The Anatomy of a Crisis Management Plan

4 key strategies to protect your business against risk

By Justin Hayes

No executive expects a crisis to strike. But every day organizations fall prey to the unforeseen. One study found that 40% of businesses fail after natural disasters. Yet, only half of all businesses have a crisis management plan in place. 

This is surprising, given that a crisis management plan:

  • Optimizes public relations, ensuring that your organization’s reputation remains untarnished in the eyes of customers and business associates.
  • Enhances safety and security for your customers, employees, and shareholders.
  • Increases efficiency and effectiveness in the midst of an unexpected disruption by defining roles and procedures.
  • Improves outcomes, of all companies without a recovery plan, 93% fail within one year of a crisis.

We understand that crisis planning seems overwhelming. There are so many questions to answer: What are the signs? Who are the key players? How can I respond effectively?  

Luckily, with a few tested strategies, you can take positive steps toward protecting your business. 

Let’s begin by defining a crisis.

What is a business crisis?

Two prominent features distinguish a crisis from everyday disruptions in business continuity. A crisis is:

  • Unpredictable – Regular disruptions in the flow of business systems are par for the course. Crises, on the other hand, are unpredictable, resulting from internal or external disturbances.  
  • Broad in scope – A crisis typically disrupts multiple systems and can significantly damage an organization’s assets, image or both. For instance, the 2010 BP oil spill resulted in the loss of billions of dollars in revenue due to damaged infrastructure, product loss and legal fees, in addition to permanent damage to the company’s reputation. 

A crisis demands a proactive approach—a well orchestrated response based on limited information within a short window of time. 

What is a crisis management plan?

A crisis management plan is a series of actionable steps followed in the event of an unexpected and potentially disruptive situation—ensuring that your company is positioned to respond effectively and efficiently before a crisis strikes.

Four steps of building a crisis management plan:

1. Identify Threats

When assessing potential threats to your organization, consider the following variables:

  • Geographic Location – Are your physical locations threatened by natural disasters, extreme weather, or a harsh climate?
  • Crime Statistics in Area – Is your business threatened by theft or property destruction? Are your customers or employees vulnerable to physical assault?
  • Business Format – Does your business have a prominent web presence? Are you susceptible to cyber attacks?
  • Customer Demographics – Are your customers sensitive to messaging? How can you position your brand to resist public relations mistakes?

After carefully considering these variables, you are in a position to identify a list of threats to your organization. For instance, consider a software company headquartered in San Francisco, California. Due to its geographic location, the organization faces the threat of natural disasters, including wildfires and earthquakes. Crime statistics indicate that the organization is susceptible to theft and vandalism. As a software company, the organization stores customer data on a server, thus, cyber attacks are imminent. Finally, spokespeople should prepare to address male millennials, the company’s largest demographic, in the event of a public relations crisis. 

After considering organizational vulnerabilities, it’s helpful to identify the most pressing risks. Begin by understanding the 6 Pillars of Risk Management:

  1. Hazard and Event Risk – How resilient is your firm during and after a serious incident? How well are you able to recover and what impact would such an event have on your day-to-day operations?
  1. Operational and Physical Risk – What countermeasures can be deployed to reduce the likelihood of an incident? Is your organization adequately prepared to meet the challenges a security incident might present?
  1. Technological and IT Risk – are the proper controls in place to fully protect your digital infrastructure? How insulated is your organization from threats to your intellectual property? Do you have the proper legal backing to fight these issues in court?
  1. Market and Economic Risk – How secure is your company’s strategy from outside threats? Do you have a plan to not only protect people and things, but also fight counterfeiting or fraudulent activity?
  1. Environmental and Regional Risk – How would your operations be impacted in the event of a natural disaster like a hurricane or flood? Do your employees know the proper evacuation procedures?
  1. Emergency Preparedness and Training – Do you have a plan in place for an active shooter, bomb threat, or other emergency situation? What impact would that event have on your bottom line?

It’s time to put your plan into action.

