Like a lot of people, you may be wondering what comes next for your business or organization following the Coronavirus outbreak (or any other crisis for that matter). Well, you’ve come to the right place. The Coronavirus outbreak has created a renewed focus on crisis management and risk mitigation for many organizations, especially when it comes to public health risks.
We created this blog as a case study to show business owners how to prepare a comprehensive business continuity and crisis management plan that will help them recover faster, and prevent future crises.
You just need the right tactics.
Why should you listen to us?
- With over 30 years of security management experience, a vast majority of companies we’ve encountered are critically under prepared for a crisis
- We are the only company that advises and manages professional security programs for organizations worldwide.
- The Coronavirus outbreak has completely rewritten the rules on crisis management.
- The tips and strategies we teach aren’t from some random retired law enforcement official who runs a consultancy as a side hustle, but instead from diverse collection of industry leading subject matter experts who have real-world experience in business.
- It only takes one bad day to destroy what you’ve spent your life building. We want you to thrive, and we are here to answer the call, even if it’s at 4:30 in the morning.
In light of the worldwide Coronavirus crisis, we, as a company, have decided to make our business continuity resource center available to the public. Below is a excerpt from our forthcoming ebook titled the “Business Continuity and Crisis Management Playbook.” Over the coming weeks we will be publishing tips, insight, expert analysis, and new operating standards to help companies recover faster, secure what matters most, and protect themselves and their employees in the future. We have put together this guide to help you prioritize action, build on the lessons we’ve learned, and better insulate your employees and assets from future crises.
In our 30+ years of business, a large percentage of the companies we have encountered are either totally unprepared or critically under prepared for crises — even the most predictable ones. Many do possess what the industry refers to as “operational response” plans for specific contingencies, primarily relating to natural disasters. These “how we will protect each person physically” plans remain an inadequate form of communications. They fail to plot for the much wider variety of crises, along with strictly reputation-threatening crises, to which every company or organization is vulnerable.
Nearly 60% of all senior crisis control executives say they are facing more crises today than they did 10 years ago, according to research from Deloitte. From current events such as the global Coronavirus Pandemic to internal issues that can suddenly blow up (think hacking, or defective products) 80% of companies will be confronted by some type of crisis in the next two years. How prepared are you?
Cyber and safety incidents are the most common issues, followed closely by security incidents, performance issues, and finally regulatory or environmental concerns. The fallout can be extensive: beyond simple reputational damage, a crisis can devastate worker morale and sales, not to mention long-term financial performance. Well over 50% of organizations see a jump in consumer complaints after an incident. Once the damage is done, it can quickly metastasize into a broader crisis before you fully understand what is happening. Those facts taken alone are jarring, however, when combined with the fact that 93% of all companies without a recovery plan are out of business within a year; it becomes more important than ever to have a well thought out plan for how your business and team will handle the next crisis.
The Growth of Crisis Management
Crisis management plans are now ubiquitous among the world’s largest corporations. 84% of the world’s fortune 500 companies have individual strategies in place. These plans have been tested to reduce monetary fallout, with Deloitte noting that less than one-third of corporations with a plan document any negative impact on financial performance compared to companies without a plan.
However, a plan alone does not assure a company’s ability to efficiently navigate a crisis. While the studies indicate a tremendous majority of executives accept as fact that their organizations are able to cope with a disaster, most businesses have not tested their preparedness. The most common eventualities that organizations have simulated are generally machine disasters and cyber-attacks, however even then, half of all respondents failed to follow through with the reported recommendations including maintaining a regime of regular ongoing testing. Despite this, 90% of executives say they feel confident in their organization’s ability to respond to a crisis. There is clearly a disconnect. Luckily, this problem is relatively easy to fix.
Tip 1: Systematically test your plans with stakeholders and board members.
Simply testing a disaster plan with senior board members substantially reduces both the number of crises as well as the negative consequences when they do arise — 21% of enterprises that include board members in their crisis management plans reported a decrease in the number of crisis situations they faced, compared to only 2% of the control group. This has the added benefit of creating an open framework for dialog as well as buy-in from each of the stakeholders.
Tip 2: Create realistic crisis simulations.
Creating crisis simulations that mirror an agency’s individual market, shape, and operations are key if risk managers want to fully understand their enterprise’s preparedness, as well as that of their suppliers, partners, and customers. In the words of one respondent: “The operations of [our] company are becoming more complex and involving more dimensions. When dealing with third parties, the company expects to encounter more troubles and problems outside of our control.”
