For a long time, crisis management was regarded as a tactical activity focused mainly on writing a manual and responding as well as possible in the hopefully unlikely event that a crisis actually occurred. As a result, it was often delegated down the organisation to middle managers and technicians whose skill sets may be best suited to dealing with emergencies or system breakdown rather than how to take steps to prevent a crisis happening in the first place.
However, a new understanding of crisis management is emerging which extends beyond the conventional incident response to now include identifying and managing crisis threats before they strike, and also managing the dangerous period after the crisis, when reputation is often most at risk.
Most importantly, the updated approach – captured in the new concept of crisis proofing – moves responsibility from the operational response centre up to the executive suite and into the boardroom. And with it comes a need for new leadership skills, along with a much broader appreciation of organisational risk.
Most managers want to do what is right for their organisation. Yet some do not know exactly what needs to be done when it comes to protecting against the operational and reputational damage threatened by a crisis or a serous public issue, and some think they do not need to do anything at all. The barriers to effective crisis prevention and preparedness are well known, but can be best summed up in three common responses: “It won’t happen to us” or “We’re too small to worry about a crisis” or “We’re too big/too well run to be affected by a crisis”.
However, the reality is that crisis is an equal-opportunity risk. Crises do not discriminate between organisations, and the threat and impact of crises applies equally to corporations, governments, charities and not-for-profits, as well as institutions such as hospitals and schools. No type of organisation is immune. All organisations, regardless of size, structure or the nature of their business, are vulnerable to a crisis. What genuinely separates organisations in terms of vulnerability is the difference between being crisis prepared and not crisis prepared, and the degree of preparedness is a conscious executive decision.
Anyone who doubts the importance of being properly prepared need only look at a famous study at Oxford University which related preparedness to the impact on market value. This well-respected study showed that companies with effective crisis plans in place suffered on average an initial five percent fall in share value, but that after 12 months their share value on average had recovered to seven percent above the pre-crisis level.
By contrast, companies with no effective crisis plan in place saw their shares initially fall by an average of 10 percent, and after 12 months their shares were 15 percent below the pre-crisis level. In other words, for companies without effective planning in place, the share price initially fell twice as far and recovered much slower. A year later, there was a difference of 22 percent of the organisation’s market value compared with the well-prepared companies. A 22 percent impact on long-term market value is surely a powerful reason to put effort into crisis proofing.
And the impact of a crisis is not just on share price. A major study of Australian crises across a 10-year period showed that one in four crises cost the organisation affected more than $100 million, and more than 25 percent of the organisations did not survive in their existing form.
One response to this alarming level of risk is the concept called crisis proofing, which focuses on the role of executive managers and the practical steps they can take to prevent crises and protect reputation. Corporate crisis management traditionally has a strong emphasis on tactical elements such as crisis manuals, cross-functional teams, table-top simulations, communications procedures and a well-equipped ‘war room’. While these elements are important, leading companies are now taking a more proactive role in crisis planning and issue management, which demands much more involvement and participation in the executive suite.
But progress is slow. A recent global study of non-executive directors showed 73 percent named reputation as the single greatest crisis vulnerability, yet only 39 percent had a plan for it. And the Australian segment of the data showed only 11 percent said their own organisation’s ability to respond to a crisis was “very effective” and only three percent felt their organisation was “very capable” in crisis prevention.
The worrying reality is that many organisations still fail to prepare properly and continue to treat crisis management as an operationalised part of the emergency or security function. That may provide an adequate response to an incident when it happens, but contributes nothing to crisis prevention, long-term value protection or reputation management.
The other key factor driving increasing senior executive involvement has been the acknowledgment that most crises which threaten a company are not sudden, unexpected events, but are preceded by clear warning signals, which are frequently ignored. In fact, the Institute for Crisis Management in Denver, Colorado, which has been tracking business crises in the media for over 25 years, concludes that about two-thirds are not unexpected at all, but are what they categorise as ‘smouldering crises’ – events which should have and could have prompted prior intervention, and more than half of all corporate crises are in fact caused by management.
Together, these two factors – that most crises are not truly unexpected and that many are avoidable – have fuelled the move from an operational context to proactive planning at the highest level. This evolution towards strategic recognition and prevention rather than a tactical response has in turn expanded the crisis management role of top executives and directors. However, many senior executives still prefer not to think about crises, so participation in crisis management does not always sell well at the top. But every senior executive should be concerned with preventing crises and protecting the company’s reputation, which means developing a genuine crisis prevention approach instead of just focusing on crisis response.
If crises are to be prevented before they occur, issues and problems need to be identified early, and acted upon by top management. While crisis proofing may require a fresh mindset, there are some basic requirements which help facilitate this new approach:
- integrating issue management and crisis prevention into strategic planning and enterprise risk management
- encouraging blame-free upward communication and willingly accepting bad news and dissenting opinion
- implementing and regularly reviewing best-practice processes for identifying and managing issues before they become crises
- establishing robust mechanisms to recognise and respond to crises at all levels, both operational and managerial
- benchmarking crisis management systems against peer companies and peer industries
- participating in regular crisis management training
- promoting systematic learning from the organisation’s own issues and crises, and the issues and crises of others
- providing leadership, expertise, experience and support in the event of a real crisis
The crisis proofing approach demonstrates that responsibility for protecting the organisation lies absolutely in the executive suite and it gives practical advice on how senior executives can provide participation and leadership from the top.
