4 key strategies to protect your business against risk
By Justin Hayes
No executive expects a crisis to strike. But every day organizations fall prey to the unforeseen. One study found that 40% of businesses fail after natural disasters. Yet, only half of all businesses have a crisis management plan in place.
This is surprising, given that a crisis management plan:
- Optimizes public relations, ensuring that your organization’s reputation remains untarnished in the eyes of customers and business associates.
- Enhances safety and security for your customers, employees, and shareholders.
- Increases efficiency and effectiveness in the midst of an unexpected disruption by defining roles and procedures.
- Improves outcomes, of all companies without a recovery plan, 93% fail within one year of a crisis.
We understand that crisis planning seems overwhelming. There are so many questions to answer: What are the signs? Who are the key players? How can I respond effectively?
Luckily, with a few tested strategies, you can take positive steps toward protecting your business.
Let’s begin by defining a crisis.
What is a business crisis?
Two prominent features distinguish a crisis from everyday disruptions in business continuity. A crisis is:
- Unpredictable – Regular disruptions in the flow of business systems are par for the course. Crises, on the other hand, are unpredictable, resulting from internal or external disturbances.
- Broad in scope – A crisis typically disrupts multiple systems and can significantly damage an organization’s assets, image or both. For instance, the 2010 BP oil spill resulted in the loss of billions of dollars in revenue due to damaged infrastructure, product loss and legal fees, in addition to permanent damage to the company’s reputation.
A crisis demands a proactive approach—a well orchestrated response based on limited information within a short window of time.
What is a crisis management plan?
A crisis management plan is a series of actionable steps followed in the event of an unexpected and potentially disruptive situation—ensuring that your company is positioned to respond effectively and efficiently before a crisis strikes.
Four steps of building a crisis management plan:
1. Identify Threats
When assessing potential threats to your organization, consider the following variables:
- Geographic Location – Are your physical locations threatened by natural disasters, extreme weather, or a harsh climate?
- Crime Statistics in Area – Is your business threatened by theft or property destruction? Are your customers or employees vulnerable to physical assault?
- Business Format – Does your business have a prominent web presence? Are you susceptible to cyber attacks?
- Customer Demographics – Are your customers sensitive to messaging? How can you position your brand to resist public relations mistakes?
After carefully considering these variables, you are in a position to identify a list of threats to your organization. For instance, consider a software company headquartered in San Francisco, California. Due to its geographic location, the organization faces the threat of natural disasters, including wildfires and earthquakes. Crime statistics indicate that the organization is susceptible to theft and vandalism. As a software company, the organization stores customer data on a server, thus, cyber attacks are imminent. Finally, spokespeople should prepare to address male millennials, the company’s largest demographic, in the event of a public relations crisis.
After considering organizational vulnerabilities, it’s helpful to identify the most pressing risks. Begin by understanding the 6 Pillars of Risk Management:
- Hazard and Event Risk – How resilient is your firm during and after a serious incident? How well are you able to recover and what impact would such an event have on your day-to-day operations?
- Operational and Physical Risk – What countermeasures can be deployed to reduce the likelihood of an incident? Is your organization adequately prepared to meet the challenges a security incident might present?
- Technological and IT Risk – are the proper controls in place to fully protect your digital infrastructure? How insulated is your organization from threats to your intellectual property? Do you have the proper legal backing to fight these issues in court?
- Market and Economic Risk – How secure is your company’s strategy from outside threats? Do you have a plan to not only protect people and things, but also fight counterfeiting or fraudulent activity?
- Environmental and Regional Risk – How would your operations be impacted in the event of a natural disaster like a hurricane or flood? Do your employees know the proper evacuation procedures?
- Emergency Preparedness and Training – Do you have a plan in place for an active shooter, bomb threat, or other emergency situation? What impact would that event have on your bottom line?
It’s time to put your plan into action.
2. Make a Playbook
After documenting potential threats to your organization, you are in a position to design a playbook. Begin by evaluating the threats you’ve identified and determining the most effective response. Your response will fall into one of the following categories:
- Responsive – A responsive plan involves adapting a previously implemented strategy to address a new but similar crisis. For example, if your company previously launched a successful public relations campaign following a social media crisis, the same strategy can be used in a future PR crisis.
- Proactive – A proactive plan involves anticipating potential crises and creating contingencies for each potentiality. For example, if your company maintains a database of customer information, you might plan for the occurrence of a data breach.
- Recovery – A recovery plan involves responding to an unforeseen event. As much as you would like to be able to predict all potential crises, there are some things we can’t plan for. For example, you didn’t plan for a global pandemic to happen in 2020, but you can still position your company to respond effectively to the unexpected.
Regardless of whether or not you anticipate a crisis, you must position yourself to respond efficiently and effectively. The first step is to create a playbook based on one of the three types of responses discussed.
3. Identify Key Players
Next, decide who your key players are. These can be people inside of your company, including executives, HR representatives, or marketers. It is equally important to include outside consultants who possess an expertise in managing crises. Finally, you may require legal professionals, healthcare professionals, and first responders.
Once you’ve assembled your team, ensure that each member is aware of their role in the event of a crisis. This brings us to the final stage of developing a crisis management plan.
4. Train All Parties
Your team has been assembled, and each member understands his or her role. It’s time to train your team. This process involves a multi-tiered approach. Give materials to each team member, describing the expectations, procedures, and responsibilities associated with their role. Additionally, meet regularly with your team to plan and brainstorm ways to respond to the most likely disruptions. Finally, distribute materials and train all parties involved, including employees, to ensure a well-orchestrated response.
Take control of your company’s future.
Many business leaders struggle to grasp the myriad risks that threaten their organization. But it’s not for lack of imagination. The fact of the matter is that planning a comprehensive crisis management strategy can be a complicated and time-consuming process, but it doesn’t have to be. That’s why we’ve built a framework that teaches businesses how to anticipate and navigate risk before it becomes a crisis.
Even large and profitable organizations can be upended by the unexpected. A crisis management plan is not a passive assumption that your organization can absorb the impact of a disaster, but an active strategy to give you the peace of mind needed to focus on what matters most: growing your business.
If you would like more information on how our team of experts can help you, let’s talk.
Next week we will further define the types of crises that disrupt organizations.
For industry-leading guides and analysis sign up for our blog below.
How to Respond to a Whistleblower’s Report
In theory, it should be a good thing when employees come forward with a whistleblower report. They’ve spotted a threat to your organization and are giving you the insight you need to address the problem…Read More
The First Steps for Conducting Internal Investigations
Written by: James Hart When the call finally came, Raquel Henderson lunged for the phone on her desk. Henderson was less than three months into her job as the HR director for a midsize family…Read More
Theft of Trade Secrets: How to Prevent the Loss of Key Intellectual Property
Written by: James Hart The names have been changed, but the following story is a compilation of real situations faced by real businesses. Doug Medford had never considered himself paranoid. But there were too many…Read More
How to Prepare for a Cyberwar
Written by: Dell Spry At Chesley Brown, nothing is more sacrosanct than the safety and security of our clients. It is our intention to keep you educated, updated, and informed as world events continue to…Read More
How the Events of September 11th Have Impacted National Security
How Has National Security Evolved Since September 11th, 2001? Written by: Dell Spry As I sit and write this paper, Afghanistan is collapsing. It is not my intention to point the finger at anyone and…Read More