Understandingthe Value of CrisisManagement Planning:An Introductory Guide

Crises are growing in number and intensity

The incidence of crisis continues to grow. In 2017, the Institute for Crisis Management tracked over 800,000 crises, a net 25 percent increase over the year beforeⁱ. Of course, those figures might actually understate the number of active crises. Not all crises make it into the media: for every Hurricane Harvey or Cambridge Analytica scandal, countless other crises go unreported, especially those that hit startups or SMEs.

In 2017, the Institute for Crisis Management tracked over 800,000 crises, a net 25% increase over the year beforeⁱ

According to a recently released Deloitte study, “Stronger, fitter, better: Crisis management for the resilient enterprise”, 60 percent of over 500 senior crisis management, business continuity, and risk executives said that their firms face more crises (both in number and intensity) today than they did ten years agoⁱⁱ. In addition, 80 percent of those respondents have had to mobilize their crisis management teams at least once in the past two years.

• Firms face more crises today than they did ten years agoⁱⁱ

Senior executives appear to have gotten the message. Nearly 80 percent of business leaders polled in an ODM Group survey said they believed their companies were only a year away from a potential crisisⁱⁱⁱ. These results are all proof positive that we are living in unstable times, not just in politics, but also for markets and businesses selling their goods on those markets. Companies can no longer afford to wait for crisis to wash up on their doorstep. For one, the financial toll can be devastating. A cost of downtime survey indicated that a majority of businesses thought that a single hour of downtime could cost them anywhere from $51,000 to over $1,000,000^iv. And the average time to restore availability of critical information systems: nine to twelve hours^v.

80% of business leaders polled said they believed their companies were only a year away from a potential crisisⁱⁱⁱ

A temporary work stoppage isn’t exactly the worst crisis scenario either. According to the U.S. Federal Emergency Management Agency (FEMA), anywhere between 40 to 60 percent of small businesses in the U.S. actually close following a natural disaster, an increasingly more common kind of corporate crisis^vi.

• Between 40 to 60% of small businesses in the U.S. close following a natural disaster^vi

Planning only when critical issues become crises tends to militate against the effectiveness of the response effort. By then, the issue might already be garnering outsized, outside attention on social and/or traditional media channels. Diverse stakeholders will be clamoring for immediate action. Crisis management teams will barely have enough time to revisit old plans, let alone build new ones from scratch.

Too few companies are planning for crisis

Despite the demonstrable increase in crisis frequency and the significant financial and reputational toll of crisis, organizations’ confidence in their ability to respond to crisis far exceeds their level of preparedness^vii. More specifically, 90 percent of organizations are confident in their crisis management capabilities, but only 17 percent of organizations have actually performed the simulation exercises that would suggest they are actually prepared for crisis. The same holds for specific incident scenarios. Some 70 percent of organizations were confident in their ability to manage a product recall. Yet only 22 percent had performed the appropriate simulations^viii.

70% of organizations were confident in their ability to manage a product recall. Yet only 22% had performed the appropriate simulations^viii

When it comes to preparing crisis communications, companies aren’t faring much better either. A 2016 Nasdaq public relations services study found that a majority of corporate communicators surveyed said that their company either lacked a crisis communications playbook (48 percent) or were unsure of whether they had one (12 percent)^ix.

When looking at the specific measures organizations should take to prepare communications for crisis, the picture only got worse. A full 60 percent of organizations fail to role-play or were unsure if they did. Fewer than half (48 percent) used a media monitoring platform. And a paltry 24 percent of respondents said that their CEOs and other spokespeople received yearly media training.

Crisis management planning: a primer

The preponderance of the evidence is frankly disturbing. While companies understand the likelihood of crisis, they, by in large, aren’t actively planning for crisis, by taking the steps and performing the activities they need to before crisis strikes^x.

So what should companies be doing? Here, of course, we enter the realm of crisis management planning, or proactively assessing and addressing vulnerabilities to avoid or minimize the impact of crises. One way to think of crisis management planning (and plans) is as the set of processes that crisis management teams (in coordination with other, relevant business units) put in place before a crisis strikes to manage the effects of disruptive incidents.

