Maersk Line were one of the biggest victims of the Petya/NotPetya Ransomware worm that struck on 27th June 2017. Here are some details, in case you missed it. Two weeks later, they are still not back to full operational capacity, but they are doing something really well. The are using the critical competence of communication to keep their clients informed of the progress they are making towards recovering from the cyber attack.
They have been publicly posting on their website the current status of the various systems that were impacted. One of the biggest systems hit was their customer service phone lines. This would have been their main route for communication with their clients and being able to deal with specific queries that concerned customers would have for them. However the Ransomware took that offline and so, the Maersk teams went to work to start recovering their systems.
They obviously followed a Disaster Recovery Plan, as they mention on 6th July that their business-critical systems were up and running which allowed them to take on new business. But they also admit that there are backlogs for existing business. They also show on July 8th that they have been able to respond to 70% of the customer service e-mail backlog. For a business of their size, this would have been a significant number of e-mails to have responded to in a period of great stress for their teams. On the 10th July they admit that there were problems with getting their rate sheets out in a timely manner and advise of further delays to get it sorted out again.
This communication, warts and all, was out there in the public domain, in great detail, for everyone to see and it is refreshing and reassuring that they take customer service so seriously.
There were other businesses widely affected by Petya/NotPetya. DLA Piper, the large global law firm issued 3 public notifications on their website, on the day of the attack, the following Monday and then last Monday. However the communication in their case was more to do with Public Relations than customer service. “Our IT team acted quickly to prevent the spread of the suspected malware and to protect our systems.” and “We continue to see no evidence that client data was taken or that there was a breach of the confidentiality of that data.” These are boiler plate statements, which you expect to hear, but don’t provide anything meaningful to understand what the current actual status is.
Mondelez, the food giant, who were also affected by Petya/NotPetya published a single post on their website, over a week after the incident, and it’s main focus was the impact the disruption would have on their revenue “Our preliminary estimate of the revenue impact of this event is a negative 300 basis points on our second quarter growth rate.” There was some other boiler plate platitudes in the post, but this has got to be the worst communication of the three organisations.
Still, it’s better than no communications.
- make sure you have a Business Continuity Plan (BCP) in place that is regularly reviewed
- make sure it’s backed by a tried and tested IT Disaster Recovery Plan (ITDRP)
- and for the love of dogs, make sure that communicating clearly and honestly with your customers is built in to the plan. It will make for happier customers if you do it right.