We spoke with Sean O’Meara, founder of Essential Content, about crisis communication in regulated sectors and how businesses can protect both their reputations and their customers’ trust.
Sean has advised major organisations across banking, finance, insurance, and healthcare on how to plan for and respond to critical failures – both operational and cultural.
He’s also co-authored a renowned book on corporate apologies and is an experienced speaker on the importance of saying the right thing at the right time.
Let's take a closer look at some of Sean’s insights during our conversation.
The Difference Between an Operational Problem and a Crisis
According to Sean, any major failure typically falls into two broad categories.
Operational failures happen when a company doesn’t deliver what it promises – think flight cancellations, product recalls, or even running out of the key item you’re supposed to sell (like when KFC famously ran out of chicken).
Cultural failures are trickier, often related to a company’s values or leadership behaviour – such as insensitive remarks from executives or advertising campaigns that offend the public.
Both types can escalate fast when customers share their frustrations via social media.
Saying ‘Sorry’ (or Not): The Real Impact
Sean believes that many businesses avoid apologising for fear of legal consequences, but research shows that saying sorry doesn’t significantly increase lawsuits.
"An apology should reflect responsibility.
It’s not always your fault if you’re hacked, but it is your responsibility to handle data properly."
– Sean O’Meara, Founder, Essential Content
He notes that apologising hastily can spark more scrutiny, especially in culturally charged situations.
Planning for a Cyber Attack or Data Breach
No business can ignore the risk of a data breach or cyber attack.
Sean’s advice is to treat breaches as inevitable and have a simple plan ready.
He emphasises:
- Create a skeleton template for potential statements that cover different scenarios.
- Rehearse crisis roles, including who will speak to the media or customers.
- Time-stamp public updates (‘As of 13:00 on Tuesday’) so people see the latest version and avoid confusion.
Communicating During a Crisis: Tone and Clarity
When failure happens, people want quick answers.
"They don’t just want empathy; they want concrete steps."
– Sean O’Meara, Founder, Essential Content
Sean says clarity trumps all else.
Use short sentences and active language. Instead of ‘funds’, say ‘money’ – the fewer jargon terms you use, the better.
"If customers have to pause to decode a statement, you’re adding to their stress," Sean explains.
Balancing Compliance with Empathy
In regulated industries, the stakes are higher.
Consumer Duty rules in the UK mean banks, insurers, and other regulated firms must prove they’re acting in customers’ best interests.
It’s important to:
- Make sure communications are transparent, consistent, and prompt.
- Collaborate with compliance teams at the start of crisis planning.
- Provide remedies customers can trust – such as identity protection services after a data breach.
Key Takeaways
Know your potential failure points: Identify where mistakes are most likely, then figure out how to prevent or mitigate them.
Take responsibility, even if it’s not your fault: Apologise sincerely when needed, and outline what you’re doing to fix the issue.
Keep your messaging simple: Be honest and use direct language. Avoid corporate jargon like ‘funds’ or ‘beneficiary’ in crisis statements.
Work hand in hand with compliance: Make sure your crisis plan respects industry rules, and involve the right experts early.
Update often: Time-stamp communications, and let people know what’s changed since the last update.
FAQs
What Is Crisis Communication?
It’s how organisations respond to serious issues that threaten their operations or image.
Effective crisis communication aims to provide honest updates, protect trust, and reduce long-term damage.
Why Do Apologies Matter?
When done right, apologies show that a business takes responsibility and cares about customers’ experiences.
They help rebuild trust after a serious mishap.
How Should We Plan for a Cyber Attack?
Work backwards from the assumption it will happen.
Create clear guidelines, appoint a crisis lead, and rehearse.
Keep a blueprint for sharing updates quickly.
What If We’re a Regulated Business?
You’ll have extra rules to follow, so bring compliance in at the start.
Show that you’re treating customers fairly and meeting key requirements.
Should We Always Bring Out the CEO to Apologise?
Not always. If it’s a technical problem, use an expert spokesperson.
Save senior leaders for more serious or escalating cases.
References
Data Protection Guidance, Information Commissioner’s Office, 2024
Cyber Security Breaches Survey, Department for Science, Innovation & Technology, 2023
Crisis Communications Guide, CIPR, 2023
Reviewed by
Sam Kendall, 12.03.2025
Sabrina McClune, 12.03.2025