The plans themselves should deal with a number of contingencies and scenarios, especially those most likely to occur in your line of work (e.g. a data breach at a digital retailer). In terms of the most common crises, the Deloitte study finds that cyber and safety incidents top the list^xi. Other likely disruptions include environmental disasters, reputational threats, leadership or governance failures, liquidity or capital problems, etc^xii.

As to what should be in your plan, the typical crisis management plan will incorporate emergency response, crisis communications, as well as the steps crisis management teams should take to trigger an official crisis. In the words of crisis management expert, Jonathan Bernstein:

The content of the [crisis management] plan evolves from the information you gathered in steps 1 and 2, above [reverse-engineering your industry’s crises and conducting a vulnerability audit]. It contains sections on operational response, communications response, and how the respective teams responsible for those two components will coordinate with each other. And it fully integrates the use of all media for communication — traditional and social, high-tech and low-tech.

If you’re asking who should be involved, the short answer is everyone. Your entire staff will have to be involved in crisis recovery, so it’s important that they are all prepared and understand the roles they’ll play. Of course, some teams will be more involved than others in planning for certain types of disturbances. But even then, keeping everyone in the firm apprised of how to continue business processes in the event of a crisis is also critically important.

The benefits of crisis management planning

If this all sounds intuitive, the question is, why do so few companies adequately plan for crisis? For one, it seems like the companies that experience crisis then become the ones most eager to avoid crisis in the future. Again, according to Deloitte, nearly 90 percent of firms conducted reviews, mostly internal, following a crisis. Those post-mortems tend to reveal that crises, while unforeseen, could have been avoided^xiii. In other words, businesses are less motivated by the fear of a potential bcrisis than they are by preventing a repeat of a crisis.

Those findings also dovetail with what we know about crisis management planning in the U.S. specifically. In the U.S., the 9/11 terror attacks proved a pivotal moment for getting companies to start planning for disaster. Before the attacks, only 30 percent of the Fortune 500 had crisis management plans. Two years later, that number had ballooned to 64 percent^xiv.

Another common refrain one hears is that you can’t plan for every conceivable crisis; the implication being that you shouldn’t plan at all. That’s simply untrue. Again, Bernstein puts it best, companies should plan “to create a system for getting the needed resources – human or other – to the right place, for a specific purpose, as quickly as possible so it can be adapted ‘on the fly’ to changing circumstance [sic] – to include the procedures and messaging”^xv.

The benefit of crisis management planning is not just that your organization will be better equipped to effectively respond to specific incidents but also that in planning, you identify other potential threats and are able to game out the tasks, communications, and information you’ll need in the crisis response and recovery stages. Furthermore, planning creates better outcomes, partly because it tamps down on some of the stress you’ll surely experience in the midst of an active crisis.

While securing better peace of mind is a crucial (oftundervalued) benefit of crisis management planning, there are many, many others. The importance of crisis management planning is similar to the importance of crisis management (more broadly). And like crisis management, crisis management planning fundamentally helps firms increase the well-being of their employees and the safety of the public at large. For instance, businesses sitting on a stockpile of hazardous materials (inadvertently or not) would be foolish not to prepare contingency plans for accidental leaks or contaminations, which would put masses of employees and others in danger.

If anything, diligent crisis management planning (especially for likely scenarios) helps firms mitigate potential legal exposure, both to the organization as a whole as well as to individual stakeholders. In a similar vein, planning measures might actually be legally mandated for certain businesses and/or in certain industries. Businesses who forgo planning unfortunately open themselves up to the threat of fines and penalties from regulators, in addition to the potential loss of revenue from not adequately preparing to deal with the crisis in the first place.

Earlier, we mentioned that when crises shut down operations even for a few hours, companies lose money. The same logic applies to companies who fail to prepare. Effective crisis planning and crisis response go hand in hand; they both can minimize downtime and increase productivity. Just remember: when employees aren’t able to work, they, by definition, can’t be productive.

