Intel has been scrambling to calm fears and educate the public about security vulnerabilities discovered in its processors last week. In tandem with other tech companies, Intel said it will issue software patches for 90% of all affected chips within a week.
However, the crisis is about more than chips. Intel CEO Brian Krzanich reportedly sold off a large portion of his shares in the company after the flaws were discovered, but before they were made public.
Krzanich spoke about Intel’s fixes for Meltdown and Spectre in his keynote address at CES 2018 on Monday night, but didn’t mention the stock controversy.
Here’s how seven communications experts reached by PRWeek said Intel should respond to the controversy.
Sean Garrett, cofounder and managing partner, Pramana Collective
Get a new CEO.
Ron Culp, professional director, graduate program for PR and advertising, DePaul University
After initial response hiccups, Intel must make sure what is said is absolutely accurate. Focus on your own situation, fix the problem, and don’t implicate others. At the start of any crisis, take a deep breath and follow the Arthur W. Page Principles, paying particular attention to the second one: "Prove it with action. Public perception of an enterprise is determined 90% by what it does and 10% by what it says." Confidence in the brand requires an accurate explanation and solution.
Elliott Suthers, SVP, Grayling
Meltdown and Spectre are pervasive and complicated vulnerabilities. The average consumer knows that the bugs exist, but has little awareness of how they’re going to be impacted. For the most part, Intel isn’t a consumer company and it’s important that it keeps its core audience in mind when it comes to its communications strategy. It cannot fix this through a simple patch as a software company could, so it will need to work with partners across the tech ecosystem. A communications approach that looks to lift the entire industry will not only benefit Intel, but also restore consumer confidence and help it fortify a leadership position. Simultaneously, it must educate consumers about how it’s working to provide a solution.
Scott Radcliffe, privacy and cyber risk practice lead, FleishmanHillard
[About Meltdown and Spectre]: This is a good example of how well-managed and tightly sequenced communications in response to a potentially damaging issue can have a positive impact. Given how pervasive and concerning the issues were, it could’ve been easy for the chip-makers and hardware OEMs to become more insular. Instead they were largely able to work together so they had the most effective tool in any issues or crisis response: a prompt, credible, and proactive solution to the issue. A top priority for clients facing security or privacy issues similar to this is working as much as you can on the overall strategy of response ahead of it becoming public and to maintain a proactive posture and the perception of transparency. To a large extent, they’ve been able to do that.
Adam Goldberg, cofounder, Trident DMG
Intel probably won’t suffer long-term reputational harm, but its CEO is in for pain. The company should [continue] helping clients patch their own holes and get patches to end-users. It’s that rare cybersecurity issue where prudence was more appropriate than quick transparency.
[But Krzanich] has to answer hard questions about potential insider trading. He needs to come fully clean—something he hasn’t done yet—on why he changed the trading program to make his trades in November and for such an unusually large amount of shares. It certainly stinks, he’s already behind the curve, and he needs to be more proactive and transparent. Saying it’s not expected to have a material impact on revenues might help against the Securities and Exchange Commission, but the stock drop shows the public why he’d sell before the news broke.
Mike Paul, founder and president, The Reputation Doctor
If Intel’s patch strategy doesn’t rise to the level of lasting trust, performance, and security confidence, an expensive and time-consuming recall is the only viable option, and, in my professional opinion, the best crisis solution for the long term. Most boards and C-suites are so short-term-minded in today’s global corporate environment, doing the right thing for the brand and reputation of Intel may not be the primary choice. Sadly, [they’re] highly rewarded for short-term gain and solutions.
Look for Intel to only choose the expensive, long-term solution of a recall, again, if forced to do so. Don’t look for Intel to do so voluntarily. The security patch strategy will leave Intel and us all vulnerable to attack by hackers.
Jason Ouellette, managing consultant, Text100 Boston
[Intel’s] proactive updates seem to have stopped. It provided updates through a January 4 release, activated a microsite with an overview of the problem, solution, and FAQ, but that’s about it. Information in today’s world gets stale pretty quick. Intel [should] provide daily updates to their site providing more insights for their customers, partners, OEMs, and investors. It’d also be a good idea to bring together other vendors to organize a type of industry consortium that regularly reviews and updates threats in the market. These cybersecurity threats will not be defeated by one team, it is going to take organizations from different markets to not only secure the technology, but provide assurances to the general public that these threats are being taken seriously each and every day – not just when an incident is reported.