Crises are Inevitable
The probability of your business being struck by a highly threatening, unforeseen event is greater than it has ever been.
A PwC survey of 164 chief executives around the world showed that 65 percent had experienced at least one crisis since 2013 and 15 percent had experienced five or more.
Around 40% of those surveyed believe they will have a personal crisis within the next three years, with 33% believing they will have multiple crises.
According to a PwC survey conducted in 2015-16, with over 1,400 CEOs from all over the world, two thirds of them believe that their businesses face more threats today then they did three years ago.
They are right to be worried. Cybercrime is estimated to have cost businesses 375 billion dollars in 2015, which is up from 3 billion dollars in 2013. The average amount of money lost to natural catastrophes over a 10 year period, both for those with insurance and those without, is $194 billion.
This doesn’t include the costs of fraud, corruption, pandemics, labor disputes, or other types of crises that organizations may face today.
Authoritariansism like this doesn’t just affect a few “bad apples”; it has challenged every type of organization, including those with good reputations, highly loyal customers, and long track records of success.
If a crisis is not prepared for, it will usually turn out much worse than it would have.
Only one in ten companies is prepared for a reputational risk incident, according to the law firm Freshfields Bruckhaus Deringer. The lawyers interviewed 102 crisis communications specialists who had worked on 2000 significant reputational risk incidents in 80 countries.
1 out of 5 companies have simulated what a crisis might look like, while 4 out of 10 companies had no plan at all. 53 percent of companies that were struck by crisis did not regain their previous share price.
Why is good crisis preparedness so rare?
Working collaboratively across organizational boundaries can be uncomfortable at first, but it is necessary to raise awareness of potential problems and close the gap between strategy and execution.
If you think that the CEO is the only one who can solve problems, you might not realize that everyone in the company needs to be able to do their job well.
If you don’t invest in operational capabilities around the world, you won’t have difficulty getting the right signals communicated up the hierarchy quickly. Crisis preparedness goes against the natural urge to downplay potential problems, pretend they don’t exist, or try to hide them.
Small incidents generally lead to the most devastating events. The faster your company can identify these situations as having the potential to cause problems, the more effectively it can deal with them.
To be able to respond effectively, you need to take three key factors into account: people (your governance structure and relationships), preparedness (planning and execution), and testing (rehearsing your actions in advance).
The more proficient you are in all three dimensions, the better equipped you will be for managing crises before they happen. If you wait to learn until it’s too late, you’ll never have the opportunity. But if you act now, you still have time.
People: Governance Structure and Relationships
As the head of a company that builds and maintains long-distance natural gas pipelines, you are responsible for ensuring that the pipelines are in good condition and that the gas flowing through them is of the highest quality.
You must also ensure that the pipelines are operated safely and efficiently, and that they meet all relevant regulations. These networks often span great distances, running underground for hundreds of miles from your headquarters or any other place where you conduct business.
One morning, a pipeline bursts under a community of thousands of people, causing an evacuation. Families are evacuated, and some individuals are badly hurt. When companies experience unexpected accidents, it can damage their reputation and take years to recover.
Some energy companies have found themselves in a difficult financial situation. How well they had prepared determined how successful they were at handling the crisis.
In the cases that were successful, the leading executives of the company and the board were directly involved in the preparations, along with all employees.
The company is ready to issue a statement expressing concern for the injured and the community a few hours after the explosion. The news media is updated rapidly, explaining how the company plans to respond.
There are legal implications not just for preparations for liability claims against the company, and for any class action suits that might follow, but also for regulatory approval.
The company will have to shut down some parts of the pipeline and may have to suspend gas deliveries while it begins to check the cause of the damage. This means that customers will have to find energy from other sources.
The company must inspect all other parts of its pipeline network for possible vulnerabilities and keep up communication with the public, including local reporters, by possibly creating a website or app that would detail the company’s progress.
The company also needs to reassure investors that it is taking measures to recover and that expenses for investigation and repair could rise to the billions of dollars.
It’s important to have relationships with groups you perceive as opponents. This could involve having talks with local interest groups, industry bloggers, and people who invest in stocks for political reasons.
There will always be people who hold your company accountable for any disaster, whether they are in the right or not.
The company may threaten to sue you or speak to you formally, but there is also a chance to talk to them informally and ask what would make them believe that you are acting in good faith.
If they answer honestly, you might find that something you didn’t think was important to them, like being very transparent or willing to answer questions, is actually important to them.
If you don’t want to talk to people, ask yourself if it’s because you’re not good enough. Designing governance structures can help you build capabilities, and you can practice talking to groups you might have avoided through informal conversations.
1. Control the Organization
The normal rules for how the organization operates are usually torn up quickly during a crisis. Formal organizational reporting structures can be less important than informal networks based on trust and the exchanging of favors.
Those who were previously against the way things are can become outspoken quickly, causing a conflict over territory and stopping progress from happening. Some executives who are key to the response may be implicated in the problem and unable to lead the response.
