The Anatomy of a Crisis Management Plan

4 key strategies to protect your business against risk

By Justin Hayes

No executive expects a crisis to strike. But every day organizations fall prey to the unforeseen. One study found that 40% of businesses fail after natural disasters. Yet, only half of all businesses have a crisis management plan in place. 

This is surprising, given that a crisis management plan:

  • Optimizes public relations, ensuring that your organization’s reputation remains untarnished in the eyes of customers and business associates.
  • Enhances safety and security for your customers, employees, and shareholders.
  • Increases efficiency and effectiveness in the midst of an unexpected disruption by defining roles and procedures.
  • Improves outcomes, of all companies without a recovery plan, 93% fail within one year of a crisis.

We understand that crisis planning seems overwhelming. There are so many questions to answer: What are the signs? Who are the key players? How can I respond effectively?  

Luckily, with a few tested strategies, you can take positive steps toward protecting your business. 

Let’s begin by defining a crisis.

What is a business crisis?

Two prominent features distinguish a crisis from everyday disruptions in business continuity. A crisis is:

  • Unpredictable – Regular disruptions in the flow of business systems are par for the course. Crises, on the other hand, are unpredictable, resulting from internal or external disturbances.  
  • Broad in scope – A crisis typically disrupts multiple systems and can significantly damage an organization’s assets, image or both. For instance, the 2010 BP oil spill resulted in the loss of billions of dollars in revenue due to damaged infrastructure, product loss and legal fees, in addition to permanent damage to the company’s reputation. 

A crisis demands a proactive approach—a well orchestrated response based on limited information within a short window of time. 

What is a crisis management plan?

A crisis management plan is a series of actionable steps followed in the event of an unexpected and potentially disruptive situation—ensuring that your company is positioned to respond effectively and efficiently before a crisis strikes.

Four steps of building a crisis management plan:

1. Identify Threats

When assessing potential threats to your organization, consider the following variables:

  • Geographic Location – Are your physical locations threatened by natural disasters, extreme weather, or a harsh climate?
  • Crime Statistics in Area – Is your business threatened by theft or property destruction? Are your customers or employees vulnerable to physical assault?
  • Business Format – Does your business have a prominent web presence? Are you susceptible to cyber attacks?
  • Customer Demographics – Are your customers sensitive to messaging? How can you position your brand to resist public relations mistakes?

After carefully considering these variables, you are in a position to identify a list of threats to your organization. For instance, consider a software company headquartered in San Francisco, California. Due to its geographic location, the organization faces the threat of natural disasters, including wildfires and earthquakes. Crime statistics indicate that the organization is susceptible to theft and vandalism. As a software company, the organization stores customer data on a server, thus, cyber attacks are imminent. Finally, spokespeople should prepare to address male millennials, the company’s largest demographic, in the event of a public relations crisis. 

After considering organizational vulnerabilities, it’s helpful to identify the most pressing risks. Begin by understanding the 6 Pillars of Risk Management:

  1. Hazard and Event Risk – How resilient is your firm during and after a serious incident? How well are you able to recover and what impact would such an event have on your day-to-day operations?
  1. Operational and Physical Risk – What countermeasures can be deployed to reduce the likelihood of an incident? Is your organization adequately prepared to meet the challenges a security incident might present?
  1. Technological and IT Risk – are the proper controls in place to fully protect your digital infrastructure? How insulated is your organization from threats to your intellectual property? Do you have the proper legal backing to fight these issues in court?
  1. Market and Economic Risk – How secure is your company’s strategy from outside threats? Do you have a plan to not only protect people and things, but also fight counterfeiting or fraudulent activity?
  1. Environmental and Regional Risk – How would your operations be impacted in the event of a natural disaster like a hurricane or flood? Do your employees know the proper evacuation procedures?
  1. Emergency Preparedness and Training – Do you have a plan in place for an active shooter, bomb threat, or other emergency situation? What impact would that event have on your bottom line?

It’s time to put your plan into action.

