The Anatomy of a Crisis Management Plan

4 key strategies to protect your business against risk

By Justin Hayes

No executive expects a crisis to strike. But every day organizations fall prey to the unforeseen. One study found that 40% of businesses fail after natural disasters. Yet, only half of all businesses have a crisis management plan in place. 

This is surprising, given that a crisis management plan:

  • Optimizes public relations, ensuring that your organization’s reputation remains untarnished in the eyes of customers and business associates.
  • Enhances safety and security for your customers, employees, and shareholders.
  • Increases efficiency and effectiveness in the midst of an unexpected disruption by defining roles and procedures.
  • Improves outcomes, of all companies without a recovery plan, 93% fail within one year of a crisis.

We understand that crisis planning seems overwhelming. There are so many questions to answer: What are the signs? Who are the key players? How can I respond effectively?  

Luckily, with a few tested strategies, you can take positive steps toward protecting your business. 

Let’s begin by defining a crisis.

What is a business crisis?

Two prominent features distinguish a crisis from everyday disruptions in business continuity. A crisis is:

  • Unpredictable – Regular disruptions in the flow of business systems are par for the course. Crises, on the other hand, are unpredictable, resulting from internal or external disturbances.  
  • Broad in scope – A crisis typically disrupts multiple systems and can significantly damage an organization’s assets, image or both. For instance, the 2010 BP oil spill resulted in the loss of billions of dollars in revenue due to damaged infrastructure, product loss and legal fees, in addition to permanent damage to the company’s reputation. 

A crisis demands a proactive approach—a well orchestrated response based on limited information within a short window of time. 

What is a crisis management plan?

A crisis management plan is a series of actionable steps followed in the event of an unexpected and potentially disruptive situation—ensuring that your company is positioned to respond effectively and efficiently before a crisis strikes.

Four steps of building a crisis management plan:

1. Identify Threats

When assessing potential threats to your organization, consider the following variables:

  • Geographic Location – Are your physical locations threatened by natural disasters, extreme weather, or a harsh climate?
  • Crime Statistics in Area – Is your business threatened by theft or property destruction? Are your customers or employees vulnerable to physical assault?
  • Business Format – Does your business have a prominent web presence? Are you susceptible to cyber attacks?
  • Customer Demographics – Are your customers sensitive to messaging? How can you position your brand to resist public relations mistakes?

After carefully considering these variables, you are in a position to identify a list of threats to your organization. For instance, consider a software company headquartered in San Francisco, California. Due to its geographic location, the organization faces the threat of natural disasters, including wildfires and earthquakes. Crime statistics indicate that the organization is susceptible to theft and vandalism. As a software company, the organization stores customer data on a server, thus, cyber attacks are imminent. Finally, spokespeople should prepare to address male millennials, the company’s largest demographic, in the event of a public relations crisis. 

After considering organizational vulnerabilities, it’s helpful to identify the most pressing risks. Begin by understanding the 6 Pillars of Risk Management:

  1. Hazard and Event Risk – How resilient is your firm during and after a serious incident? How well are you able to recover and what impact would such an event have on your day-to-day operations?
  1. Operational and Physical Risk – What countermeasures can be deployed to reduce the likelihood of an incident? Is your organization adequately prepared to meet the challenges a security incident might present?
  1. Technological and IT Risk – are the proper controls in place to fully protect your digital infrastructure? How insulated is your organization from threats to your intellectual property? Do you have the proper legal backing to fight these issues in court?
  1. Market and Economic Risk – How secure is your company’s strategy from outside threats? Do you have a plan to not only protect people and things, but also fight counterfeiting or fraudulent activity?
  1. Environmental and Regional Risk – How would your operations be impacted in the event of a natural disaster like a hurricane or flood? Do your employees know the proper evacuation procedures?
  1. Emergency Preparedness and Training – Do you have a plan in place for an active shooter, bomb threat, or other emergency situation? What impact would that event have on your bottom line?

It’s time to put your plan into action.

