How we work

Design

Design

Our design team
Heading up the Design
department, Dan has produced
pitches and credentials for over
15 years. Developing a unique set
of skills crossing over design and
production he will help guide you
through the best options for both
print and digital.
Alexia joined the design team in
2012, bringing with her the full set
of skills (along with a bucket load
of enthusiasm), required to help
you on your way to a better pitch.
Always on the look out for new
trends, she can help you produce
innovative pitch work that can work
in harmony with other collateral we
have produced.
With 30 plus yeas design
experience Alan is one of FTI’s
designers, creating accessible
and engaging materials.
Alan’s design background is
in corporate communications,
designing items for, report and
accounting, advertising, branding
and corporate identity.

Our design process
for you
O
O
O
O
Meet Research Content Create
O
Review
O
Rehearse
& revise
O
Deliver
O
Pitch
Key
OO
us
you

Impossible
Utopia
SPEED
Things could
get ugly
DESIGN
IMPOSSIBLE
UTOPIA
Mistakes could
happen
Beautiful
CONTENT

Working
together
Speak to us
If you are unsure, come
and speak to us, we are
here to help and can
show you lots of ideas.

Working
together
Content is the key
Concentrate on your
content, the design
will follow
You do the talking
If it doesn’t need to be there,
take it out. You talk to the
document not read from it

Working
together
Deadlines
The correct pitch date and
time is the most important
tip we can give you

Working
together
Trust us
Every spread has to be
consistent and maintain
a harmonious layout
There is a reason for
everything we do. Trust
us, we have been doing
this for a long time
Leave us to it
The best looking documents
always come from teams
who give us the raw content
and let us crack on

Working
together
Research
As a rule of thumb we use the
company’s brand guidelines and
marketing materials

Working
together
Proofread
We simply cut and past your text. We are not
responsible for proofreading your document