2. Make a Playbook

After documenting potential threats to your organization, you are in a position to design a playbook. Begin by evaluating the threats you’ve identified and determining the most effective response. Your response will fall into one of the following categories:

  • Responsive – A responsive plan involves adapting a previously implemented strategy to address a new but similar crisis. For example, if your company previously launched a successful public relations campaign following a social media crisis, the same strategy can be used in a future PR crisis. 
  • Proactive – A proactive plan involves anticipating potential crises and creating contingencies for each potentiality. For example, if your company maintains a database of customer information, you might plan for the occurrence of a data breach.
  • Recovery – A recovery plan involves responding to an unforeseen event. As much as you would like to be able to predict all potential crises, there are some things we can’t plan for. For example, you didn’t plan for a global pandemic to happen in 2020, but you can still position your company to respond effectively to the unexpected.

Regardless of whether or not you anticipate a crisis, you must position yourself to respond efficiently and effectively. The first step is to create a playbook based on one of the three types of responses discussed. 

3. Identify Key Players

Next, decide who your key players are. These can be people inside of your company, including executives, HR representatives, or marketers. It is equally important to include outside consultants who possess an expertise in managing crises. Finally, you may require legal professionals, healthcare professionals, and first responders.

Once you’ve assembled your team, ensure that each member is aware of their role in the event of a crisis. This brings us to the final stage of developing a crisis management plan.

4. Train All Parties

Your team has been assembled, and each member understands his or her role. It’s time to train your team. This process involves a multi-tiered approach. Give materials to each team member, describing the expectations, procedures, and responsibilities associated with their role. Additionally, meet regularly with your team to plan and brainstorm ways to respond to the most likely disruptions. Finally, distribute materials and train all parties involved, including employees, to ensure a well-orchestrated response.

Take control of your company’s future. 

Many business leaders struggle to grasp the myriad risks that threaten their organization. But it’s not for lack of imagination. The fact of the matter is that planning a comprehensive crisis management strategy can be a complicated and time-consuming process, but it doesn’t have to be. That’s why we’ve built a framework that teaches businesses how to anticipate and navigate risk before it becomes a crisis.

Even large and profitable organizations can be upended by the unexpected. A crisis management plan is not a passive assumption that your organization can absorb the impact of a disaster, but an active strategy to give you the peace of mind needed to focus on what matters most: growing your business

If you would like more information on how our team of experts can help you, let’s talk.

Stay tuned

Next week we will further define the types of crises that disrupt organizations. 

Sign up!

For industry-leading guides and analysis sign up for our blog below.

  • This field is for validation purposes and should be left unchanged.

Latest News

Podcast | Risk Takers Series #05 Corporate Counterespionage

By Chesley Brown | August 4, 2020

Its not always the stuff of cold war spy novels but corporate or economic espionage continues to affect businesses all over the world both large and small at an exponential rate. It seems like there’s…

Read More

risk-takers #04 Brad Orsini – Community-based Security

By Chesley Brown | July 28, 2020

Visiting our places of worship shouldn’t be dangerous. Unfortunately, faith-based organizations are facing the difficult challenge of how to protect their congregations from religion-motivated violence, and still maintain the welcoming, open environment community members expect.

In this week’s episode Brent calls up Bradley Orsini, the Senior National Security Advisor of the Secure Community Network, the official safety and security organization of the Jewish community in North America to discuss these issues, lessons learned from the mass shooting at the Tree of Life Synagogue, and the most effective strategies faith-based organizations can use to protect their congregations.

Read More

Podcast | Risk Takers Series #04 Brad Orsini – Community-based Security

By Chesley Brown | July 28, 2020

Visiting our places of worship shouldn’t be dangerous. Unfortunately, faith-based organizations are facing the difficult challenge of how to protect their congregations from religion-motivated violence, and still maintain the welcoming, open environment community members expect.…

Read More

risk-takers #3 Surveillance Detection Routes (SDR)

By Chesley Brown | July 21, 2020

Have you ever had a gut feeling you were being followed? You might not be so crazy after all. It’s a frightening thought. You’ve spent years building your business, but all it takes is one bad day to compromise that dream. In this week’s episode Brent sits down with FBI Special Agent (Ret.) Dell Spry to discuss surveillance detection routes, what they are, and how they can be used as a spy detector device to find out if you are under surveillance.

Read More

Podcast | Risk Takers Series #3 Surveillance Detection Routes (SDR)

By Chesley Brown | July 21, 2020

Have you ever had a gut feeling you were being followed? You might not be so crazy after all. It’s a frightening thought. You’ve spent years building your business, but all it takes is one…

Read More
The 7 Step Guide for Building Business Continuity Plans that Work