The Anatomy of a Crisis Management Plan

4 key strategies to protect your business against risk

By Justin Hayes

No executive expects a crisis to strike. But every day organizations fall prey to the unforeseen. One study found that 40% of businesses fail after natural disasters. Yet, only half of all businesses have a crisis management plan in place. 

This is surprising, given that a crisis management plan:

  • Optimizes public relations, ensuring that your organization’s reputation remains untarnished in the eyes of customers and business associates.
  • Enhances safety and security for your customers, employees, and shareholders.
  • Increases efficiency and effectiveness in the midst of an unexpected disruption by defining roles and procedures.
  • Improves outcomes, of all companies without a recovery plan, 93% fail within one year of a crisis.

We understand that crisis planning seems overwhelming. There are so many questions to answer: What are the signs? Who are the key players? How can I respond effectively?  

Luckily, with a few tested strategies, you can take positive steps toward protecting your business. 

Let’s begin by defining a crisis.

What is a business crisis?

Two prominent features distinguish a crisis from everyday disruptions in business continuity. A crisis is:

  • Unpredictable – Regular disruptions in the flow of business systems are par for the course. Crises, on the other hand, are unpredictable, resulting from internal or external disturbances.  
  • Broad in scope – A crisis typically disrupts multiple systems and can significantly damage an organization’s assets, image or both. For instance, the 2010 BP oil spill resulted in the loss of billions of dollars in revenue due to damaged infrastructure, product loss and legal fees, in addition to permanent damage to the company’s reputation. 

A crisis demands a proactive approach—a well orchestrated response based on limited information within a short window of time. 

What is a crisis management plan?

A crisis management plan is a series of actionable steps followed in the event of an unexpected and potentially disruptive situation—ensuring that your company is positioned to respond effectively and efficiently before a crisis strikes.

Four steps of building a crisis management plan:

1. Identify Threats

When assessing potential threats to your organization, consider the following variables:

  • Geographic Location – Are your physical locations threatened by natural disasters, extreme weather, or a harsh climate?
  • Crime Statistics in Area – Is your business threatened by theft or property destruction? Are your customers or employees vulnerable to physical assault?
  • Business Format – Does your business have a prominent web presence? Are you susceptible to cyber attacks?
  • Customer Demographics – Are your customers sensitive to messaging? How can you position your brand to resist public relations mistakes?

After carefully considering these variables, you are in a position to identify a list of threats to your organization. For instance, consider a software company headquartered in San Francisco, California. Due to its geographic location, the organization faces the threat of natural disasters, including wildfires and earthquakes. Crime statistics indicate that the organization is susceptible to theft and vandalism. As a software company, the organization stores customer data on a server, thus, cyber attacks are imminent. Finally, spokespeople should prepare to address male millennials, the company’s largest demographic, in the event of a public relations crisis. 

After considering organizational vulnerabilities, it’s helpful to identify the most pressing risks. Begin by understanding the 6 Pillars of Risk Management:

  1. Hazard and Event Risk – How resilient is your firm during and after a serious incident? How well are you able to recover and what impact would such an event have on your day-to-day operations?
  1. Operational and Physical Risk – What countermeasures can be deployed to reduce the likelihood of an incident? Is your organization adequately prepared to meet the challenges a security incident might present?
  1. Technological and IT Risk – are the proper controls in place to fully protect your digital infrastructure? How insulated is your organization from threats to your intellectual property? Do you have the proper legal backing to fight these issues in court?
  1. Market and Economic Risk – How secure is your company’s strategy from outside threats? Do you have a plan to not only protect people and things, but also fight counterfeiting or fraudulent activity?
  1. Environmental and Regional Risk – How would your operations be impacted in the event of a natural disaster like a hurricane or flood? Do your employees know the proper evacuation procedures?
  1. Emergency Preparedness and Training – Do you have a plan in place for an active shooter, bomb threat, or other emergency situation? What impact would that event have on your bottom line?

It’s time to put your plan into action.