Working
together
Stay flexible
Be open-minded
and respectful

Working
together

Print

Screen
Protecting and Building
Avast’s Reputation in
Privacy: Three Phases
Initial observations
Awareness is narrow Low profile
and deep
Avast remains
Areas of government, relatively unknown
media and industry alert (beyond cyber /
to privacy concerns security ecosystem,
and narrow pockets
in government
and media)
Intense scrutiny
Threat of investigations
and greater regulation
DC Brussels
Investigations
Awareness
Engagement Preparedness
& Media Scrutiny
All
Lawmaker Public Lawmaker Media
Overall
stakeholders
Limited
Limited preparedness
Awareness is
Threat of investigations & media
Low profile in
engagement for mitigating
narrow and
scrutiny creates regulatory risks
US and EU
among key cyber
deep
in both markets.
audiences reputational
risks
Very little
EU has adopted
engagement,
Little to no
regulations in Perceptions
no active
awareness, Largely past decade still very much
participation
limited clout unaware that aim to set tainted – antitech
sentiment
in major trade
due to little (beyond cyber standards for
bodies/industry No current
interaction with and security global tech prevails in
coalitions cyber incident
EU institutions ecosystem). (GDPR, NIS, several member
(BSA, CCIA, focused crisis
overall.
Cybersecurity countries
DIGITALEUROPE, comms plan
act, etc.)
ITI, etc.) to mitigate
political and
Largely
DC media
financial risks
Largely
unaware.
largely not
and minimise
distracted by
Likely not
following – or
reputational
C19 crisis.
aware
scrutinising. Limited
Widespread
damage.
relationships
reporting is
FTC under
& engagement
Awareness limited to tech
Scrutiny/
pressure to
with tech and
is limited to outlets and
investigation
protect user
political media,
a handful of cybersecurity
led by tech
privacy.
lawmakers, and
staffers who daily
outlets.
strategic third
diligently follow newsletters.
privacy issues. Reporting by
Congressional
parties.
Scrutiny of
DC outlets is
inquiries may
Avast antivirus
limited.
continue.
software.
BlackRock:
Leading responsibly
Together with purpose:
FTI Consulting’s response
to BlackRock’s UK Corporate
business RFP
17 th April 2020
1
Responding
to your brief
9
7 8
How we can help
Hitting the ground running
Security Regulatory
and privacy know-how
[Client Confidential]
Experience with
global tech
leaders
Experts on the
ground globally
Main hubs in
⛳ Brussels
⛳ DC
35
offices
⛳ London
globally
⛳ New York
Protecting and Building Avast’s
Reputation in Privacy: Three Phases
Plan
Transform from being
a leader in consumer
cybersecurity to a leader in
privacy: change perceptions
with your key audiences
with effective messaging
and engagement.
Educate
& Engage
Avast’s narrative needs
to evolve / sync with “hot
topics” of the day. This
should include defensive
tools in fighting online
threats, but also offensive
cyber narratives around
privacy. Avast must also
build alliances, make friends
before you need them.
Amplify
Join, create, drive industry
coalitions, participate in
wider conversation and
events on cybersecurity and
privacy to amplify your voice
and reputation.
A Comprehensive
Public Affairs Plan
NOW
Reactive Messaging and Positioning
Limited Engagement with Key Audiences
Low Understanding and Voice
Plan
Educate
& Engage
Amplify
NEXT
Messaging Plan (Defensive and Proactive)
Cyber Incident Preparedness Communications Plan
Media Protocols
Media Outreach Plan, particularly around product launch
Public Affairs Engagement Plan
Corporate Positioning Plan
DC & EU policymakers
Third Parties (Trade organisations, NGOs, Universities)
Cybersecurity and tech policy reporters
Cyber Event Participation & Sponsorship
Thought Leadership
Digital & Social Content Push
Placing responsibility at the heart of
BlackRock’s UK communications
The BlackRock
Communications
Responsibility
Framework
Peers
Real economy
Institutional
Regulators
Companies
Clients
Intermediary
and wholesale
Capital markets and investment
ecosystem which underpins activity
on behalf of clients
Policy makers and
governments
Shareholders
DC
Consumers
Stakeholder groups which engage
with BlackRock clients and influence
BlackRock’s reputation externally
NGOS and
environmentalists
Communities
and economies
Three pillars to asserting BlackRock’s
responsibility to its key stakeholders
1 2 3
Demonstrating
how BlackRock
is supporting UK
clients in navigating
markets, achieving
their financial goals,
by supporting them
in the construction
and analysis of
portfolios
Defending and
promoting the role
of the investment
management
industry to its
wider stakeholder
groups (e.g.
peers, regulators,
policy makers and
governments, NGOs,
environmentalists)
Showcasing the
integral role of
BlackRock to
society and the
real economy, as a
steward to support
the transition to a
more sustainable
world, and in
powering economic
growth in UK
communities
Highlighting the progress BlackRock is making
against its sustainability commitments
Having set out its stall for integrating ESG across the business, and built momentum over the course of the year, we recommend that BlackRock highlights all of the progress it has made against its commitments, bringing everything
together in a concise and digestible format that works for all stakeholders. While some of this can be done by BlackRock, your scale of achievement is more likely to be recognised if it has third party validation and advocacy
We appreciate that the business is likely already discussing how it will show progress on the commitments made in its January pledges. In the UK, which could be leveraged across markets, we propose creating an annual Impact Report, to
act as a vehicle through which the business can report back to its stakeholders in a transparent way to show that BlackRock is accountable, is making progress, and has a license to ratchet up ambition in Larry’s next letter
‘Total Impact’ report
The ‘Total Impact’ report would provide a single point of reference
through which to show how BlackRock has performed across the full
suite of its sustainability commitments
It would seek to cover:
Stewardship – documenting BlackRock’s voting record, case studies
of successful engagement approaches across the active and passive
business (this can be sourced from the existing content that is already
produced by the team, including the stewardship team’s reports and
website content)
