delta Airlines passengers, whilst Delta Airlines themselves are threatening legal action over the loss of $500 million resulting from the outage. This is not to mention the impact on CrowdStrike’s relationship with current and potential future clients. Indeed, a poll of our Vanson Bourne Community revealed that 74% have a lower level of trust in CrowdStrike following the outage, including those not affected. Over two-thirds (68%) are now unlikely to recommend CrowdStrike as a cybersecurity provider to their organisation.
How can CrowdStrike (and other brands who might face such challenges) recover from this? What are the long-term impacts on its business and client relationships? How can they rebuild trust? I recently sat down with members of our Vanson Bourne Community and asked them for their thoughts.
How important is trust in IT vendors anyway?
It turns out it’s very important. Trust and reputation are critical considerations for our Community members when selecting technology vendors, more so in many cases than price. They are the cornerstones of the vendor/client relationship. Vendors build this trust over time through performance, personal relationships, and their responses to challenges. If a vendor does not respond well to a crisis, learn from failures, or implement measures to prevent a recurrence, this will damage trust further and likely lead to the ending of the relationship.
So how can CrowdStrike rebuild trust?
Immediate and clear communication is vital, both throughout the crisis and after it has been resolved. Nothing is more annoying than a delayed flight, but the frustration is made ten times worse when you don’t know when the flight will actually take off. The same is true for IT failures; what’s the problem, what are you doing about it, and, most importantly, when will it be fixed?
Crisis management is crucial. The Community members I spoke to emphasized the need for regular updates throughout a crisis, using layman’s terms to ensure all stakeholders understand the situation, regardless of their technical knowledge.
Mixed views emerged about how well CrowdStrike performed on July 19th. Some felt that updates were lacking, and explanations were too technical. It seems the communication boat may have sailed for CrowdStrike. Or has it? Perhaps not entirely…
Transparency and communication should continue after the incident. Community members emphasized the need for vendors to acknowledge mistakes, put their hands up and admit they got it wrong. Indeed, CrowdStrike were applauded by many when their President, Michael Sentonas, accepted the “Most Epic Fail” Pwnie award in person at the Def Con hacking conference in August. Perhaps they have managed to claw back some ground with that one.
Vendors also need to learn from their mistakes. They should conduct a thorough ‘lessons learned’ and put steps in place to prevent the incident happening again. It’s essential to clearly communicate these improvements to clients to rebuild confidence and trust. Clients want to feel reassured that the problem won’t happen again.
This is, almost inevitably, still a work in progress for CrowdStrike at the moment. They have identified a number of actions, including improving its testing processes and staggering update roll outs in future. However, it is going to take time to demonstrate to clients that these remediations are in place and effective.
How will they know it worked?
This is where conducting brand research can help CrowdStrike and other companies impacted by crisis events. Typically conducted annually, but often with an ongoing tracking element, it would offer a benchmark measurement to assess the impact of such scenarios against – and help formulate an effective response.
It shouldn’t just focus on one metric, but instead offer a range of insights to base their next decisions on. From uncovering an event’s impact on funnel stages such as awareness and consideration, through to how the perception and importance of certain brand attributes might change. Trust being a key one.
As a result, brand insights will enable them to identify gaps and opportunities to better engage their customers – as well as inform their future plans around positioning and messaging. In a fast-paced market like technology, these insights help brands not only keep pace but also recover quickly after crises.
Want to know more about brand research?
Let’s talk! At Vanson Bourne we offer a range of brand research capabilities. We help you understand your brand health and identify opportunities on how to engage with existing and new audiences. Get in touch to chat to us about your objectives and how research can help drive your business forward.