Getting Started with Crisis Management

The first rule of crisis management: crises can happen to anyone

Today, the diversification of media sources, particularly the heightened importance of social media, means that news of a crisis can go viral faster than ever, especially for established brands. Yet, crises don’t only happen to global brands. The rationale for building your crisis management practice is that crises can hit any company, at any moment.

By the numbers, corporate crises are actually more likely to pose an existential threat to small businesses – though the COVID-19 crisis has levelled historic brands. According to the U.S. Federal Emergency Management Agency (FEMA), anywhere between 40 to 60 percent of small businesses in the U.S. close following a natural disaster, an ever-more-common kind of corporate crisis.

However, small businesses are not alone in being unprepared for crisis. It seems most organisations, irrespective of size, don’t take adequate crisis management preparedness measures, specifically testing their crisis management plans, before it’s too late.

Understanding the nature of crises is key to getting started with crisis management

Even though crisis is a fact of corporate life, organisations often think they are immune and fail to prepare adequately. That’s despite the clear risks associated with crises, e.g., harm to stakeholders, losses for an organisation, or even extinction. Why do businesses take the risk?

One explanation might be that organisations conflate crises with critical events. Critical events are often defined as consistent slow-burn issues that affect an organisation. Critical events can (and often do) turn into crises when not properly handled.

Another culprit: companies are prone to view crises solely in their most dramatic forms; think: the once-in-a-generation pathogen, the category-five storm, or the unprecedented data breach that dominates the news cycle.

Episodic and of more significant magnitude, crises are neither critical events nor so abnormal as to be considered impossible. In their simplest form, crises are unanticipated events or issues that disrupt the day-to-day operations of an organisation.

Crises have the potential to create significant financial, safety, security, or reputational harm, depending on the nature and severity of the event. Decision-makers who believe a crisis can’t happen to their organisation fail to understand the sheer variety of potential crises. Those include:

1. Economic crises, events or situations like strikes, market crashes, and labour shortages.
2. Informational crises, loss of important information or organisational records, including public and/or confidential records, theft through phishing attacks, social engineering, or the leaking of sensitive data.
3. Physical crises, compromised major equipment, loss of suppliers, or a major disruption at a key operating plant.
4. Human resources crises, the loss of a key executive or team member, vandalism, or workplace violence.
5. Reputational crises, rumours and gossip that can significantly hurt the reputation of the organisation.
6. Psychopathic crises, unthinkable acts such as terrorism, kidnapping, or even tampering with products.
7. Natural disasters, including tornadoes, earthquakes, fire and flash foods, disease outbreaks, etc.

What’s the value of crisis management?

To be considered fully prepared for all of the above, companies must have regularly exercised crisis management plans in place. That’s the role of crisis management: preparing for, managing, and recovering from crisis. Crisis management consists of the processes designed to prevent or minimise the damage crises can inflict on an organisation.

It’s hard not to argue that organisations can go a long way towards mitigating the damage associated with crises if only they treated crisis management as a critical business function. But first, those businesses must know that besides being numerous in kind, crises are also complex in nature. Hence why crisis management itself tends to be comprised of three phases:

1. The pre-crisis phase, prevention and preparation, i.e., reducing the known risks that can lead to crisis.
2. The crisis response phase, when management must actually respond to a crisis.
3. The post-crisis or post-mortem phase, when companies recover, fulfil commitments made during crisis response, and look for ways to better improve crisis management preparations for the next crisis.

This tri-partite framework of crisis management has a couple advantages:

1. It is simple to visualise how crisis management breaks down by (discrete) stages
2. It helps organisations to better understand how to prepare for each stage individually.

Critics, however, have argued that the framework itself might be too limiting. Instead, when building or enhancing crisis management capabilities, organisations should take intelligence gathering and constant monitoring as the default mode. In simpler terms, that means approaching crisis management as a lifecycle.

This more cyclical mode of crisis management tends to be more strategy- than tactics-oriented. Here is an example of a crisis management lifecycle framework:

• The build-up stage, or the Prodromal Crisis, when you might see hints or clues of a potential crisis appearing in media outlets. At this stage, you should be looking for the repetition of certain trigger themes, repeated messages describing symptoms or precursors to a crisis.
• The impact stage, or the Acute Crisis, when a trigger develops into a full-bore crisis. Often the shortest stage in the crisis management lifecycle, the impact stage tends to result in the most physical, fiscal, emotional, and reputational damage to a company. Companies can usually expect the most media scrutiny during this phase of the crisis management lifecycle.
• The Chronic Crisis stage, the company suffers through any lingering effects of the acute crisis, which can be physical restoration, legal action, or public activism. Media coverage, at this juncture, tends to focus on blame and responsibility.
• The Resolution stage, the crisis no longer impairs the organisation’s operations or directly impacts the public. The risk at this stage is that the crisis remains latent, with the potential to strike again to even more devastating effect.

The crisis management lifecycle

Source: Gwyneth Veronica James Howell, Queensland University of Technology: Description of the Relationship between the Crisis Life Cycle and Mass Media.

Effective practices for crisis management planning

The crisis management lifecycle is an important framework for understanding and preparing for crises. But organisations will need a proactive crisis management plan to address all stages within the lifecycle. Effective crisis management preparation should involve all of the following best practices:

Pre-crisis: creating your crisis management plan

• Identify a crisis management team to create and enact a crisis management plan, as well as to deal with the problems not covered by it, when a crisis does arise.
• Create the crisis management plan to help reduce chaos when a crisis strikes. Your plan should include information regarding potential crises, policies for prevention, as well as strategies and tactics on how to deal with each crisis. Address who will be empowered to enact the crisis management plan, who will be affected by the crisis, how to communicate crisis developments, and how to centralise operations.
• Hold practice simulations and exercises to train staff and expose weaknesses in your plan.
• As part of your crisis management planning effort, identify crisis management software to help you better manage the entire crisis management lifecycle, keep internal stakeholders informed and on message, and monitor media response.
• Create your crisis communication plan, which should include a system to reach the relevant stakeholders, identified crisis communication team members, roles, and responsibilities, a list of key media contacts, company background information, and a set of pre-approved, pre-fabricated messages for use during any variety of crises.

During the crisis: putting your crisis management plan into practice

• Communicate information about the crisis to the public, media, and employees as quickly, forthrightly, and often as possible.
• Focus crisis communications on how people can protect themselves from the effects of the crisis, as well as what you are doing to prevent the crisis from happening again.
• Ensure strong leadership is visible throughout.

Post-crisis: debriefing and evaluating for next time

• Evaluate how your crisis management plan performed during the crisis, correcting errors as you update and revise your plan.
• Communicate key lessons learned (during the crisis) with the public and your internal stakeholders.
• Treat the crisis as an opportunity for further company growth.

Finally, if crises had the regularity of a calendar event, businesses wouldn’t have to plan for them. That’s not the world we live in.

Even if there are warning signs, crises are by nature wildly unpredictable, taking many different forms. But just because organisations can’t always predict when and how crises will hit, it doesn’t mean they can’t plan to manage the effects. That’s the role of crisis management.

A crucial business function, crisis management minimises the time, money, and effort it takes to recover from a crisis. Undertaken successfully, crisis management can even allow the resilient organisation to emerge from the disaster stronger than ever.

Not sure what crisis management resources you should invest in to ensure resilience coming out of the COVID-19 crisis? Download our crisis management software buyer’s guide to find out what capabilities you need for full crisis lifecycle management and business as usual activities.