Finally, one of the greatest incentives to plan, especially your crisis communications, is to avoid furthering reputational damage. Imagine the reputational damage of being hauled before Congress and having to answer for why your company didn’t plan for a likely scenario in your industry

For context: already, 70 percent of board members said it took their organizations up to three years to recover reputation following a crisis^xvi. Sixteen percent said it took four years or more. And post-crisis, there is an 80 percent chance of a company losing at least twenty percent of its value in any single month, in a given five-year period^xvii. That should give you an idea of the potential revenue loss associated with reputational crisis – now just layer in an admission of poor planning and foresight.

Finally, crisis management planning doesn’t end with the plans and playbooks either. It’s not unusual for companies to prepare elaborate crisis and emergency plans, only to let them sit on the shelf, untested, collecting dust. Training is crucial. It not only better prepares your teams for crisis, it also exposes some of the flaws in your planning assumptions in a lower-stakes scenario, both of which are extremely valuable.

Businesses have to start somewhere. The crisis threat is here to stay. And by every indication, it’s only getting worse. It’s no longer enough for companies to acknowledge the need for crisis management. Business leaders need to spearhead the development of robust crisis management plans.

Citations

i Deborah Hileman, Institute for Crisis Management: ICM Annual Crisis Report. Available at https://crisisconsultant.com/wp-content/uploads/2014/11/ICM-Annual-Crisis-Report-for-2017.Issued-April-17_2018_print.pdf.

ii Peter Dent, Roda Woo, and Rick Cudworth, Deloitte Insight: Stronger, fitter, better: Crisis management for the resilient enterprise.

iii Alchemy: Avoid Crisis Nightmares – Identify Gaps & Strengthen Your Response Plan. https://www.alchemysystems.com/webinars/avoidcrisisnightmares-identify-gaps-strengthen-your-responseplan/?submissionGuid=7bf16256-4c14-4a70-8867 d371f65192fe.

iv Eduardo Gelbstein: Crossing the Executive Digital Divide.

v Why You Need a Workplace Contingency. Available at: https://www.tasanet.com/Knowledge-Center/Articles/ArtMID/477/ArticleID/1251109/WhyYou-Need-a-Workplace-Contingency-Plan.

vi Chris Morris, CNBC: Hurricane alert: 40 percent of small businesses never recover from a disaster. Available at https://www.cnbc.com/2017/09/16/hurricane-watch-40-percentof-small-businesses-dont-reopen-after-a-disaster.html.

vii Ibid.

viii Ibid.

ix Seth Arenstein, PR News. PR News/Nasdaq Survey: Nearly Half of Organizations Shun Crisis Preparation. Available at http://www.prnewsonline.com/pr-newsnasdaq-surveynearly-half-organizations-shun-crisis-preparation/.

x Michelle G. Hough and John Spillan, Journal of Business & Economics Research: Crisis Planning: Increasing Effectiveness, Decreasing Discomfort.Available at https://www.researchgate.net/publication/242581268_Crisis_Planning_Increasing_Effectiveness_Decreasing_Discomfort.

xi Peter Dent, Roda Woo, and Rick Cudworth, Deloitte Insight: Stronger, fitter, better: Crisis management for the resilient enterprise.

xii Jonathan Bernstein, Bernstein Crisis Management: The 10 Steps of Crisis Prevention. Available at https://www.bernsteincrisismanagement.com/10-steps-crisis-prevention/.

xiii Peter Dent, Roda Woo, and Rick Cudworth, Deloitte Insight: Stronger, fitter, better: Crisis management for the resilient enterprise.

xiv Michelle G. Hough and John Spillan, Journal of Business & Economics Research: Crisis Planning: Increasing Effectiveness, Decreasing Discomfort.Available at https://www.researchgate.net/publication/242581268_Crisis_Planning_Increasing_Effectiveness_Decreasing_Discomfort.

xv Jonathan Bernstein, Bernstein Crisis Management: The 10 Steps of Crisis Prevention. Available at https://www.bernsteincrisismanagement.com/10-steps-crisis-prevention/.

xvi Deloitte and Forbes: A crisis of confidence. Available at https://www2.deloitte.com/global/en/pages/risk/articles/acrisis-of-confidence.html.

xvii Oxford Metrica: Reputation Review 2012. Available at http://www.aon.com/attachments/risk-services/Aon-OMReputation-Review-2012.pdf