How a crisis can turn a CEO into a leader

How a crisis can turn a CEO into a leader

As a CEO, I can’t think of many things worse than an urgent, middle-of-the-night phone call. Except, perhaps, an urgent, middle-of-the-night call on Thanksgiving. 

So it was, though, when my phone buzzed at 3:45 a.m. Thanksgiving morning in 2014. My company’s co-founder, was on the other end. 

“Patrick, this is going to be an interesting day,” he began. That was quite an understatement. Gigya, our company, had just been hacked by a group calling itself the Syrian Electronic Army. The most immediate impact was that on hundreds of the most popular, consumer-facing websites around the world, our registration and social login service was redirecting users to a site displaying an image of the Syrian flag.  

It was a real gut punch. I’d been excited about finally getting a break at the end of a hectic year. I was running a fast-growing team of nearly 300 across 6 offices, had just raised a big late-stage round of funding, and expectations were high.

On top of all that, I had a one-year old and a two-year old at home, and my family was flying in later that morning to join us for the holiday. I had a great weekend agenda that mainly involved eating far too much, watching football, and taking naps.

What played out instead over the next few days definitely wasn’t ideal—but it had its own rewards. While Thanksgiving with the family didn’t go quite as planned, the experience taught me a lot about how to manage a company through a crisis. I also know it made me a better leader and our company stronger. Here are several takeaways from that experience I’m truly grateful for. 

Quickly assess what you know and what you don’t 

As we took stock of the situation, we felt that the clock was ticking. But we also didn’t immediately really know that much. We had to get the word out to customers and the public as soon as we could. We knew we’d been hacked, but we didn’t know the cause yet, and weren't completely sure if anything else had happened. 

As a leader, dealing with a crisis starts with getting clear on what you know and don’t know. You can’t just rely on your direct reports in these situations; you may have to get to the front-line workers that have the information and speak directly to them.  

It was lucky, in hindsight, that we had a team in Europe working on Thanksgiving. Within an hour, our team pinpointed the cause of the hack—a breach of our domain registrar, meaning neither the Gigya platform itself nor any customer data was compromised—and made a fix. Further, within a couple hours we found a security specialist to validate our findings and fully assess the damage. And by the time everyone in the states was waking up, we had a solid diagnosis in hand and I could turn our attention to communication.

Communicate with speed, transparency

It’s critically important to communicate quickly and clearly during a crisis—with the board, employees, customers and partners. Communication is the opportunity to rebuild trust, or in the case of lack or mis-communication, destroy it.

All this is easier said than done in the heat of the moment: When you’ve just discovered you’ve been hacked, every bone in your body initially wants to wait so you can improve the certainty of information. It’s also human nature to put off the delivery of bad news. But the right thing to do is the exact opposite, which is to communicate early and communicate often.

I felt we had to get a blog post up really quickly—and by sunrise, we had it ready to go. That post ended up being a really effective mechanism to get our side of the story out, and we ended up pointing customers, press, and everyone else to it.

There’s also a lot of information you don't want to necessarily put out publicly, but you do want to get to your customers and prospects. So we also wrote an internal FAQ to give out to employees on the front lines. We had the employees send emails, and also make phone calls to build trust with our customers.

I don’t remember losing one customer from this hack, which was a really remarkable outcome. I think that's partly because of the communication we managed to pull off in those first few hours.

Lead your team 

In a crisis, there’s not much time or opportunity for collaboration and alignment with your team, even if you want it. Instead, it’s a time when leaders simply need to lead—moving quickly and taking decisions. Notice I said “take,” not “make” decisions. By that I mean you need to make decisions so quickly that you literally take them and move forward.

In a hack situation, the CEO has to take on the issue and communicate the remediation and the key messages. I wrote most of the public blog post as well as the internal FAQ. In these situations, you don’t have the luxury of giving other people work. Sometimes you just have to take it on yourself.

I also spent time making countless calls to customers. To my surprise, almost everyone had gone through their own crises and many of them had also been hacked. You discover you’re really not alone in most of these things, which is another reason I think transparency during a crisis is important. 

By 11:30 a.m. or so, we had done pretty much everything we could do for the moment. We understood the issue and the communication stream was underway. I picked up my mom from the airport and we went to a museum.

At that point, I was just walking around like a zombie, trying to enjoy the day—but knowing there was also the chance I might come to work on Monday and my company might not exist as it once was.

You just can't waver in those situations. You just have to show confidence, even when you may not have 100% of it yourself.

Turn crisis into opportunity

One of my mentors once told me to never fail to take advantage of a crisis. There’s a lot of wisdom in that, because in a crisis, people are open to change in a massive way. For us, the breach was a wake-up call to dramatically improve our security practices across the company.

I realized we had a major risk in our business that needed attention. So we ended up hiring a CISO to provide a new focus on security, and backed it with more budget. We even slowed down development to make sure we did it right.

I’m proud to say we didn’t have such an incident moving forward. But we did create a crisis playbook to follow just in case it ever happened again.

Whether it starts with a 3:45 a.m. call or not, every CEO will go through a crisis sooner or later. It’s these moments that not only make leaders, but also make companies. Hopefully, your crisis won’t involve the Syrian Electronic Army. But if it does, stay calm, lead purposefully, take decisions, and communicate, and you’ll come out stronger on the other side.

--

Note: A version of this article was originally posted on Forbes.com, where I am a contributor.

Proud to have been on your team!

Giuseppe de Palo

Enterprise segment Lead - Industrial manufacturing & Consumer Products @Google Cloud - Member of Italian Leadership Team

4 年

inspiring as usual. Thanks Patrick

回复
Neill Brookman

GM & VP, EMEA at MetaRouter

4 年

Great article Patrick, and I remember that day very well!

Bill Stratton

Global Head, Media, Entertainment & Advertising - Vertical at Snowflake

4 年

Great article,Patrick. Remember working through several challenges with you over the years and you always handled in the same purposeful way.

回复
Enrique Espinosa

Global B2B SaaS Executive | GTM Strategy | Operational Excellence | Customer Success

4 年

Awesome article Patrick. Three lessons for me: demonstrate confidence during crisis, Communicate fast and learn. Thanks for sharing.

回复

要查看或添加评论,请登录

Patrick Salyer的更多文章

社区洞察

其他会员也浏览了