Crises are increasing in kind. But it’s not certain that organizations have appreciated the full implications. At least, many have yet to put in place the processes needed to deliver end-to-end crisis and incident management.
What would those be? In this article, we lay out the three pillars of crisis management.
The importance of mobilizing crisis management teams
Indeed, crises are becoming more prolific across a variety of data points. However, the one that is most resonant to organizations is the number of crisis management team activations they’ve had recently.
According to the latest BCI Crisis Management Report, a staggering 75% of companies activated their crisis management team over the past twelve months.
What’s more, drivers of crisis activation are becoming increasingly diverse. A little less than 40% of the activations were extreme weather related. More than a quarter were related to third-party failures or cyber-attacks, though, demonstrating the increasing complexity of the threat environment.
Building a crisis resilient organization
To be sure, having a crisis management team that can rapidly and efficiently mobilize to orchestrate a response to these threats is becoming increasingly important to maintaining resilience. But building a crisis-resilient organization requires more than just a crisis management team.
What else does it take? According to the rubric created by Economist Impact, here is the three-pronged approach to crisis management:
1. Governance on crisis management
Governance has to belong to senior leadership, whether that’s the Board of Directors or C-suite. These senior leaders must understand the full cost (direct and indirect) of potential crisis events. They must develop crisis management priorities based on these estimates and clearly communicate the resultant vision for risk and resilience to the whole organization.
A robust risk culture is needed to encourage accountability across all functions and at all levels of the organization for identifying and escalating red flags in a timely fashion.
2. Preventing crisis events
Assets and resources matter. Organizations need to invest in resilience-enhancing tools and systems, including crisis management software, that allow timely and thorough identification of crisis drivers and analyze their impacts.
The best insights come from previous crises. So, it’s imperative to close the learning loop on past crises by conducting crisis simulation activities and drills based on those events. Based on these findings, organizations can then identify preparedness gaps and update their crisis management strategy.
Organizations must also look beyond their direct operations to engage with strategic partners and strengthen their preparedness for a variety of crisis scenarios.
3. Responding to crisis events
The crisis management plan will likely be the single most important resilience-enhancing document. The plan, as such, must be regularly updated to address a variety of internal and external high-impact crises to contain the knock-on effects of an event.
What goes in it? The crisis management plan should lay out an organization’s immediate crisis response, outline the roles and responsibilities of different business functions and key personnel, and identify growth opportunities under different scenarios. We’ve noted the importance of response teams in dealing with the upsurge of activations; organizations should therefore create and empower a well-rounded crisis response team, consisting of both internal and external consultants and counsel to help manage crisis response.
Finally, organizations should also build a crisis communication strategy— for internal audiences and external stakeholders—that can deliver real-time responses to minimize damage, build awareness, and mobilize support. That strategy should be codified in the crisis communication plan, which is often an annex within the larger crisis management plan.
In close, companies are facing more crises than ever before, creating the need for more resilient organizations. How else to build resilience-enhancing capabilities at your organization? ISO 22316, the international standard for business resilience, should help. Check out our Executive’s Guide to ISO 22316 to learn what it’s all about.
.svg)
.svg)
.svg)