Sustainable solutions – an update on new ESG products and solutions
launched, across all asset classes
ESG data and reporting – number of investee companies now disclosing
in line with the TCFD / SASB and how this has changed over the year,
as well as the work BlackRock has done to support this
Key research highlights – the key ESG research produced as well as
any key findings that have supported the sustainable transition
Sustainability in BlackRock’s own business – including BlackRock’s
own gender pay gap data, D&I initiatives etc.
We suggest that the report is launched in December, just ahead of
Larry’s letter in January, to act as a benchmark for what BlackRock has
achieved against its previous year’s objectives
Go-live and building external advocacy
The report would be launched to national and investment trade media with a press release,
summarising BlackRock’s overall progress on sustainability, with case studies and clients /
third parties also lined up for media interviews
The content would be used to support all engagement around Larry’s public statement in
January, tackling any residual criticism of inaction and empowering UK spokespeople to
have a voice on the sustainability progress of the business
We would also identify key stakeholders and NGOs who demonstrate support for BlackRock
or represent a ‘moveable middle’ who can become advocates, and develop a program
of ongoing engagement off the back of the launch to educate this group e.g. round table
dinners, event participation, thought leadership sharing
Supporting the report would be an interactive landing page, ‘Living our commitments’,
housed on the BlackRock UK sustainable investments page:
There, media, clients and other key stakeholders will be able to take a deeper dive into the
latest updates, statistics and easily search for the information most relevant to them
Designed to be transparent, it can be readily promoted across social media through
infographics, animations and high quality, short-form videos from key spokespeople, as well
as feature commentary and statements of support from clients, collaborators and other third
parties
Messaging will be tailored and promoted to different audiences through social advertising
While we would leverage with media, these assets could be used by the whole business and
leveraged with clients, for marketing purposes and wider stakeholder engagement including
on public policy
5 6
9 10
15
29
Plan
Audiences
Agree the message
A Where dynamic they public are affairs and reputational recovery strategy needs to
communicate, educate and build trust with key audiences
Impact
Audience Awareness Understanding (external
perception)
Policy makers and regulators
(DC)
Policy makers and regulators
(EU)
Carriers
Media (tech, top tier, cyber /
security bloggers)
Trade bodies (security, cyber,
tech)
Investment community
(Investors, analysts)
Clear To effectively messaging protect as a and red thread build its reputation, Avast must lean in heavily to
defensive and offensive messaging and outreach
Strategic
Have a
intent
narrative to
respond to
Defensive
the past
Proactively
position Avast
as a leading
voice for
Offensive
privacy and
security
11 12
G U
GUIDANCE
I D A N C E
Monitor and counter
negative stories to set the 80% of Avast’s business comes
record straight and reframe from consumers – our core
the narrative
mission is to keep consumers
around the world safe and secure
Explain past mistakes,
through our products, and we take
protecting customers
this responsibility seriously.
Upon hearing concerns that
Jumpshot might create harm,
Avast quickly shut it down.
A Voice for Privacy The Gateway to Future Technology
Proof point: Honored for The power of data to fuel new
innovation at CES, Avast innovations like artificial intelligence
designs for privacy and and telemedicine can only be fully
favours pro-privacy realised when consumers feel security
policies like encryption. and privacy have been addressed
Plan
Global risks and areas of opportunity for Avast
Techlash
Policy stakeholder focus Media perception Regulatory scrutiny
Data
Privacy
Security
Need for
regulation
Transparency
Vulnerability
Norms for monetisation
Uses for good (i.e. predicting disease)
Future technologies (i.e. AI)
Rules & enforcement taking shape
Encryption debate
Protection level
Data breach/cybercrime/children at risk
Workforce training
Emerging risks: critical systems, IoT
safety, elections
Our 12 month programme: DC
Short term: Plan (Months 1-3):
Medium term: Educate & Engage (Months 4-6):
Long term: Amplify (Months 6+):
13 14
Plan
Educate
& Engage
Amplify
Reality:
Few in D.C. know
Avast.
Challenge:
Repair reputation
for those
lawmakers
familiar with
Avast, entering
privacy
conversation as
new voice.
Messaging: Create narratives that speak to 1)
engagement for listening and lessons learned;
2) leadership on privacy, encryption.
Monitor: Gather political intelligence
and monitor media coverage and privacy
developments on the Hill.
Cyber Crisis Preparation: Develop crisis/data
breach scenario planning playbook.
Communicate coronavirus leadership:
Corporations will be judged by what they did
or didn’t do amid crisis. Consider offering
complimentary software for healthcare and
people on the frontlines.
Take a principled stand on encryption (EARN
IT Act): Tech community and Sen. Wyden need
allies, pro-privacy narrative.
Privacy Legislation: Have a media voice when
the new Congress starts.
Over the horizon: Lead conversation on
harnessing data for good: securing telemedicine,
IoT home security, artificial intelligence, etc.
Amplify D.C. presence: Support and form
partnerships with third party allies, sponsor DC
events.
Thought Leadership: Setup a U.S. public policy
issues webpage, and pen regular op-eds.
Media Outreach Plan: Identify proactive pitch
angles specifically for DC stakeholders, and
upcoming events and opportunities to tell
Avast’s story of its leadership in privacy.
Public Affairs Engagement Plan: DC Roadshow
Prep: Develop outreach plan and schedule for
engaging reporters (Politico, Washington Post),
lawmakers (Sen. Thune, Sen. Schatz), and third
parties (D.C. area universities, CTA).
Identify and Prepare Company Spokespersons.
DC Roadshows: Meet, cultivate relationships,
and seek allies with cyber reporters and tech
policy reporters, lawmakers, and third parties
like the Consumer Technology Association to
