The tools you need to save a relationship with an unhappy customer are the ones you use to attract them in the first place, says Matt Rizzetta: customization and personalization.
So the question for Marriott International, which is dealing with a Starwood customer data breach that began in 2014 – two years before the company was acquired by Marriott – and publicized on November 30, is: How do you customize a satisfactory response to half a billion unhappy customers?
“The connection between hospitality brands and consumers is more intimate and more personalized than almost any other product or service you can imagine,” said Rizzetta, founder and CEO of New York-based N6A, a social media and PR agency works with hospitality tech clients. “They need to take a completely different approach to how they’re communicating after the crisis to the family of five that just stayed in their Los Angeles location than they would have to take to the businessman or businesswoman who travels to Marriott locations 20 times throughout the country.”
Bethesda, Maryland-based Marriott said in a statement that in September, the company received an internal alert regarding an attempt to access the Starwood guest reservation database in the United States, and soon after discovered there had been unauthorized access to the Starwood network since 2014.
Because consumers are offering not just personal information but their personal lives to a hospitality brand, problems are exacerbated, Rizzetta said. “There’s a lot more at stake. It’s a much more intimate connection… So what does that mean in terms of communication and marketing from Marriott’s perspective? The stakes are incredibly high, and they can lose customers quicker than they ever could have before in a situation like this. There’s a microscope on everything they’re doing from a communications and marketing strategy standpoint.”
Marriott President and CEO Arne Sorenson expressed regret for the incident. “We will also continue to support the efforts of law enforcement and to work with leading security experts to improve. Finally, we are devoting the resources necessary to phase out Starwood systems and accelerate the ongoing security enhancements to our network,” Sorenson said in a statement on Friday. Marrriott established a website and call center to address customer concerns and began sending emails to notify affected guests. In addition, it is inviting customers to enroll free in WebWatcher, a service that monitors internet sites where personal information is shared.
So how well is Marriott responding to the situation?
“I think overall their strategy has been pretty effective so far,” said Rizzetta, who graded its performance at a B+. “Number one, they’ve been really responsive. A lot of these crises come down to response time and expediency, and in that regard, they’ve been super quick… And the second thing, and I think this is really what has differentiated them from other competitors in hospitality that have dealt with similar crises, is that they really have a product-first solution in mind,” he added, pointing to the company’s use of WebWatcher. “That’s a really important point of differentiation, and something that so far seems to be working.”
What would the company have to do to get an A? Communicate more quickly. “Typically, there are reasons for that delay in communicating the issue, or in this case, admitting that there was an issue or disclosing that there was an issue,” Rizzetta said, usually related to legal liabilities or regulatory concerns. “In a perfect world, if the data breach happened on December 3, on December 3 it should have been communicated. That wasn’t the case here.”
Personalizing a response
At this point, taking a personal approach to those 500 million customers is critical, Rizzetta said. “The hospitality brand really has to mirror that level of personalization in how they’re communicating post-crisis to the consumer.”
In general, “the business traveler cares about confidentiality of business materials, convenience and such, whereas the parent cares about the safety, comfort and experience of their family. Marriott needs to understand the nuances of each persona, and communicate with a targeted message that speaks to the needs and priorities of each,” Rizzetta said.
His advice: Start with the data, compile the users into general profiles, prioritize the profiles by size – and then set three priorities in communicating:
Expediency: “You need to show them that they are your first priority. Speed is an incredibly important factor in that.”
Empathy and contrition: “You need to show that you’re contrite and there’s a genuine, authentic sense of remorse.”
A solution: “You need to clearly illustrate what the solution is. And I think in this case, WebWatcher… should make their job a little easier.”
“Consumers, in times of crisis, want to feel like their brand is in the trenches with them and they’re living and breathing the pain and suffering that they are living and breathing on their side of the table,” Rizzetta said.
In reality, Marriott can only do so much at this point to repair customer relationships. “Marriott is the bad guy. And no matter how good and flawless their execution might be on the communications strategy, there’s only so much they can hope for in terms of outcomes,” he said. “They’re not going to go from being the villain to being the hero here. They’re going to go from being the horrible, terrible villain to the villain who is bad but not so bad.”
And, in this case, the not-so-bad villain would be doing “a diligent and comprehensive audit of every single thing in the Marriott ecosystem that has to do with vendor relationships, with products and innovation with regards to things like cybersecurity and data protection,” Rizzetta said. As a consumer, “I want to know that Marriott’s not messing around.”
While no company can prepare for – or prevent – everything, it all comes back to being proactive.
“It could happen to anyone nowadays,” Rizzetta said of data breaches. “When it came to proactive crisis communication strategies, it was always what happens if there’s a major executive termination, or what happens if there’s some sort of misconduct that happens at a board level.”
But, he said, “nowadays, cybersecurity and breaches is the new misconduct. That should be front and center of a proactive strategy… Cyber first and then everything else second.”