Perhaps customer data has been breached, or perhaps the front page of their website has been defaced or perhaps there's been a threatening email from hackers warning their very web presence is in jeopardy if they don't pay a ransom.
The problems are different but the underlying issue is the same – what the company says and does in the next 24 hours will communicate to customers, the industry and the media exactly what kind of business they are. The clock is ticking and the next 24 hours could make or break their business.
That statement is far from exaggeration.
Special Agent Ed Gibson of the FBI and assistant legal attaché to the US Embassy in London said: "Companies survive on their reputation."
Spilling the beans
Upon realising there is a crisis afoot companies must instantly address how they are going to deal with it, not just in terms of rectifying the issue from a technical perspective but in terms of who they tell, how they tell them and what the consequences may be.
"Their first thought may be 'what's this going to do to our stock price'," said Gibson but is there anything to be said for brushing hacks and attacks under the carpet?
Martin Langford, the self-styled 'Master of Disaster', has handled more than 350 crises worldwide in all manner of sectors in his role at PR agency Kissman Langford and believes skeletons tend not to remain in the closet for very long.
"I absolutely guarantee there is no such thing as a rumbling crisis within an organisation that will not make it into the outside world," he said.
And if the press get a sniff of a story, don't even think about pulling the 'no comment' stunt.
"If you decide to resort to 'no comment' it will exacerbate the negative coverage of your story," said Langford.
"If you don't communicate, others will," he said, warning that disgruntled employees, customers with an axe to grind or others within the industry will be all too willing to put the boot in.
Instead companies should demonstrate concern, be clear and consistent in their messaging, demonstrate control of the situation and maintain an air of confidence at all times – the breach has happened, that fact cannot be changed but from a customer perspective it is better a crisis in the hands of the confident than a crisis in the hands of the panicked and bewildered.
If the press are digging around or calling for comment don't stall them with waffle. Even if companies are not ready to issue a statement when the phone first rings – because that may even be the first they hear of the problem – they should still send the journalist away with an answer of sorts. Tell them when they can expect comment and guarantee them that deadline will be met. It may be that openness and that willingness to cooperate that stops a few journalists digging further.
Langford warns such crises will always hit when companies are least expecting it and least well-equipped to deal. But sod's law is perhaps the only given in life – "expect the unexpected," he said.
Triage stage
And brief your PR team properly. It's what you pay them for.
Ciaran Nelson, an account director at Lewis PR, told silicon.com: "There is nothing worse when it comes to handling a crisis than keeping your agency in the dark, because for us it's like going into a boxing match blindfold."
"Admitting there is a problem is two-thirds of the solution," he said. "Alert all parties with a vested interest and all parties who can help you. Be completely open with your in-house team and your PR agency."
In medical terms this is the triage stage. If you want to find the best cure you need to describe all the symptoms in detail.
"We need to know all the facts. For example, if similar incidents have happened in the past then we need to hear it first from the client and not from a journalist," said Nelson.
Depending on the scale of the crisis, companies may also want to similarly brief their legal counsel.
Of course, one of the first actions in the event of any criminal activity should be to inform the police.
Going into your local police station may draw little more than faux-concern and blank faces but fortunately the police do now have dedicated resources for handling such enquiries. But be warned, these resources are critically over-stretched and under-staffed.
The FBI's Gibson warned that nobody benefits in the long run from a conspiracy of silence.
"The CEO may be saying 'we don't want this to go public, we don't want to report this hack, I'll just let it go' but the National Hi-Tech Crime Unit has a confidentiality charter and it really does work," he said, which is reassuring news for any company which believes a call to the police is tantamount to putting a call in to the newsdesk of the BBC.
Play video
There are currently no comments for this post.