2. Make a Playbook

After documenting potential threats to your organization, you are in a position to design a playbook. Begin by evaluating the threats you’ve identified and determining the most effective response. Your response will fall into one of the following categories:

  • Responsive – A responsive plan involves adapting a previously implemented strategy to address a new but similar crisis. For example, if your company previously launched a successful public relations campaign following a social media crisis, the same strategy can be used in a future PR crisis. 
  • Proactive – A proactive plan involves anticipating potential crises and creating contingencies for each potentiality. For example, if your company maintains a database of customer information, you might plan for the occurrence of a data breach.
  • Recovery – A recovery plan involves responding to an unforeseen event. As much as you would like to be able to predict all potential crises, there are some things we can’t plan for. For example, you didn’t plan for a global pandemic to happen in 2020, but you can still position your company to respond effectively to the unexpected.

Regardless of whether or not you anticipate a crisis, you must position yourself to respond efficiently and effectively. The first step is to create a playbook based on one of the three types of responses discussed. 

3. Identify Key Players

Next, decide who your key players are. These can be people inside of your company, including executives, HR representatives, or marketers. It is equally important to include outside consultants who possess an expertise in managing crises. Finally, you may require legal professionals, healthcare professionals, and first responders.

Once you’ve assembled your team, ensure that each member is aware of their role in the event of a crisis. This brings us to the final stage of developing a crisis management plan.

4. Train All Parties

Your team has been assembled, and each member understands his or her role. It’s time to train your team. This process involves a multi-tiered approach. Give materials to each team member, describing the expectations, procedures, and responsibilities associated with their role. Additionally, meet regularly with your team to plan and brainstorm ways to respond to the most likely disruptions. Finally, distribute materials and train all parties involved, including employees, to ensure a well-orchestrated response.

Take control of your company’s future. 

Many business leaders struggle to grasp the myriad risks that threaten their organization. But it’s not for lack of imagination. The fact of the matter is that planning a comprehensive crisis management strategy can be a complicated and time-consuming process, but it doesn’t have to be. That’s why we’ve built a framework that teaches businesses how to anticipate and navigate risk before it becomes a crisis.

Even large and profitable organizations can be upended by the unexpected. A crisis management plan is not a passive assumption that your organization can absorb the impact of a disaster, but an active strategy to give you the peace of mind needed to focus on what matters most: growing your business

If you would like more information on how our team of experts can help you, let’s talk.

Stay tuned

Next week we will further define the types of crises that disrupt organizations. 

Sign up!

For industry-leading guides and analysis sign up for our blog below.

  • This field is for validation purposes and should be left unchanged.

Latest News

DHS and Canada Team up for First Responders

By Chesley Brown | July 27, 2018

DHS and Canada Team Up to Develop Resources for First Responders From Chesley Brown International Risk Management [dpArticleShare] Artificial Intelligence Meets Boots on the Ground to Improve Patient Outcomes The United States and Canada have…

Read More
preventing economic espionage, trade secret theft and intellectual property theft

Supreme Court Decision Regarding the Privacy of Digital Data

By Chesley Brown | July 2, 2018

Supreme Court Decision Personal Rights and the Expectation of Privacy in the Digital Age From Chesley Brown International Risk Management [dpArticleShare] In Major Privacy Case, Court Rules Law Enforcement Must Obtain Warrant To Track Cellphone…

Read More

The Evolution of School Security

By Chesley Brown | June 19, 2018

Special E-Brief June 2018 In the current climate of school shootings, we have anguished over the potentials that may follow the ongoing rise in active shooter and other critical events in schools everywhere. There is…

Read More

Threats Our Kids Face Online

By Chesley Brown | May 14, 2018

Protecting Our Children Against Online Threats Teaching our kids to be wary online Chesley Brown E-Brief May 2018 From Chesley Brown International Risk Management [dpArticleShare] Cyber bullying and cyber-predators are real online threats to our…

Read More
risk management

10 Steps for Developing An Emergency Response Plan

By Chesley Brown | April 9, 2018

The Property Manager’s Guide to Risk Management From Chesley Brown International Bomb Threats and Suspicious Packages The recent bombing incidents in and around Austin, Texas serve as an unfortunate reminder that those responsible for all…

Read More
The 7 Step Guide for Building Business Continuity Plans that Work