Corporate Disinformation and Reputational Risk: What Businesses Must Do to Prepare
By the time Paul Folino, CEO of Emulex, had poured himself the first cup of coffee of the day and sat down to his desk in Costa Mesa, California, his company’s share price had dropped 62% losing $2.2BN in market value in a disastrous 16 minute period.
What triggered such a precipitous drop in the share price?
At 09:30am Eastern (06:30am on the West Coast, before the California-based company was open for business) a press release hit business news site Internet Wire announcing startling news about Emulex: the SEC was launching an investigation into the company over accounting irregularities, it’s Q4 financials showed a loss, and CEO Paul Folino had resigned. Bloomberg News — the go-to source for investors and followers of financial markets — carried the news of Emulex’s losses, citing the Internet Wire press release claims as the likely reason.
The problem: The Internet Wire press release was fabricated, a creation of a former Internet Wire employee who held a short position on Emulex and was facing a substantial loss unless the company’s share price dropped. Even after the share price rebounded quickly, it’s estimated that investors lost over $110M in the scandal.
Despite the eye-watering losses involved, you’ve probably not heard Emulex’s story. The reason is that it happened in August 2000 — four years before Mark Zuckerberg pushed the first lines of code to Facebook and six years before Jack Dorsey sent the first Tweet.
Corporate mis- and disinformation, then, are nothing new. But if anything, the risks faced by business in 2020 are even greater: fake sites bearing false claims amplified by bots can go viral on Facebook and Twitter in a matter of minutes, damaging rumours can spread undetected on WhatsApp, and deepfake audio and video can be weaponized against company staff and executives. Trust and credibility have never been more important to businesses — with recent research suggesting the COVID-19 pandemic and lockdowns have made consumers increasingly likely to stick with brands they know and trust.
So what can businesses in 2021 do to protect themselves against disinformation risks?
Threat modelling is a tool often used by cybersecurity experts to map threats, analyze risks, and prioritize responses. To address disinformation threats, this process needs to involve stakeholders from across a business, including internal & external comms, legal, IT, security, and executive leadership. Workflows — who manages which piece of the response process and how — and decision points need to be mapped out in advance and stress tested. In disinformation response speed is a key factor, so there’s no time to design processes on the fly.
Learn to Listen
To find nascent disinformation attacks against your company, businesses need to design and implement social media monitoring operations that allow you to quickly detect false claims and misinformation before it goes viral. These can build upon existing social media infrastructure, but will require regular refinement and investment in monitoring capacity. Beyond social media monitoring, businesses need to ensure that they have clear channels for customers and the public to ask questions and flag any concerns they have about potential disinformation. Increasingly channels like WhatsApp that cannot be centrally monitored are spaces where disinformation thrives, so the first time a business might learn about a disinformation attack may be when a customer contacts them — and they need to be sure to listen.
Disinformation thrives in a vacuum and can quickly turn viral, so businesses need to issue a clear public response. How, when and where that response appears are key strategic considerations — bear in mind that media can amplify both the disinformation (as in Emulex’s case) and the correction. Businesses need to ensure they know how and who to contact at platforms like Facebook and Twitter to stop disinformation at source. Disinformation can also spread inside a company, so ensuring an effective internal communications strategy can be implemented is essential.
As with all crisis communications, the best protection is prevention — but that likely isn’t possible when it comes to disinformation. Anyone anywhere can publish false allegations against a business, and boost those claims using inexpensive bots.
The next best protection is maintaining a reputation for transparency and ethical practices, so that when viral rumours spread, the trust businesses have earned with their customers acts as a natural antidote to falsehoods. But in order to maintain that trust, ensuring businesses have an effective strategy and plan for managing disinformation campaigns is essential.
Emulex recovered — with substantial losses — from their disinformation crisis, triggered by a single false press release. But in 2021, with the new range of tools available to disinformation actors, and the amplification of disinformation that can happen at relentless speed on social networks, that recovery may not have been guaranteed. Be prepared, learn to listen, and act fast.
If you are a company that wants our help designing and implementing a corporate disinformation strategy, get in touch at firstname.lastname@example.org