2. Make a Playbook

After documenting potential threats to your organization, you are in a position to design a playbook. Begin by evaluating the threats you’ve identified and determining the most effective response. Your response will fall into one of the following categories:

  • Responsive – A responsive plan involves adapting a previously implemented strategy to address a new but similar crisis. For example, if your company previously launched a successful public relations campaign following a social media crisis, the same strategy can be used in a future PR crisis. 
  • Proactive – A proactive plan involves anticipating potential crises and creating contingencies for each potentiality. For example, if your company maintains a database of customer information, you might plan for the occurrence of a data breach.
  • Recovery – A recovery plan involves responding to an unforeseen event. As much as you would like to be able to predict all potential crises, there are some things we can’t plan for. For example, you didn’t plan for a global pandemic to happen in 2020, but you can still position your company to respond effectively to the unexpected.

Regardless of whether or not you anticipate a crisis, you must position yourself to respond efficiently and effectively. The first step is to create a playbook based on one of the three types of responses discussed. 

3. Identify Key Players

Next, decide who your key players are. These can be people inside of your company, including executives, HR representatives, or marketers. It is equally important to include outside consultants who possess an expertise in managing crises. Finally, you may require legal professionals, healthcare professionals, and first responders.

Once you’ve assembled your team, ensure that each member is aware of their role in the event of a crisis. This brings us to the final stage of developing a crisis management plan.

4. Train All Parties

Your team has been assembled, and each member understands his or her role. It’s time to train your team. This process involves a multi-tiered approach. Give materials to each team member, describing the expectations, procedures, and responsibilities associated with their role. Additionally, meet regularly with your team to plan and brainstorm ways to respond to the most likely disruptions. Finally, distribute materials and train all parties involved, including employees, to ensure a well-orchestrated response.

Take control of your company’s future. 

Many business leaders struggle to grasp the myriad risks that threaten their organization. But it’s not for lack of imagination. The fact of the matter is that planning a comprehensive crisis management strategy can be a complicated and time-consuming process, but it doesn’t have to be. That’s why we’ve built a framework that teaches businesses how to anticipate and navigate risk before it becomes a crisis.

Even large and profitable organizations can be upended by the unexpected. A crisis management plan is not a passive assumption that your organization can absorb the impact of a disaster, but an active strategy to give you the peace of mind needed to focus on what matters most: growing your business

If you would like more information on how our team of experts can help you, let’s talk.

Stay tuned

Next week we will further define the types of crises that disrupt organizations. 

Posted by:

Sign up!

For industry-leading guides and analysis sign up for our blog below.

  • This field is for validation purposes and should be left unchanged.

Latest News

Employee Spotlight: Isabella Mazza

By Chesley Brown | January 3, 2024

We’re thrilled to introduce Isabella Mazza, the newest rockstar on our team at Chesley Brown International. Ready for some real talk and a sneak peek into Isabella’s world? Well, you’re in for a treat! Isabella…

Read More
how security enhances Commercial Property Values

The Economic Benefits of Private Security: Enhancing Commercial Property Values

By Chesley Brown | August 30, 2023

As the world becomes increasingly unpredictable, it’s no surprise that businesses are focused on protecting their assets. While public security initiatives have long been at the forefront of ensuring public safety, private security has emerged…

Read More
Maximizing security with a limited budget

Maximizing Security Without Breaking the Bank: Practical Tips for Organizations with Limited Budgets

By Chesley Brown | August 15, 2023

In today’s digital landscape, security threats are everywhere and no organization is immune to them. However, with limited budgets for security measures, organizations often face a tough challenge in ensuring that they remain protected against…

Read More
Electric vehicle charging station. Image is used to show EV fire hazards

The Hazards of EV Charging Stations

By Chesley Brown | July 26, 2023

Written by: Andy Marsh Fire and Life Safety Manager Chesley Brown International Technological advances have been the driving force behind the way we communicate, the way we work, and possibly even the way we get…

Read More
An engineer and the safety team walking a construction site discussing risk awareness

How to Foster a Culture of Risk Awareness and Responsibility

By Chesley Brown | July 18, 2023

In a world where new threats seem to emerge every single day, how can businesses protect themselves from the next danger hiding around the corner?  Technology can help. So can guidance from trained security experts.…

Read More
The 7 Step Guide for Building Business Continuity Plans that Work