These are the big lessons from the Optus outage

These are the big lessons from the Optus outage


1. Respond quickly

It took almost five hours after the outage for the Optus CEO to pick up the phone and call Communications Minister Michelle Rowland.

It took another two hours – seven hours after the crisis began – for the company to respond publicly in a meaningful way.

It meant Rowland and other federal government ministers were left to respond to the media and largely blast the telco and its CEO for the failure.

“The delay in the CEO’s response allowed other stakeholders to control the narrative and diminished the effectiveness of her response,” FTI Consulting director Renée Law says.

Asked in one interview if the company could have communicated better, Optus CEO Bayer Rosmarin said, “No, I don’t think so”.

It seemed to reinforce the mistakes which arose after Optus was scarred by one of the biggest public cyberattacks this country has seen in late 2022 and sent a message the company and CEO had not learnt from their mistakes.

2. Explain the problem

When Optus CEO Bayer Rosmarin eventually did front the media, all she would say is that the problem was a “technical network fault”.

The Australian Financial Review reported that Bayer Rosmarin said the outage was too “technical” to explain. “There’s no soundbite that’s going to do it justice,” she added.

Only on Thursday did Optus confirm its parent company, the Singtel internet exchange, was the “international peering partner” which sent changes to routing information after a software upgrade, triggering the outage. It only added to perceptions the company was not being fully forthright.

Mahler says the public isn’t stupid and even if Bayer Rosmarin was limited in what she could say, she needed to do better to provide a credible, honest and forthright explanation to be believable and trusted.

3. Get the message right

When Bayer Rosmarin did eventually front the media, her body language and response seemed defensive and as Chanticleer noted, a little defiant.

“I don’t think it’s a problem with the communications. It’s a problem that customers wanted a different message,” she said. “We’re very, very sorry that it happened. But I don’t think it’s something unusual in the grand scheme of things when you’re operating a critical infrastructure.”

Optus chief executive Kelly Bayer Rosmarin talking last year about the hack: “We recognise the significant concern it has caused many people.” AFR

Bayer Rosmarin’s response downplayed customer anger and outrage. Mahler says that she should have employed what she calls the Kung Fu technique.

The metaphor means furiously agreeing with criticism, rather than resisting it – the way a martial arts fighter can use an attacker’s momentum against them.

“It you agree furiously with someone that it is terrible, and even reflect their words back to them, it really softens the exchange,” she says.

“It only works when people are in a heightened emotional state, or it can come across as insincere.”

She points to the tearful apology of former BHP CEO Andrew Mackenzie after the Samarco dam disaster as an example of a sincere response.

Mackenzie was commended for immediately fronting the media, apologising to the families affected and flying straight to the scene of the disaster in Brazil. He later gave up his $US4 million bonus over the incident.

4. Co-ordinate social media

FTI Consulting’s Law says companies tend to use social media well to get positive messages out but not so well when problems hit, even though most customers will turn to social media when trouble strikes.

“We’ve seen many companies develop their social media profile but through the lens of acquiring customers rather than protecting their brand,” she says. “In a crisis situation, you have to be very thoughtful about what is going out and make sure you are not clashing with your other communication.”

5. Be prepared

Herbert Smith Freehills partner Cam Whitfield and FTI’s Damon Hunt held a webinar this week after the Optus disaster where they discussed the importance of holding company simulations and real-time fire drills to prepare for a crisis.

While their focus was on cyberattacks – they say 28 per cent of boards have never run a cyberattack simulation – the lessons apply equally to other crises.

Natalie Botha, managing director of crisis-management firm Janellis, also talks about a methodical decision-making framework as key.

BOSS has previously broken down the firm’s 7-step framework which includes teams considering the most likely, best-case and worst-case outcomes and being prepared for a range of potential scenarios.

FTI’s cyber response starts with engagement: immediately engage a multi-disciplinary crisis team and put in place privilege protocols, as appropriate. Next steps include insurance implications; communications; regulatory notifications and key stakeholder management.

6. Compensate appropriately

As calls by government ministers and the public for compensation grew, Bayer Rosmarin resisted. “Refunding people for one day is probably less than $2,” she said, ruling out the idea.

Clearly, Bayer Rosmarin wanted to avoid opening up the compensation floodgates. But as the communications minister and various regulators pointed out, there are contractual and Australian consumer law provisions which cannot be avoided.

The Telecommunications Industry Ombudsman also operates a complaints scheme, which includes compensation and enforcement of industry codes.

Then Optus began talking about ways to say “thank you”. It was the sort of corporate speak which only infuriated customers further, Mahler says. By the time Optus offered customers 200GB of free data as compensation, the damage had been done and customers on social media labelled it an insult.



Source link