show leadership on privacy.
Digital Content: Work with Avast’s corporate
reputation partner to leverage Avast’s blog,
social platforms, and other vehicles to share
thought leadership, and react to DC-focused
cyber stories of the day.
Policymaker relationships: Be a friend and
trusted voice for officials at the intersection of
developing policy.
Secure Participation on Cybersecurity Panels
and Events: Work with Avast’s corporate
reputation partner to seek speaking and
sponsorship opportunities on privacy policy
panels at events like CES.
Spearhead Creative Digital Campaigns on
Privacy: Work with Avast’s corporate reputation
partner to ensure these messages are being
heard in Washington through social targeting
and in materials shared with lawmakers and
reporters.
The BlackRock FTI newsroom
We pride ourselves on our ability to deliver set-piece, integrated campaigns, but a successful communications strategy is underpinned by a consistent flow of engagement across all channels. Building
relationships and sharing insights with the media which your clients and stakeholders read, and engaging those audiences through owned channels will help to protect as much as it will enhance your
reputation. Robust processes are integral to delivering on this, and sit at the centre of every FTI client account.
The day-to-day would focus on supporting themes, content and products / solutions determined by BlackRock Corporate Communications, distribution teams and stakeholders across the wider
business. This could range from supporting product launches, promoting the views of distribution teams in the pensions, wealth management, adviser, consumer finance and lifestyle media, and
delivering a constant flow of opportunities to promote market views of key spokespeople through market commentaries, editorial features and broadcast, owned and social channels, as well as at
industry conferences and media events. We treat every piece of news and content with a campaign mindset, creatively considering multiple angles and media activation.
Sharing peer and industry intel
In-depth industry analysis
Repurposing content and
Briefing notes
Creative content for owned channels
research
Corporate
Business line
Keeping on top of editorial
Presentation preparation
profile raising
support
Social media content drafting
schedules, journalist moves and
conversation online
Press meeting programmes
Commentaries and newsjacking
Digital and social content
creation, engagement and
By-lines
Planning
Media monitoring
advertising
and
Journalist and third party
Press releases
strategy
Conferences and awards
endorser engagement
Media events
Broadcast opportunities
Campaigns
Press lists
Issues
Features
and thought
management
leadership
Social media campaigns (organic and paid)
Q&As and statements
Market sensing
In-depth intelligence of the sector, its stakeholders and how they like to consume information is crucial to any communications strategy,
and particularly for a business as large as BlackRock. At FTI, over 15 members of our team specialise in savings and investing. We pride
ourselves on understanding and advising our clients on how the trends which are emerging in the sector will impact their communications
and supporting them in building relationships with influencers, media and stakeholders who shape their reputation. The insights are based
on being in the flow through the clients we advise, a strong desire to be gathering intelligence first-hand from media, and using leading
digital tools for conversation analysis and influencer mapping
Market
intelligence
We recognise the importance
of keeping your internal
stakeholders up to speed on
the biggest news stories and
trends. Through our deep
sector knowledge and strong
relationships with the media,
industry bodies, investors
and intermediaries, our team
would act as an extension of
the BlackRock team to deliver
regular and timely insights to
inform your communications
approaches
On the ground
intelligence
Personal relationships
with trade and national
publications are crucial to
maintaining visibility and
goodwill with journalists.
FTI’s 35-strong Financials
team is a hub of connectivity
with financial media – sharing
insights into publication
editorial agendas, staying
on top of comment and
features opportunities, and
recognised by journalists as
a ‘go-to agency’ for industry
commentators and content
Proactive
communications
Being on top of the news
agenda also informs a large
part of our proactive media
strategies. BlackRock would
receive regular industry
focused newsletters and
round-ups of key events
produced by FTI, as well as a
bespoke ‘news hook calendar’
to keep track of relevant
upcoming news events
and help plan for proactive
campaigns
Conversation
mapping across
key stakeholders
Social media and digital
channels would be central to
insight gathering alongside
traditional media. FTI
utilises a number of social
listening tools to track
online conversations and
trending topics among
key stakeholders (further
information outlined in the
appendix), which would
inform the planning of all
campaigns and activity
Taking in the
global picture
As a large global business,
BlackRock is not immune to
political, socioeconomic and
financial news around the
world. FTI’s global offering
ensures that both localised
and global insights are
considered when informing
UK media approaches, with
leading sector and political
experts located in key
markets for senior counsel
when needed
Data analytics to
drive strategy
FTI’s proprietary
Communications Analytics
platform utilises AI and
deep analytics to maximise
the positive impact of
communications. Our tools
and techniques help us find
the ‘white space’ for thought
leadership, test messages
ahead of critical events to
ensure a positive response
and predict how events are
likely to unfold – allowing you
to better prepare
Conversation
mapping across
key stakeholders
Our integrated, multi-channel
approach means that we can
effectively map stakeholders
both offline and online. With
a wealth of technology at our
fingertips, we’re able to map
networks of influence around
BlackRock and key themes,
map online conversations and
even predict trending topics
among key stakeholders
(further information outlined
in the appendix), which would
inform the planning stage
with BlackRock ahead of
campaigns or activity
51
58

