The F*CK Strategy

The pratfall effect application on business

solution The F*CK Strategy

Do you like fried chicken? A year ago or so, KFC was featured in almost every news outlet in the UK: they ran out of chicken for an entire weekend. A horror story for a food chain with 900 restaurants in the country. They were the target of enormous criticism. What did KFC do to address this uncomfortable position?

KFC UK worked together with its advertising agency to plan how to handle the public relations turmoil. An apology arose, but not a dry one. A straightforward tweak using its brand along with a written apology was a splendid move. Check it out:

KFC advertisement. Source:

Figure 1. KFC advertisement at the time.

The company signaled to the public that they screwed things up. The apology was an open, heartfelt expression about contradiction ("a chicken restaurant without chicken is not ideal"). Also, an acknowledgment about how hard it was to maneuver the episode ("It’s been a hell of a week"). Brilliant! What came next was the demonstration of turning a problem into a solution. People loved the response by KFC. Take a look at this video:

Yeah, the agency and KFC won an award for this.

The pratfall effect

In the 1960s, psychologist Elliot Aronson coined the term pratfall effect describing some of his research findings. "The pratfall effect is a phenomenon where people who are perceived as competent, are perceived as more likable or attractive when they commit a blunder."

Aronson ran an experiment recording an actor while pretending to be answering quizzes. In one condition, after "solving" the questionnaires (92% right, on purpose), the actor pretended to spill a cup of coffee over himself. In the other condition, there was nothing clumsy. The recordings were played to a large sample of students who rated afterward how likable the participant was. The clumsy one was rated better.

Pratfall advertising. Source:

Figure 2. Avis advertising using the pratfall effect.

We don’t have to wait for our clumsiness or simulate something of the like to put the pratfall effect into practice. Volkswagen (VW), Avis, Stella Artois, and other brands have used it on advertising campaigns. Let’s talk about a VW case. The VW Beetle was successful thanks to the sharp copywriting pointing to some (apparently) discouraging aspects of the car model. "Ugly," "slow," "noisy," "expensive" are words you would have seen in one of the ads in those glorious years for the Beetle. Thanks to adman and writer Richard Shotton, I came across this funny VW ad: "Think small," featuring the supposedly not-that-right size of the vehicle. Counterintuitive. That’s the complexity of the human mind.

Volkswagen Pin. Source:

Figure 3. Volkswagen advertising.

VW used these weaknesses to their advantage – they implied that the Beetle looked bizarre because their focus was on engineering excellence, not superficial looks. —Shotton

Epic failures and honesty

Have you ever had an epic cybersecurity failure? I bet you have. Fluid Attacks has also been there (I know because I was responsible for one). The "FCK" story and, more broadly, the pratfall effect tells us something valuable about handling incidents and signaling who we are.

Get started with Fluid Attacks' DevSecOps solution right now

Back in 2014, one of our customers angrily called us because of a security incident provoked presumably by one of our pentesters. He performed a denial of service attack on one workstation, and it appeared to have collapsed a middle network security device, leaving large corporate systems offline for around 45 minutes. You read that right: a pentesting company hired to make IT more secure, causing mission-critical systems to be out of service (a contradiction). We met immediately with the manager who hired us. We asked him to tell us about the incident; the losses seemed financially significant. It was an awkward, tense 30-minute meeting. Our colleague admitted his mistake, and we had nothing more to do than offer a sincere apology and come back with a proposal to compensate for the outage. The project was halted.

A few days later, my boss met with the customer, who agreed to resume the project and our compensation proposal. We then reflected on this incident. The words of our CEO at the time still resonate in my mind: "responsibility before profits." Today, that customer continues to trust Fluid Attacks.

We shouldn’t be afraid about being honest when a possibly (huge) error was made. Customers value companies that are perceived close to them. Everybody knows that as humans, we make mistakes, so do companies or brands. Admitting blunders and weaknesses is concrete proof of honesty and, consequently, makes other claims more believable.

If you are ever responsible for a security breach, tell your company quickly. Accept your responsibility, bet on the pratfall effect. Many companies have feared a lousy reaction from business errors following this path but have succeeded.

Failures and not-so-good outcomes from handling strategy

I’ve been a learner at Datacamp for almost three years. This company provides online training in data science in a bunch of technologies (Python, R, SQL, and others). A couple of days ago, I got to know over Twitter about a scandal concerning that company. The CEO was involved in sexual harassment to an instructor in 2017. The data science community, in support of the victim, started a "boycott" this April (example). In short, dozens of instructors started telling people not to take their courses on Datacamp and to use other available resources. The reason? Datacamp management tried to hide or diminish the incident as people demanded transparency and accountability for the issue long ago. On April 24th, a very late communication from the company’s board announced that the CEO was stepping from his position indefinitely. I bet if the strategy was different, all this could have been avoided. Datacamp is a big worldwide player in the e-learning market, and it failed to embrace the pratfall effect. I would say that their "rational" approach led to disastrous public relations handling, eroding their trust.

We’re not flawless, but we do our best

As we saw in this post, being open and confront our flaws could have massive returns. We wanted to share with you another perspective of human nature related to our day-to-day mission in cybersecurity. No individual and no organization is fully protected against security breaches. We must understand that fact, and we should prepare the best we can to avoid those breaches. We, at Fluid Attacks, try the best we can to infuse that premise among our employees. We also share with our customers that we are not flawless and that sh*t happens from time to time.

We invite you to check our services if you still don't know about them. We offer Continuous Hacking, a service that provides a constant review of your source code and applications, looking for vulnerabilities (allowing the development team to focus only on the development), as well as the tracking of the found weaknesses. The service leverages our platform, a critical component of our value proposition. We know our platform is not yet a front-runner. We don't know whether we are the number one or the second, but we work hard to make it better for you.


Subscribe to our blog

Sign up for Fluid Attacks’ weekly newsletter.

Recommended blog posts

You might be interested in the following related posts.

Photo by Michael Dziedzic on Unsplash

An OffSec Exploitation Expert review

Photo by Google DeepMind on Unsplash

Towards an approach that engages more than SCA and SBOM

Photo by Dave Photoz on Unsplash

An interview with members of our hacking team

Photo by Sara Kurfeß on Unsplash

A brief overview of this recent EU draft regulation

Photo by Saad Chaudhry on Unsplash

Increase the board's cyber savvy with these reads

Photo by Ugur Arpaci on Unsplash

Soon it will be a must in cybersecurity due to NIS2

Photo by Snowscat on Unsplash

Toyota's ancient and recently disclosed data leaks

Photo by Pierre Bamin on Unsplash

Watch out for keylogging/keyloggers

Start your 21-day free trial

Discover the benefits of our Continuous Hacking solution, which hundreds of organizations are already enjoying.

Start your 21-day free trial
Fluid Logo Footer

Hacking software for over 20 years

Fluid Attacks tests applications and other systems, covering all software development stages. Our team assists clients in quickly identifying and managing vulnerabilities to reduce the risk of incidents and deploy secure technology.

Copyright © 0 Fluid Attacks. We hack your software. All rights reserved.