2. Make a Playbook

After documenting potential threats to your organization, you are in a position to design a playbook. Begin by evaluating the threats you’ve identified and determining the most effective response. Your response will fall into one of the following categories:

  • Responsive – A responsive plan involves adapting a previously implemented strategy to address a new but similar crisis. For example, if your company previously launched a successful public relations campaign following a social media crisis, the same strategy can be used in a future PR crisis. 
  • Proactive – A proactive plan involves anticipating potential crises and creating contingencies for each potentiality. For example, if your company maintains a database of customer information, you might plan for the occurrence of a data breach.
  • Recovery – A recovery plan involves responding to an unforeseen event. As much as you would like to be able to predict all potential crises, there are some things we can’t plan for. For example, you didn’t plan for a global pandemic to happen in 2020, but you can still position your company to respond effectively to the unexpected.

Regardless of whether or not you anticipate a crisis, you must position yourself to respond efficiently and effectively. The first step is to create a playbook based on one of the three types of responses discussed. 

3. Identify Key Players

Next, decide who your key players are. These can be people inside of your company, including executives, HR representatives, or marketers. It is equally important to include outside consultants who possess an expertise in managing crises. Finally, you may require legal professionals, healthcare professionals, and first responders.

Once you’ve assembled your team, ensure that each member is aware of their role in the event of a crisis. This brings us to the final stage of developing a crisis management plan.

4. Train All Parties

Your team has been assembled, and each member understands his or her role. It’s time to train your team. This process involves a multi-tiered approach. Give materials to each team member, describing the expectations, procedures, and responsibilities associated with their role. Additionally, meet regularly with your team to plan and brainstorm ways to respond to the most likely disruptions. Finally, distribute materials and train all parties involved, including employees, to ensure a well-orchestrated response.

Take control of your company’s future. 

Many business leaders struggle to grasp the myriad risks that threaten their organization. But it’s not for lack of imagination. The fact of the matter is that planning a comprehensive crisis management strategy can be a complicated and time-consuming process, but it doesn’t have to be. That’s why we’ve built a framework that teaches businesses how to anticipate and navigate risk before it becomes a crisis.

Even large and profitable organizations can be upended by the unexpected. A crisis management plan is not a passive assumption that your organization can absorb the impact of a disaster, but an active strategy to give you the peace of mind needed to focus on what matters most: growing your business

If you would like more information on how our team of experts can help you, let’s talk.

Stay tuned

Next week we will further define the types of crises that disrupt organizations. 

Sign up!

For industry-leading guides and analysis sign up for our blog below.

  • This field is for validation purposes and should be left unchanged.

Latest News

risk-takers #08. The State of Security – SPECIAL EPISODE

By Chesley Brown | September 22, 2020

2020 has been a year full of change. In this week’s special episode Brent sits down with Vice Presidents Bryan Taylor, Josh Noland and Max Briggs for a lively discussion on the current state of security. The team discusses current trends affecting business owners, law enforcement, and employees and what to expect in the future. They also discuss how companies can help employees adjusting to the new norm. This is an enlightening conversation, where you’re sure to learn something new.

Read More

Podcast | Risk Takers Series #08. The State of Security – SPECIAL EPISODE

By Chesley Brown | September 22, 2020

2020 has been a year full of change. In this week’s special episode Brent sits down with Vice Presidents Bryan Taylor, Josh Noland and Max Briggs for a lively discussion on the current state of…

Read More
Business COntinuity Plan Illustration

What is Business Continuity?

By Chesley Brown | September 1, 2020

Before completely rewriting your Business Continuity Plan, it helps to understand the fundamentals of business continuity. I put together the following FAQ to give you a better understanding of the underlying information and provide a…

Read More

risk-takers #07 Jack Barsky – Former KGB Spy

By Chesley Brown | August 25, 2020

As part of our on going conversation around corporate espionage, we decided to sit down with a real KGB spy for some insider knowledge. In this week’s episode, Brent sits down with author and former KGB spy Jack Barsky to discuss the growing threat of corporate espionage, how bad actors can access a company’s most valuable secrets, and how that information gets used. This is one of the most fascinating episodes of the season, so tune in! You’re sure to learn a lot.

Read More

Podcast | Risk Takers Series #07 Jack Barsky – Former KGB Spy

By Chesley Brown | August 25, 2020

As part of our on going conversation around corporate espionage, we decided to sit down with a real KGB spy for some insider knowledge. In this week’s episode, Brent sits down with author and former…

Read More
The 7 Step Guide for Building Business Continuity Plans that Work