4 Strategic Communications Crisis Communications Offering 5
6 Strategic Communications Crisis Communications Offering 7
8 Strategic Communications Crisis Communications Offering 9
12 Strategic Communications Crisis Communications Offering 13
10 Strategic Communications
14 Strategic Communications Crisis Communications Offering 15
Credentials
The 3 phases of a crisis
Our offering
Our offering
Stage 1: Prepare
Stage 2: Respond
Stage 3: Repair
IN CASE OF EMERGENCY…
Not if, when.
With turbulence in our world growing and the always-on nature of the news, the
potential for crisis has become an almost daily consideration for business.
In our annual Resilience Barometer survey of
2,000 businesses, 84% of companies said that
they anticipate a crisis in the year ahead, but less
than half feel adequately prepared to deal with
such a threat.
And in this age of round-the-clock company
scrutiny, we see almost as much focus given to
how a company handles a crisis as the crisis itself.
84%
of companies
surveyed expect
a crisis in 2020
Globalisation, investor activism, regulatory
change, political and cyber risk are all
contributing to increasing business vulnerability
and they are amplifying the need for Boards
to carefully consider their ability to respond
effectively.
87%
of respondents
claim they have had
a significant crisis
situation negatively
impacting their
business in 2019
Our crisis experience
Cultural Financial Operational External
Leadership failure
Corruption
Restructuring
Accidents
Employee fatalities
Fraud
Cyber breach
Natural disasters
Discrimination
Restructuring
Product recall
Industrial dispute
Employee protests
Financial misconduct
Regulatory investigations
Social activism
Professional misconduct
Financial mismanagement Cartel / Competition investigation Media investigations
Gender pay
Investor activism
Litigation
Public health emergencies
Parliamentary hearing
The first suite of services we offer deals with helping companies to prepare for
crisis. First, we take time to audit the company’s levels of readiness, then we help
the business to plan for crisis, before testing our work with simulation exercises.
Discover
Plan
Test
Audit current protocols Scenario planning Various simulation
and communications
exercises to test the
assets
Develop crisis protocols quality of your crisis
plans:
Interviews with senior Map crisis team, roles
execs / leadership and responsibilities FTI Fortify Workshop
Benchmark against best Social listening and FTI Fortify Simulation
practice
media monitoring
Vulnerability
Understand risk
Extract information
Review systems
Review company culture KOL, third-party and assessments
stakeholder mapping
Optimise processes
Manage the media
Legal processes
Map all stakeholders and engagement
Develop plans
Reassure stakeholders
Rebuild trust
FTI Detect – audit of the Media, spokesperson
cyber shadows left by and interview training
senior management
Employee
communications
preparation
The second phase involves the services we typically expect to provide during a
crisis situation. This list is not exhaustive, as no two crises are ever the same.
We bring discipline and the benefits of prior experience to ensure various
contingencies and potential outcomes are considered and analysed in a given
situation. In this way, we aim to enable our clients to execute coordinated and
consistent communications responses.
D-day
As the crisis
Ongoing fallout
evolves
from the crisis
Rapid on-the-ground team Victim support
Litigation communications
deployment, including full
Investor relations advice Preparation for
back- office support
parliamentary hearings
Employee communication:
Strategic advice: response,
Town halls, staff emails Investor relations: Briefing
messaging, recommended
analysts and forecasts,
approach
Regulatory liaison
consensus management
Engagement with
Customer engagement
Employee engagement:
stakeholders
Rapid response correcting New structures,
Monitoring: social and misreporting
restructuring, working
mainstream media
practices & culture
Background media
listening
briefings
Ongoing media
Analysis and
engagement
Comms materials: Scripts,
recommendations
key messages, Q&As
Media relations, journalist
FTI Fortify60 – our mobile
engagement and response
app for crisis comms
Personal security
The final phase is recovery. A crisis event can often trigger widespread changes
to an organisation, not just in terms of its reputation. Management might change,
jobs may have been lost, new strategies developed and deployed.
Our goal in the recovery process is to position the crisis as firmly in the past, emphasising
the progress made to restore confidence and bridge to long-term growth and success.
Once the crisis has subsided and recovery is underway, FTI Consulting helps clients to
identify and apply the lessons learned, facilitating continuous improvement and assured
management of future issues.
Analyse
Reposition
Embed
Crisis evolution and Positioning of past events Targets & KPIs
experience feedback from
Rewrite the story
Demonstrating progress
management team
and success
Re-articulating corporate
Media coverage analysis
narrative (values,
Executive/leadership
Social and digital media perspective etc)
profiling
analysis
Media engagement
Embedding best practice
Internal and external
and institutionalising
Stakeholder reengagement
perception studies
knowledge
Update and revising crisis
management protocols
Strategic Communications
Crisis Communications Offering
Why are we different?
Some of our crisis work in recent years
2 Strategic Communications Crisis Communications Offering 3
FTI Consulting has decades of experience in supporting companies, governments and individuals through crisis situations. From the aftermath of
the Deepwater Horizon tragedy, through plane crashes, products recalls, fraud, investor activism, cyber breaches and many more. As such we are
ideally positioned to support Boards in preparing for and dealing with crises.
Lessons learned:
Multi-disciplinary:
Holistic view:
Collaborative approach:
Boardroom experience:
Why now?
The rise of the antagonist
How to react:
Our crisis philosophy
We have been in the As a multi-disciplinary A crisis isn’t just about Many of us are former
thick of some of the most business advisory
your share price, or your journalists, lawyers,
challenging corporate firm that focuses on customers, or the media litigation experts so
crises of recent times. The defending our clients’ or politicians. It’s about we understand where
lessons we have learned enterprise value, we offer all of them together. We everyone is coming from.
in these most exacting much more than other ensure that the advice we We always work closely
Finally, our financial PR
heritage means that we
are very used to standing
toe to toe with the C-suite
in the Boardroom. It is
our mission to ensure
of situations now benefit
communications firms and give takes all interested
with your other advisers,
that reputation sits at
those clients facing crisis
have access the insights
parties into account.
including your legal
the heart of the Board’s
issues of their own.
and expertise from our
team, to provide the best
decisions in times
colleagues across our
possible outcome.
of crisis.
global business segments.
Traditional media
The landscape for business has become more complex and more dangerous in recent
years: Social media is increasing the velocity and complexity of crisis situations;
traditional media is investing heavily in investigative reporting; investor activism is
on the rise; and politics is becoming ever more divided. As other stakeholder groups
become more sophisticated and confident in using traditional and digital media to
express their views, the landscape becomes ever more treacherous for Boards.
Bots
Social media
Information is
oxygen in a crisis –
ensure you can access
the info you need
Don’t think about
audience groups
in isolation
Never underestimate
internal reaction
Be mindful of where
your crisis goes next
Build a resilient
leadership team
Use technology to
measure your plan
and its impact
Think beyond Comms –
work holistically across
your business
Fix the roof while the sun
is shining – be prepared
This proliferation of threats means business needs to think more broadly about resilience and make sure
crisis preparedness is holistic. Policy problems are PR problems. Employee issues and regulatory issues.
Business continuity is a reputational concern. It’s all interconnected…
NGOs & unions
Politicians
Employees
Activist investors
Regulators

