Crowdstrike Got Crisis Comms Right on Day 1

Written by Adam Goldberg, Co-Founder and Partner

Outside the Olympics, it’s folly to judge how well somebody does something by comparing them to perfection. Yet, that’s exactly what too many have done when assessing Crowdstrike’s and its CEO’s Day 1 crisis comms. Anyone understanding what it’s like in the cauldron of an ongoing crisis recognizes what a great job they did. Yet, there are consultants who’ve claimed otherwise, nitpicking what else Crowdstrike could have done instead of recognizing all that they did do.

If there are crisis comms lessons from Crowdstrike, it’s not about the nitpicks. The most wrong-headed of these came from commentators declaring that PR 101 is to always apologize first and (the criticism went), in his first social media post, CEO George Kurtz didn’t apologize and failed. There’s so much wrong with this.

In the early, immediate hours of the dire crisis, while it was still going on, Kurtz went public, took sole responsibility for the event, made sure everyone knew the event wasn’t a cyberattack, and reassured everyone that a fix was deployed. He then shortly thereafter issued a public apology on national television with additional information. And then, within the same day, the company issued a technical analysis of the event to explain how it happened. These actions were a remarkable example of corporate responsibility and deserve praise, not scorn.

For the record, here’s the tick-tock:

3:00 AM – Kurtz gets woken up with a call informing him of the problem

5:45 AM – Kurtz posts on social media that the incident is Crowdstrike’s fault

7:30 AM – Kurtz goes on the Today show, apologizes, and explains what he knows so far

11:07 AM – Kurtz issues another social post, apologizes again, and provides an update

3:45 PM – Kurtz issues another social post sharing a letter the company sent to customers

9:07 PM – Kurtz posts on social media sharing a technical overview of what happened

Can anyone really think that anybody cared (other than the dart-throwing commentariat) that the CEO’s first social post didn’t include an apology? Does anyone think Crowdstrike was not apologizing to its customers when it was helping them through the crisis? Were there Delta passengers stranded at an airport, looking at that first social post between 5:45 and 7:30 AM, and thinking “that’s outrageous, he didn’t apologize.” No. They weren’t. Nobody was.

Overall, this kind of critique just gets crisis comms wrong – crisis comms isn’t paint-by-numbers, it’s contextual. And the context here was the CEO sharing a great deal of information publicly in the middle of reaching out to customers and trying to solve their problems. He was literally in the heat of the fire when he issued that initial statement. And, by any measure, it was far more important to just tell the public what was happening and to fix the issue.

Of course, I’m not saying apologies aren’t important. They are often necessary. Would it have been marginally better if Kurtz included an apology in his very first post? Sure. But, not every “i” or “t” needs to get dotted or crossed at every moment to manage a crisis very effectively. If you want to fault someone on this issue, fault the people saying otherwise.