Like a lot of people, you may be wondering what comes next for your business or organization following the Coronavirus outbreak (or any other crisis for that matter). Well, you’ve come to the right place. The Coronavirus outbreak has created a renewed focus on crisis management and risk mitigation for many organizations, especially when it comes to public health risks.
We created this blog as a case study to show business owners how to prepare a comprehensive business continuity and crisis management plan that will help them recover faster, and prevent future crises.
You just need the right tactics.
Why should you listen to us?
- With over 30 years of security management experience, a vast majority of companies we’ve encountered are critically under prepared for a crisis
- We are the only company that advises and manages professional security programs for organizations worldwide.
- The Coronavirus outbreak has completely rewritten the rules on crisis management.
- The tips and strategies we teach aren’t from some random retired law enforcement official who runs a consultancy as a side hustle, but instead from diverse collection of industry leading subject matter experts who have real-world experience in business.
- It only takes one bad day to destroy what you’ve spent your life building. We want you to thrive, and we are here to answer the call, even if it’s at 4:30 in the morning.
In light of the worldwide Coronavirus crisis, we, as a company, have decided to make our business continuity resource center available to the public. Below is a excerpt from our forthcoming ebook titled the “Business Continuity and Crisis Management Playbook.” Over the coming weeks we will be publishing tips, insight, expert analysis, and new operating standards to help companies recover faster, secure what matters most, and protect themselves and their employees in the future. We have put together this guide to help you prioritize action, build on the lessons we’ve learned, and better insulate your employees and assets from future crises.
In our 30+ years of business, a large percentage of the companies we have encountered are either totally unprepared or critically under prepared for crises — even the most predictable ones. Many do possess what the industry refers to as “operational response” plans for specific contingencies, primarily relating to natural disasters. These “how we will protect each person physically” plans remain an inadequate form of communications. They fail to plot for the much wider variety of crises, along with strictly reputation-threatening crises, to which every company or organization is vulnerable.
Nearly 60% of all senior crisis control executives say they are facing more crises today than they did 10 years ago, according to research from Deloitte. From current events such as the global Coronavirus Pandemic to internal issues that can suddenly blow up (think hacking, or defective products) 80% of companies will be confronted by some type of crisis in the next two years. How prepared are you?
Cyber and safety incidents are the most common issues, followed closely by security incidents, performance issues, and finally regulatory or environmental concerns. The fallout can be extensive: beyond simple reputational damage, a crisis can devastate worker morale and sales, not to mention long-term financial performance. Well over 50% of organizations see a jump in consumer complaints after an incident. Once the damage is done, it can quickly metastasize into a broader crisis before you fully understand what is happening. Those facts taken alone are jarring, however, when combined with the fact that 93% of all companies without a recovery plan are out of business within a year; it becomes more important than ever to have a well thought out plan for how your business and team will handle the next crisis.
The Growth of Crisis Management
Crisis management plans are now ubiquitous among the world’s largest corporations. 84% of the world’s fortune 500 companies have individual strategies in place. These plans have been tested to reduce monetary fallout, with Deloitte noting that less than one-third of corporations with a plan document any negative impact on financial performance compared to companies without a plan.
However, a plan alone does not assure a company’s ability to efficiently navigate a crisis. While the studies indicate a tremendous majority of executives accept as fact that their organizations are able to cope with a disaster, most businesses have not tested their preparedness. The most common eventualities that organizations have simulated are generally machine disasters and cyber-attacks, however even then, half of all respondents failed to follow through with the reported recommendations including maintaining a regime of regular ongoing testing. Despite this, 90% of executives say they feel confident in their organization’s ability to respond to a crisis. There is clearly a disconnect. Luckily, this problem is relatively easy to fix.
Tip 1: Systematically test your plans with stakeholders and board members.
Simply testing a disaster plan with senior board members substantially reduces both the number of crises as well as the negative consequences when they do arise — 21% of enterprises that include board members in their crisis management plans reported a decrease in the number of crisis situations they faced, compared to only 2% of the control group. This has the added benefit of creating an open framework for dialog as well as buy-in from each of the stakeholders.
Tip 2: Create realistic crisis simulations.
Creating crisis simulations that mirror an agency’s individual market, shape, and operations are key if risk managers want to fully understand their enterprise’s preparedness, as well as that of their suppliers, partners, and customers. In the words of one respondent: “The operations of [our] company are becoming more complex and involving more dimensions. When dealing with third parties, the company expects to encounter more troubles and problems outside of our control.”
Reducing disaster frequency through risk control.
Tip 3: Invest early in threat management.
Unsurprisingly, the companies who experienced a disaster have been the most proactive and effective at putting measures in place that prevent future incidents. Respondents cited improved detection and early warning systems, extra funding in prevention, and better testing scenarios as the three biggest takeaways from their most recent incidents.
In other words, higher investment in threat management reduces the need for crisis control. Crises can be avoided by fully understanding and mapping out your organization’s risk landscape. You should continually assess the security, accuracy and accessibility of any critical information systems. This might include marketing collateral, income channels, and/or logistics systems along with access to capital. Combined with cyber-security reports, supplier court cases, whistle-blower reports, and open and honest communication with your team can you begin to create a map that evaluates the entire risk landscape holistically.
Tip 4: Test your plans regularly and often.
Tip 5: Use facts to make decisions, not opinions.
Risk managers need to be especially aware of senior executives who refuse to accept the fact that a specific type of disaster could happen within the enterprise – their personal biases should not impact an organization’s readiness to deal with any risk, no matter how likely they personally believe it is to occur.
Leadership and decision-making are of enormous importance during a crisis situation. Different styles of leadership will be necessary at different times as the disaster unfolds, but the spokesperson and team leader should be at the center of your efforts. That means leaders should be flexible, calm and be willing to seek insight and professional advice from their whole team, while also moving decisively. Proactive training and planning are vital when bringing together senior leaders for a disaster, as is making sure they’re aware about the strengths and weaknesses of their own management styles. You may need to make allowances to counterbalance those styles.
The Painful Truth
The recent Coronavirus outbreak has revealed in stark detail how unprepared many businesses, communities, and even nations are to handle a serious disaster. When a disaster is looming, we recommend bringing together an action group to tackle that specific issue, with professionals from within and outside the business working together. Any team should comply with a pre-established crisis communication and management plan. Next week we’ll cover Coronavirus: 6 New Business Risks.
At the end of the day, by telling the painful truth and showing humility and compassion a company can maintain customer trust and the buy-in of its stakeholders. Despite the hardships, every crisis is an opportunity for reinvention and improvement. Many business owners struggle to fully grasp the myriad risks they face. That’s why we’ve built a framework that teaches businesses how to anticipate and navigate risk before it becomes a crisis.
For industry-leading tips and analysis sign up for our blog below.
The security services industry is one of the fastest growing industries in America today. With so many new entrants, technology developments, and emerging threats, it can be exceedingly difficult to keep up with the myriad…Read More
For decades, the US has been a victim of economic espionage — a foe that is now costing American companies billions of dollars in lost revenue. From hacking government websites to infiltrating research institutions with…Read More
By: Dell Spry There are numerous similar, seemingly inconsequential, soft targets scattered across our country unprotected by a single surveillance camera or even a strand of barbed wire. Is this issue getting the attention it…Read More
What is the SolarWinds Supply Chain Attack? SolarWinds, the Austin-based cybersecurity firm, found itself in the middle of a catastrophe due to internal security lapses. The firm recently earned headlines for making it to the…Read More