Crisis communications best practices for 2025

27/10/2025 16:59:05
Share
2025 has delivered a tidal wave of high-profile reputational crises for major brands and no doubt there will be countless other crises that have quietly damaged businesses behind the scenes. From cyberattacks that crippled Britain’s high street retailers to data breaches affecting millions of customers, the message is clear…crisis communication planning is no longer optional. 

We keep a close eye on how businesses respond to crisis situations, and where best practice standards are being upheld. Here are some observations on crisis communications best practice from the year so far.
 

Say something early and clearly


The first response doesn’t need to have all the answers. But silence? That’s what causes speculation, which can be catastrophic for businesses. 

When Marks & Spencer was hit by a major ransomware attack in April, the retailer moved quickly. Within 24 hours of systems going down, M&S issued a formal statement acknowledging the cyber incident, reporting the breach to the National Cyber Security Centre and hiring external experts. The company stressed that stores remained open and assured customers their data was safe.

This early, transparent communication was initially praised and earned goodwill from customers during what would become a months-long recovery. While the crisis deepened - with online shopping suspended and £millions wiped off the company's market value - that early acknowledgment meant M&S controlled the narrative from the start, rather than falling foul to rumours.
 
Response Time and alarm clock
Cyber security

Be consistent across all channels


Cybersecurity has been a dominant crisis theme this year, with M&S providing both positive and cautionary lessons. The retailer did what any business should, which is acknowledge the breach, issue regular updates and activate systems to address customer concerns. However, as the situation evolved and promises to return to normal had to be scaled back, the communications became more challenging.

Consistency across platforms matters as much as the words themselves. When CEO Stuart Machin told the public business was “back to normal”, only for Click & Collect and online orders to be suspended days later, it highlighted how difficult it is to maintain consistency when a crisis is moving at pace.

Crisis communications best practice is to not overpromise. Keep all channels aligned and, if the situation changes, acknowledge it quickly and honestly. Gaps between what you say and what customers experience will damage trust faster than the crisis itself.

Communicate transparently in a crisis


In early May, Co-op faced a breach affecting data relating to a significant number of its 20 million members. The business initially reassured customers that there was “no evidence that customer data was compromised”. However, the ransomware group responsible later shared samples with the BBC containing Co-op membership card numbers, names, addresses, emails and phone numbers - along with databases including employee usernames and passwords.

The discrepancy between Co-op's initial statement and the hackers' claims created confusion and damaged trust. With major UK retailers now holding extensive databases of information connected to loyalty cards and shopping habits, the potential reputational crisis from data loss is significant.

Facing a similar situation, M&S took a different approach. When they confirmed that hackers had stolen customer information they immediately notified all affected users and reset passwords as a precaution.

The big takeaway from these examples is that when customer data is involved, transparency is most important. Don't understate the breach, and provide clear guidance to help customers protect themselves. Crisis management best practice is to be proactive and explain what you're doing to prevent future incidents.

Take precautionary action and communicate it clearly


When Harrods was the victim of a cyberattack in late April - making it the third major UK retailer targeted within days - the luxury department store took quick action. They limited online access while reassuring customers that physical shops and online shopping remained operational.

Harrods stated it had experienced attempts to gain unauthorised access to some of its systems and proactively took systems offline. Harrods demonstrated control by framing the response as precautionary rather than reactive.
 

Lead with authenticity and empathy 


In January, American Airlines Flight 5342 collided with a US Army helicopter resulting in 67 people being killed. The crisis communication team activated its plan within minutes of the tragedy. Within hours, CEO Robert Isom expressed deep sadness and support in a heartfelt video, while the airline immediately launched a hotline for loved ones and activated its support team for families and staff. 

He demonstrated transparency, compassion and empathy which helped to secure trust. American Airlines’ response prioritised victims, supported families, and coordinated with authorities and partner organisations in a joined-up and transparent way.
 

The fundamentals of crisis communications stay the same…  


2025 has reaffirmed what is key in crisis communications - speed, empathy, clarity, consistency, and learning. These are the crisis communications best practices that distinguish resilient organisations from those which are destined to be remembered for all the wrong reasons. 

Crisis communication plans are a crucial part of running a business. They can’t sit in a file waiting to be used. They must be active, tested, updated and ready for if the proverbial hits the fan.

If your company’s crisis management plan hasn’t been reviewed this year, now’s the time. We can help you prepare for the moments that can make or break your reputation. 

  Contact us if you’d like to know more.