If managers start taking actions based on incomplete or inaccurate information, it can lead to problems even if their intentions are good.
The inability to build consensus results in organizational structures with too many decision makers, which leads to a lack of focus and direction.
An effective crisis team is necessary to having a positive response to a crisis. The most successful crisis organizations are smaller, with streamlined approval processes, a senior leader who is dedicated full-time to the role, and significant levels of funding and decision-making authority.
The team should be able to make decisions quickly and efficiently, while protecting the privacy of those involved. Those who are not directly involved should be protected from distractions and disruptions.
A common mistake people make is hiring an outside expert to lead their company’s crisis response team. External hires typically find it difficult to motivate and organize the company in a crisis situation.
The most successful leaders are usually already employed by the company, well-known and respected by upper management, and have prior experience working in the same industry. They also maintain strong relationships with people at different levels within the company.
The person in this role should have a strong set of values, be able to keep a calm temperament, and show that they can think independently to gain credibility and trust from others in and outside of the organization.
The best crisis organization consists of a few small teams that work together to handle different aspects of the crisis, like gathering information, keeping important people calm, fixing the problem, getting things back to normal, figuring out what happened, and making sure it doesn’t happen again.
2. Stabilize Stakeholders
It’s rare for technical, legal, or operational issues to be resolved in the first phase of a crisis. The most important thing to do right now is probably to calm down angry stakeholders while the legal and technical teams figure things out.
For example, a financial package may be necessary to ease pressure from suppliers, business partners, or customers. In order to keep consumers from defecting to other brands, goodwill payments may be the only way.
Business partners may need financial or operational support to maintain motivation or even be viable. You may need to respond quickly to the concerns of regulators.
It can be tempting and sometimes desirable to make big changes, but it can be difficult to design interventions that have a positive, measurable outcome from a business or legal perspective.
Defining the total exposure and milestones for each stakeholder group and designing specific interventions to reduce exposure is usually effective.
3. Resolve the Central Technical and Operational Challenges
Many crises have a technical or operational challenge at their core. When a crisis erupts, the magnitude, scope, and facts behind the issues are rarely clear.
The organization will go through a period of intense self-reflection and discovery during this time of pressure. Oftentimes, corporations miscalculate how long it will take to complete the discovery process and fix the issue.
Companies’ initial solutions simply may not work. One manufacturer had to continually pushed back the deadlines they set for themselves to resolve the technical issue they were facing, severely limiting their ability to negotiate.
After multiple failed attempts to correct a process-safety issue, the company’s credibility was damaged.
It is best to avoid promising too much about how long something will take, and instead to let the team responsible for actually doing it have the time they need to do it right.
This means giving them enough time to figure out how big the problem is, what the potential solutions are, and testing those solutions carefully.
People have a hard time understanding how it works and interpreting its output. Another common issue is that the technical solution, due to its complexity, becomes a black box where people have a hard time understanding how it works and interpreting its output.
Operational war rooms should have a level of peer review that allows for checks and balances without bureaucratic hurdles.
4. Repair the Root Causes
The main reasons for large company crises are hardly ever technical; they more often have to do with people problems (culture, choice privileges, and abilities, for example), processes (risk direction, performance administration, and standards setting), and systems and tools (upkeep methods).
The ripple effects of these changes can be widespread, impacting hundreds or even thousands of people throughout the organization. Navigating these challenges is made more difficult by the likely circumstances at the time, such as layoffs, cost cutting, loss of top talent, and changes to company strategy.
The root cause of any crisis usually takes multiple years to fix and sometimes requires drastic changes to how an organization operates.
It’s important to show you’re serious from the start when you’re setting up a transformation program that could be necessary to get the company back to normal. Hiring new and unbiased talent for the board is a method that has been proven to work.
Some other things that have worked in the past to improve risk management include creating a stronger authority for oversight, redesigning key risk-related processes, giving more power to the risk management department, changing the company’s regular organizational structures, and working to establish a new culture and outlook regarding risk prevention.
5. Restore the Organization
Some companies take years to recover from a crisis, during which time their competition takes the lead.
Many companies wait until the dust has settled before turning their attention to the next strategic foothold and refreshing their value proposition. By this stage, it is usually too late.
The sooner the seeds for a full recovery are sown, the better. This should be done even immediately after initial stabilization. The organization can use this time to plan big moves that will help it recover in the future and make sure it has the resources and talent to take advantage of those opportunities.
Crisis management training for top executives often does not include comprehensive crisis response strategies, instead focusing on crisis communications.
Preventing risks is still a vital part of a company’s effort to avoid corporate disaster, but it is no longer sufficient.
The complexities of doing business today have increased, and the likelihood of having to face a crisis is higher than ever. Companies that learn from the mistakes of the past will be better prepared to respond quickly and effectively if something bad happens.