Loss of intellectual property
Other literature
Size and sensitivity of cyber breach
Breaches from inside and out
The view from business in 2019
THE ANATOMY
OF A CRISIS 3
WHEN NOT IF
What can cyber breaches of the
past 10 years teach us about how
to prepare for them in the future?
Volume
These next images show the size of data breaches and the sensitivity
of the data which has been lost across the 300 incidents. We believe
that this information helps give our clients an idea of where their
breach sits in terms of precedent and therefore how extensive their
crisis response plan needs to be. Any data breach can become very
serious, very quickly, but in terms of pure numbers, a data loss of
fewer than 1m records can be considered relatively small. At the
other end of the spectrum, there is a special category reserved for the
27 companies who have lost more than 100m data records, and two
have even had a billion records compromised.
As for data sensitivity, we have categorised the lost data based on
its contents, how sensitive it is to the customer and its value on the
dark web. Financial and health information, for example, tends to be
targeted more as a result of its higher resale value.
Cyber incidents by size
(Data records lost)
XXL (100m+)
27
Large (5m-10m)
26
Small (up to 1m)
97
72
Medium (1m-5m)
Cyber incidents by data sensitivity
(Data records lost)
Email
Some personal details Financial information Health/personal Full customer
addresses only
(eg. Age, home address) (eg. Paypal, credit records
details
card info)
Less serious
More serious
For a management team handling a data breach, these charts provide Finally, we looked at cyber incidents by sector. The telecom, media,
useful context. For example, a breach of 100,000 records would be and technology (TMT) sector dominates as it incorporates so many
small in relation to other historical breaches, but because the data loss businesses – telecoms, media, app and web businesses – that
contains personal medical information, it is materially more sensitive are fundamentally digital and therefore susceptible to external
and likely to have significant repercussions as a result.
technological interference. Healthcare, government and financial
organisations are also featured due to the sensitive and valuable
data they hold. In ‘other’, we see critical infrastructure businesses,
such as energy and transport, though these are less prevalent than
other categories.
Cyber incidents by sector
At the moment of cyber breach, the research presented in this study
will allow management teams to gauge the severity of their breach
relatively to those that have previously occurred.
This first image shows whether breaches have come from outside the
organisation – including hacks, denial of service, ransomware and
other forms of attack – or whether the incident has arisen as a result
of internal issues – such as an employee hack, a misplaced device or
poor security. We have cut the data this way as we will later consider
whether internal lapses have more significant consequences than
attacks from external actors.
More than two thirds of the incidents came from attacks from
outside the business. Management teams should prepare
for these threats with activities such as cyber vulnerability
assessments, penetration testing and threat- hunting
operations. This will help better understand your cyber risk
profile and ultimately build a robust security posture, which
is the best way to prevent a breach from occurring.
The remaining third came from incidents which appear to
have originated from inside the business.
Crisis incidents by type
Attacks from
the outside
204
Breaches from
the inside
96
Hack from inside
the business
Breaches
from the inside
We have broken down these 96 incidents into the four
buckets mentioned above. The most prevalent cause was
internal security lapse, which could have been avoided. Lost
hardware, deliberate employee breaches and human errors
are also important factors, underlining the need for proper
employee training and awareness.
6 | Anatomy of a Crisis Volume 3 FTI Consulting, Inc. | 7
12
Human error
17
Internal security lapse
27
40
Lost laptop,
USB, drive
In our survey conducted for the Resilience Barometer 2020, we asked
business leaders to list the corporate risks they had experienced in
the past year. A cyber-attack was the most common risk reported,
overshadowing other threats such as product defects, leaks, trade
restrictions and litigation.
CYBER ATTACK #1
corporate risk
expected in 2020
27% of respondents reported that their business experienced a cyber
breach in the past year. This number increases to 33% among those
companies where leaders report feeling under extreme pressure to
increase revenue, which underlines the truism that governance can
sometimes be overlooked in the pursuit of growth at all costs.
We then asked what type of cyber-attacks their business had
sustained in 2019. The most common breach was a phishing attack,
followed by loss of customer or patient data, followed by the loss of
third-party information.
As leaders look to the year ahead, cybersecurity is again the number
one concern, and 26% of leaders expect their business to be harmed
by an attack in 2020.
Which of the following cyber attack has your organisation been negatively impacted by over the last 12 months?
Phishing / Social engineering
Loss of customer / patient data
Loss of third-party information
Distributed denial of service (DDoS)
Ransom / Data hostage situation
Loss of intellectual property
12 | Anatomy of a Crisis Volume 3 FTI Consulting, Inc. | 13
Other cyber attack
19%
19%
20%
20%
25%
26%
27%
2020
XL (10m-100m)
76
145 46 37 24 21 32
Tech, media,
Healthcare Government Financial Retail Other
telecoms
8 | Anatomy of a Crisis Volume 3 FTI Consulting, Inc. | 9
The impact
Financial Impact
Operational impact
Introduction
Our research tells us that a cyber breach is the top concern
for boards and management teams. They prioritise it over
technological disruption concerns, product defects and even
trade restrictions and they report lost revenue, customers and
employees among the consequences. And yet we see that fewer
than half of those business leaders are preparing to manage their
cyber risk proactively in the year ahead. We believe that this
paradox is worth investigating. In the third volume of
The Anatomy of a Crisis, we aim to investigate the cyber
landscape in more detail.
Our objective with this report is to provide an overview of the cyber breach
landscape, the impact of these breaches and how companies have responded.
What worked well and what didn’t work? We hope to provide critical information
to clients for the moment they face cyber breaches of their own.
About The Anatomy of a Crisis series
About this report
In this age of round-the-clock company scrutiny, we see We used two different sources to compile the data
almost as much focus given to how a company handles for our report. The first is an analysis of 300 publiclyavailable
cyber breaches over the past 10 years,
a crisis as the crisis itself. With turbulence in our world
growing on a daily basis, and the always-on nature including details on the type of breach, company
of the news, crisis has become a daily consideration performance, impact, company response, etc.
for business. If handled poorly, crises can cause deep
and long-lasting damage to a company’s reputation. If The second data source is our 2020 Resilience Barometer, which
contains interviews with over 2,000 company leaders from G20
handled well, a crisis can become an opportunity for
countries. References regarding the impact to people and the way
a company’s management team to demonstrate their they responded come from this study.
mettle to investors, customers and employees.
Part 1 – Cyber Breaches
With this in mind, FTI Consulting is undertaking a series of research Provides an overview of the 300 publicly reported cyber breaches –
studies into crisis events, called The Anatomy of a Crisis. Our aim is where they have happened as well as the scale and type of breach.
to shine a light on those crises and assess how they played out with
a view to helping businesses successfully navigate future disruptive Part 2 – Breach Impact
events of their own. Historical context and – crucially – data can be Assesses the impact that cyber breaches have had
the critical factors in helping management teams make the right – the financial, operational and reputational damage that they cause.
decisions in the heat of a crisis moment.
PART 1
CYBER BREACHES
Types of cyber breach
PART 2
THE IMPACT
In Part 2, we examine the impact that
cyber breaches have had on businesses.
This data will provide management
teams with a good sense of the
operational, financial and reputational
damage that can come from cyber
issues – useful context as businesses