Reducing disaster frequency through risk control.
Tip 3: Invest early in threat management.
Unsurprisingly, the companies who experienced a disaster have been the most proactive and effective at putting measures in place that prevent future incidents. Respondents cited improved detection and early warning systems, extra funding in prevention, and better testing scenarios as the three biggest takeaways from their most recent incidents.
In other words, higher investment in threat management reduces the need for crisis control. Crises can be avoided by fully understanding and mapping out your organization’s risk landscape. You should continually assess the security, accuracy and accessibility of any critical information systems. This might include marketing collateral, income channels, and/or logistics systems along with access to capital. Combined with cyber-security reports, supplier court cases, whistle-blower reports, and open and honest communication with your team can you begin to create a map that evaluates the entire risk landscape holistically.
Tip 4: Test your plans regularly and often.
Tip 5: Use facts to make decisions, not opinions.
Risk managers need to be especially aware of senior executives who refuse to accept the fact that a specific type of disaster could happen within the enterprise – their personal biases should not impact an organization’s readiness to deal with any risk, no matter how likely they personally believe it is to occur.
Leadership and decision-making are of enormous importance during a crisis situation. Different styles of leadership will be necessary at different times as the disaster unfolds, but the spokesperson and team leader should be at the center of your efforts. That means leaders should be flexible, calm and be willing to seek insight and professional advice from their whole team, while also moving decisively. Proactive training and planning are vital when bringing together senior leaders for a disaster, as is making sure they’re aware about the strengths and weaknesses of their own management styles. You may need to make allowances to counterbalance those styles.
The Painful Truth
The recent Coronavirus outbreak has revealed in stark detail how unprepared many businesses, communities, and even nations are to handle a serious disaster. When a disaster is looming, we recommend bringing together an action group to tackle that specific issue, with professionals from within and outside the business working together. Any team should comply with a pre-established crisis communication and management plan. Next week we’ll cover Coronavirus: 6 New Business Risks.
At the end of the day, by telling the painful truth and showing humility and compassion a company can maintain customer trust and the buy-in of its stakeholders. Despite the hardships, every crisis is an opportunity for reinvention and improvement. Many business owners struggle to fully grasp the myriad risks they face. That’s why we’ve built a framework that teaches businesses how to anticipate and navigate risk before it becomes a crisis.
Sign up!
For industry-leading guides and analysis sign up for our blog below.
Latest News
Podcast | Risk Takers Series #1 The Aldrich Ames Espionage Case
Dell Spry, a former FBI investigator and counterespionage expert, sits down to discuss the biggest case of insider theft in U.S. History: The Aldrich Ames Case. Hear how he, along with the help of the…
Read Morerisk-takers #1 The Aldrich Ames Espionage Case
Dell Spry, a former FBI investigator and counterespionage expert, sits down to discuss the biggest case of insider theft in U.S. History: The Aldrich Ames Case. Hear how he, along with the help of the CIA, and the fellow FBI agents used their cunning, hard work, and old fashioned investigative work to capture and convict most infamous CIA officer-turned traitor: Aldrich Hazan “Rick” Ames. Beginning in 1985 the CIA experienced the unparalleled loss of its of Soviet assets, which nearly destroyed the government’s ability to gather intelligence on the Soviet Union. In this interview Mr. Spry discusses his personal involvement in the case as the FBI’s lead investigator including many of the investigative methods they used. Hear never before details about the harrowing investigation to not only investigate and convict the highest ranking government official ever accused of spying, but to protect future Russian assets. In 1991, the quest led them to search for a Soviet spy in the CIA. They came to identify that spy as CIA Case Officer, Aldrich Hazan “Rick” Ames, a long-time CIA case officer and analyst. In February of 1994, Ames was arrested by the FBI and sentenced to life in prison.
Read More10 Steps for Building a Crisis Management Communication Strategy
Small changes have a big impact. As a public health crisis of worldwide proportions comes into focus, it is imperative for individuals, organizations, and nations to develop effective resilience strategies, including communications and outreach as…
Read More7 Tips the Pros Won’t Tell You About Budgeting For Risk
Every business must create its own process for identifying, testing, and budgeting for risk. We studied the data and talked to several industry-leading CSOs to find out how they do it. How much should your…
Read MoreThe Future of Work
The Future of Work: Protecting Trade Secrets Written by: Dell Spry Many businesses, both large and small, are desperately seeking ways to keep their companies operational with all of the closures and uncertainties associated with…
Read More