Most companies don’t spend much time thinking about crisis communications…until they have to.

But in tech — especially if your company handles customer data, sensitive information, or payment information — not having a basic crisis plan is like driving without insurance. You hope you’ll never need it. But if the day comes, you’ll be grateful you took the time to prepare.

Why does crisis planning matter?

Crisis doesn’t always mean a data breach or some dramatic scandal with your CEO (though yes, those happen). It could be as simple as a bug that exposes user data, a tone-deaf Exec tweet, or an employee walking away with confidential IP.

Let’s just say, I’ve seen some sh*t:

• A SaaS platform where users logged in and were shown other user’s account data.

• An Executive that misused company funds… in very unfortunate ways.

• A fire in a data center with no injuries, but answers needed immediately on the level of global disruption.

Having at the very least a loose plan to address these types of issues makes a huge difference.

What does a good crisis plan look like?

Contrary to popular belief, I don’t think a crisis plan should be a 50-page playbook with every single action step and message pre-drafted. Instead, it should be more like a roadmap. A simple, high-level guide that helps your team stay calm and aligned when things get messy. At the very least, it should include:

• A clear list of who is in the room: execs, legal, HR, product, marketing/PR, etc.

• The order of operations: how you verify facts, contain the issue, and communicate effectively through each channel.

• Decision trees: “If this is a security breach, we do X. If this is a personnel issue, we do Y.”

• A framework for tone: what transparency looks like, what accountability means for your company, and how you apologize with authenticity

Having something like this in place allows you to be much less reactive, and think clearly in times of intense stress.

One of the biggest mistakes I’ve seen is companies try to jump into damage control without first understanding what happened. If you don’t have the facts, you can’t communicate with credibility.

A few truths to keep in mind:

• Transparency buys time. You don’t need all the answers right away. A simple “We’re aware of the issue and are working to resolve it” is far better than silence or fabricated spin to make the issue “look” under control when it’s not.

• Internal comms comes first. Your employees are your first line of defense — they should hear it from you, not from Twitter.

• Authenticity matters more than polish. Customers, investors, and reporters can sniff out BS. Own your part, share your steps, and don’t default to finger-pointing.

When do you bring in an outside expert?

Most data or technical issues can be handled internally by a solid PR Strategist. But if lives are at risk, there’s legal exposure, or you’re a public company, I always recommend bringing in a crisis comms specialist. It’s about severity, scale, and stakes at that stage, and you need someone who spends all of their time thinking about how to address these kinds of issues on a massive scale.

The bottom line

Crisis comms planning is about hoping for the best, but preparing for the worst. Done well, it’s a tool that will provide a semblance of clarity in the midst of chaos — helping your team respond with confidence.

Because in those moments when things go sideways (and let’s be honest, they sometimes do), your plan can mean the difference between trust lost… and trust earned.