plan their own responses.
14 | Anatomy of a Crisis Volume 3 FTI Consulting, Inc. | 15
We begin with the financial impact, where we see cyber-attacks
having a disproportionate effect on business. Of all the corporate
risks mentioned, even compared to product defects, trade restrictions
or technological disruption, cyber is perceived to have the greatest
impact on lost sales.
What was the negative impact as a direct consequence of these cyber-attacks?
Lost revenue
Lost customers
Loss of value (stock market value)
Fine from regulator
Litigated against
There was no negative impact
According to FTI Consulting’s 2020 Resilience Barometer, lost revenue
is also the number one impact mentioned as a consequence of cyber
attacks. 27% of business leaders report lost revenue as a negative
impact of a cyber-attack in 2019. Further financial impacts can come
from regulatory fines and litigation – 17% and 16% of businesses
respectively incurred these impacts.
16%
17%
20%
24%
27%
27%
26%
Lost customers
due to cyber breach
The operational impact of a cyber breach can also be significant.
The most obvious immediate consequence is data loss. 26% of
business leaders say their breach resulted in the loss of customer
data, 25% report losing third-party data and 19% say that their
business lost intellectual property (IP) because of their breach. It
is not surprising, therefore, that 24% of business leaders believe
that customers have been lost as a direct result of a cyber-attack, a
number which is borne out of the lost revenue statistic previously
listed.
The impact of these incidents is also felt internally. 18% of businesses
report employees exiting the firm and citing the cyber breach as
one of the reasons for leaving. A similar number – 16% – report that
potential new hires decided not to join the firm because of the breach.
Another operational consequence of a cyber breach is that attention
is diverted from the day-to-day management of the business. 20%
of businesses reported this impact. In another of The Anatomy of a
Crisis study, we report on the human cost of crisis – the mental and
physical impact on management and the cost on relationships with
colleagues and family.
These impacts start to answer the question – why do management
teams care so much about cyber breaches?
16 | Anatomy of a Crisis Volume 3 FTI Consulting, Inc. | 17
Through our research and in-depth analysis, FTI Consulting will help
management and communications teams support their instincts with
empirical data when considering their organisation’s cyber breach
response strategies and plans.
Part 3 – Company Response
Examines how companies responded – their communications
approach and the operational changes they made as a result
of the breach.
This analysis will help management and communication teams
support their instincts with empirical data when they consider their
own cyber breach response strategies and communications plans.
This section provides us with an overview of the
cyber breach landscape, looking at 300 cyber
breaches from 2009 to 2019. Of course, many more
cyber events have occurred, but not all have been
reported. This is a list of the largest breaches over
the past 10 years across the world – those which
have attracted the greatest public attention.
At the moment of a cyber breach, this information will allow
management teams to see how serious their own breach is,
relative to those that have gone before.
2 | Anatomy of a Crisis Volume 3 FTI Consulting, Inc. | 3
4 | Anatomy of a Crisis Volume 3 FTI Consulting, Inc. | 5
The impact
The response
Reputational Impact
Media volume:
Medium-term response – business preparedness
The final piece of the impact puzzle is the issue of reputation. We used We have found much of the same with this research. For data
three measurements for reputation - share price, media volume and breaches that do not contain the most sensitive data, the market
media sentiment.
reaction tends to be relatively benign. This context is helpful
as companies start the process of deciding where to focus
Share price:
communications energies at the announcement of a breach. There is
In our previous Anatomy of a Crisis reports, we suggested the
temptation to be ‘investor-first’ with corporate communications and
share price reaction to cyber-attacks tends to be relatively modest to be led by the needs of that group. However, the data suggests that
compared to other forms of crisis, such as fraud and accidents. the market tends to be forgiving, and given what we have learnt about
Although 20% of business leaders reported share prices dropping, our how customers and employees react to news like this, management
2017 survey showed that while we see shares decrease in the first may be well advised to focus their attention on these groups first.
few days after a cyber-attack, within three months, on average, the
stock tends to recover.
The exception to this is where the data lost is of a particularly
sensitive nature. Here, the loss of value is significant.
So, organisations should pay close attention to the sensitivity
of the compromised data when they decide how best to
communicate their response.
Share price impact by data sensitivity
Some personal details (eg. Age, home address)
Financial information (eg. Paypal, credit card info)
Health/personal records
Full customer details
2
0
-2
Does a cyber breach have a pronounced impact on media interest in a company? As you would expect, the answer is yes. On average,
a company receives five times more media coverage, and eight times more social media coverage in the month after a cyber breach
than in normal conditions. We also see that the bigger the breach and the more sensitive the data, the bigger the media interest.
4.7x
Media multiplier (breaches up to 10m data sets)
8.3x
Media multiplier (breaches over 10m data sets)
The size and sensitivity of the data has a bearing on how much interest the media shows
Full customer details
10.3 x
Health/personal records
6.4 x
Loss of third party information
Despite everything that we have learnt previously about the negative impact of a cyber breach and the seriousness that
management teams apply to it, it seems that few are preparing to deal with the threat effectively. Only 45% of those we spoke
to say that their businesses are preparing proactively to deal with a cyber-attack. And only 39% of business leaders say that
their businesses are conducting cyber -attack simulations on a regular basis.
Lost data Impact on stakeholders Impact on management
Loss of customer data
25%
Customers lost as a consequence of breach
26%
24%
20%
18%
Employees left due to breach
Mental health issues
Management attention diverted
36%
For those businesses which are investing in closing their security gaps, where is the money being spent?
The top investment is in training. 35% of business leaders say that they have invested in employee awareness, security culture and training
in the past twelve months – more than any other category. Given the prevalence of internal security breaches that we have seen in Part 1,
this focus is understandable. That said, we also noted that lost devices and human error are declining, so these efforts appear to be having a
positive effect. Companies clearly understand that training is a responsibility that sits entirely within their control, which is not always the case
with certain external elements of cybersecurity.
Which of the following have you invested in over the past 12 months?
Employee awareness, security culture and training
35%
Threat monitoring and detection capability
33%
IT patching and technology stress testing
31%
Available qualified cyber expertise in-house
30%
Cyber insurance in place
27%
Regulatory compliance obligations understanding
27%
Breach preparedness and response planning
26%
Third-party service provider vetting
26%
Crisis communications readiness
26%
Third party vendors/providers managed vulnerabilities identification
24%
Critical assets and systems identification
24%
-4
-6
-8
-10
Financial information (eg. Paypal, credit card info)
Some personal details (eg. Age, home address)
2 x
2 x
19%
16%
Ne w hires decided against joining
Deteriorating relationships with spouse and family
20%
Board-level awareness and support
24%
Sector and geographic threat awareness
21%
None of the above
7%
When it comes to external threats, the biggest investments are in technology – specifically threat monitoring and detection and IT patching and
stress testing. Also high on the list of priorities are activities related to proper governance, namely in-house cyber expertise, cyber insurance
and a thorough understanding of regulatory obligations.
-12
Start
After a day
After a week
After a month
18 | Anatomy of a Crisis Volume 3 FTI Consulting, Inc. | 19
26 | Anatomy of a Crisis Volume 3 FTI Consulting, Inc. | 27

