Singapore’s Stormy 2024: Crisis Communications Lessons Every Business Needs to Know

In 2024, several high-profile crises rocked Singapore’s business world, underscoring the importance of effective crisis communication strategies. This year’s corporate turbulence reveals valuable lessons on prevention, response, and recovery from turbulent events such as ransomware, data security breaches, and?food safety issues. Using the 6Cs framework—Concern, Clarity, Control, Confidence, Competence, and Context—these incidents highlight essential lessons in proactive measures, rapid response, and recovery.

The Million-Dollar Ransom: Shook Lin & Bok’s Pricey Cyber Wake-Up Call

In April 2024, Singaporean law firm Shook Lin & Bok Singapore became the target of a ransomware attack, reportedly paying over USD 1.4 million to regain access to its systems. The cyberattack, attributed to the Akira ransomware group, was contained quickly with the help of cybersecurity experts, but it revealed vulnerabilities in the firm’s handling of sensitive data. There is no evidence so far that the firm’s core document management systems, which contain client data, were affected, it said in a statement to CNA and other media. Shook Lin & Bok did not respond to media questions about whether it paid the ransom and how much it paid.

Prevention: Cyber security should be a top priority for companies dealing with sensitive data. Proactive measures, such as regular penetration testing, employee training on phishing, and advanced security protocols, could have deterred the attack. Additionally, robust encryption and offline backups would have reduced the need to negotiate with hackers. Cyber defenses aren’t just an IT issue but an investment in trust and reputation.

Post-Breach Strategy: While Shook Lin & Bok did well to report this case to authorities such as the Cyber Security Agency of Singapore (CSA) and act swiftly, addressing client concerns requires more work. Its reports on counter-measures should not be made public, but the firm might consider revealing the breach point such as unpatched software, and its broad response such as regular audits. Recovery efforts should focus not just on containment but also on reinforcing trust.

Data Accountability: LingoAce’s Privacy Predicament

In May 2024, the Personal Data Protection Commission (PDPC) imposed a $74,000 fine on LingoAce , an online language learning platform, following a significant data breach. The breach, which occurred in late 2023, exposed the personal information of over 557,000 users, including minors. Attributed to weak password protocols and the absence of two-factor authentication, the incident highlighted the increasing regulatory expectations for robust data protection, especially in sectors handling children’s information.

Prevention: For businesses handling sensitive data, compliance with data protection standards is critical. Robust password policies, two-factor authentication, and regular cybersecurity audits could have averted this breach. In addition, appointing a dedicated Data Protection Officer (DPO) would have ensured ongoing compliance and proactive monitoring of regulatory standards.

Response Strategy: LingoAce’s cooperation with the PDPC and prompt notification of affected users were commendable first steps. To reinforce trust, it needs to demonstrate a commitment to data security and accountability through implementation of enhanced data protection protocols to reassure stakeholders.

A Sweet Response: Tom’s Palette Finds a Silver Lining

It’s not all doom and gloom for crisis communications, some brands found a silver lining through proactive crisis communication. Tom's Palette , a popular gelato shop, faced a suspension order from the Singapore Food Agency (SFA) in October 2024 for food safety violations, including unregistered staff and unclean food handling practices. Their Bugis outlet was closed from October 15 to October 28, during which all food handlers were required to re-attend and pass a food safety course. However, Tom’s Palette used this setback as an opportunity to engage with their community.

On October 29, just before resuming operations and on the eve of Halloween, Tom’s Palette shared a TikTok video, acknowledging that they had an overstock of ice cream as a collaboration cancellation. The brand invited patrons to enjoy free gelato on October 30 and 31 at their Bugis and Kovan outlets, so long as they were following Tom’s Palette on social media. This video even ended with Halloween greetings!

Lesson Learned: Tom’s Palette’s response highlights the power of transparency and authenticity in crisis communication. By openly addressing the issue and inviting customers to be part of the recovery, the brand strengthened its relationship with the community! With over 10,000 TikTok engagements — since many users wanted to show their support and share this promotion — this free gelato initiative demonstrated that brands can create positive experiences even in adversity.

Key Takeaways: Crisis Communication Essentials for Every Organization

These case studies reveal essential lessons for managing and mitigating corporate crises. Here are takeaways that Singaporean businesses can apply to protect and strengthen their reputations:

1. Invest in Cybersecurity as a Foundation of Trust: Shook Lin & Bok’s and LingoAce’s incidents underscore that cybersecurity must be proactive. Implementing advanced threat detection, strong password policies, and secure backups are critical steps. By prioritizing these measures, companies can prevent breaches and reassure clients of their data’s security.
2. Engage with the Community Proactively: Tom’s Palette demonstrated that inviting community support can foster loyalty, even in difficult times. By addressing issues honestly and inviting customers to be part of a recovery, brands can strengthen bonds with their community and turn challenges into opportunities for positive interaction.
3. Learn from Each Crisis and Prepare for the Next: Each of these cases highlights the need for organizations to embrace a proactive, vigilant approach to crisis management. When crises do occur, they should be viewed as learning opportunities. Here’s a list of questions — compiled by Gini Dietrich — to ask below. Companies should analyze what went wrong and update their crisis communication strategies, protocols, and training to reinforce resilience. BONUS: Read about recent CrowdStrike and California Pizza Kitchen case studies here.

Looking to safeguard your brand in turbulent times? At Momentum AI Communications, we combine crisis management experience at biotech and listed companies with tested strategies to help you anticipate, navigate, and recover from crises. Our team works closely with you to build a communication framework tailored to your unique challenges. Connect with us today to prepare, protect, and empower your brand.