Online credentials

Design

Our design process
for you
O
Meet
O
O
O
Research Content Create
O
Review
O
Revise
O
Finishing
O
Pitch
We meet and learn
about what part of
the business you are
pitching to, the type
of content being used,
advise on the best
format to go forwards
and set deadlines for
the project
We research the
prospective client,
taking inspiration
from client branding,
their culture and
other collateral, such
as annual reports,
marketing materials,
and imagery. Then
create an overall theme,
look and feel.
If you know about new
branding or have an idea
for a theme it would be a
good time to let us know
when we meet
Think about your
entire layout
thoroughly before
sending to us.
The documents we
produce take as much
time as it takes you
to write. It is far more
efficient to get the
content to us as final
as possible.
If someone else has
sign off let them see it
before we design it
We will have created a
template in readiness.
Once you send your
content, we will work
to get you the proper
visual solutions,
laying out your text
and processes before
returning it at your
prearranged deadline
We will send you
your document or
print a mock-up if
required for you to
review. This often
gives you more
ideas and helps you
simplify procedures
or processes.
You will also proof
read and make any
text amends before
sending back to us
We will go through
revisions together
for minor visual and
text amends.
Large volumes of text
changes will be re-sent
to us to replace
Depending on the
format, we will deliver
the file to you, or
arrange for print.
Please allow enough
time for special prints.
Items such as hard
covers will need to be
signed off early
Pitch your finished
document with
added confidence
that none of your
competitors will have
anything as original
Key
OO
us
you

Working together
Helpful tips for bespoke pitch work
Stay flexible - be open-minded and respectful
Speak to us
If you are unsure, come and
speak to us, we are here to help
and can show you lots of ideas
Content is the key
Concentrate on your content,
the design will follow
Try not get hooked up with
old presentations. It’s better
to have your own ideas and
understand why the diagram in
front of you says what it says.
Copy is supposed to flow, so try
not to use a million bulletpoints
in the document
If it doesn’t need to be there,
take it out. You talk to the
document not read from it
Deadlines
The correct pitch date and time
is the most important tip. If
you have told us the pitch is
earlier than it actually is, your
document won’t look as good
as it could. The chances are
we will already be working
on something else when you
come back with additional
changes, effecting not only your
document, but others as well
If you think you are going to
miss a deadline, just let us
know so we can reschedule
our workload. This might lead
to a compromise, however we
always want the pitch to look
the best it can, so don’t get
stressed. Let’s just get it done
Trust us
Every spread has to be
consistent and maintain a
harmonious layout. There’s a
reason for everything we do.
Trust us, we have been doing
this for a long time
Leave us to it
The best looking documents
always come from teams who
give us the raw content and let
us crack on
Research
As a rule of thumb we use the
company’s brand guidelines and
marketing materials. Imagery
and colours are found through
researching their literature
and website if there are no
guidelines
However, If you have a clear
idea on a route you would
like to take then let us know
beforehand
Additionally, if the company is
re-branding then tell us (you do
not want to present a job using
older branding)
Proofread your document and
type up changes
We will simply cut and ast your
text. We are not responsible for
proofreading your document
Hand written pages wastes our
time and yours. The chances are
we can’t read your writing. Type
it up
Got a new idea?
Use it! But if it’s complicated
or needs to be sent off-site for
print, then we need to work out
timings first

Working
together
Content is the key
Concentrate on your content,
the design will follow
You do the talking
If it doesn’t need to be there,
take it out. You talk to the
document not read from it