Request a Demo

Fill in the form below and we will contact you shortly to organised your personalised demonstration of the Noggin platform.

The Noggin Platform

The world's leading integrated resilience workspace for risk and business continuity management, operational resilience, incident & crisis management, and security & safety operations.

Learn More
Resilience Management Buyers Guide - Thumbnail
A Resilience Management Software Buyer's Guide
Access the Guide

Who We Are

The world’s leading platform for integrated safety & security management.

Learn More
Whitepaper

The Four Hidden Costs of Crisis Management Plans

Noggin

Crisis Management Software

Updated December 7, 2023

Key takeaways:

  • Corporate crises are expensive in more ways than one. They incur costs that are easy to calculate, such as an hour of IT downtime, and those that are much harder to quantify, such as reputational damage.
  • Today, because of social media, crisis response times are measured in hours or minutes, not days. A slow, uncoordinated crisis response can increase both easy-to-quantify and hard-to-measure costs.
  • Yet, the form of many organizations’ crisis plans make a fast, coordinated response difficult. Many businesses create paper-based crisis plans or digital versions created in Word. These traditional crisis-management plan formats make crisis response slower, less coordinated, and less effective. 
  • New digital crisis management solutions offer a way to overcome both the hard and hidden costs of traditional crisis management plans.

The hidden costs of a slow crisis response

The costs of major corporate crises often make headlines. For instance, Volkswagen paid a record $30 billion for Dieselgatei. Wells Fargo paid $1 billion for charging customers extra fees on auto loans and mortgages, and that’s in addition to the $185 million the bank paid for its fake accounts scandalii. Target’s costs for the 2013 holiday hack totaled $202 millioniii

Those costs are easy to quantify, just like the cost of an hour of IT downtime (more than $1 millioniv) or the average cost of a data breach ($3.86 million)v. But they aren’t the only costs associated with crisis. Though more difficult to quantify, the oft-hidden, reputational costs of a slow or uncoordinated crisis response can be just as significant.

And, because of social media, crisis response times are no longer measured in days. They’re measured in hours, even minutes. A study by law firm Freshfields Bruckhaus Deringer revealed that, in 28 percent of crises, news of the incident spreads internationally within just one hourvi. If companies don’t respond swiftly, they’re subject to judgment in the court of public opinion. 

A slow crisis response can further damage the company’s reputation because it leaves the general public wondering why the company is taking so long and whether company leadership knows what to do. 

An uncoordinated crisis response creates risk

The public also loses faith in a business when its crisis response is uncoordinated. For example, imagine executives providing an update on the company’s response within the first hour. The update reassures the public that significant progress has been made. But just a few hours later, the same executives have to backtrack and say that, in fact, less progress has been made than originally announced. Sound familiar? We’ve seen that scenario play out time and again. The costs incurred from an inconsistent crisis response like that are hard to calculate but no less real. 

Although crises are moving faster and the costs of getting the response wrong are growing steeper, crisis management plans aren’t keeping up. They’re not built for a fast, coordinated response. That’s because crisis management plans often take one of two forms: a paper-based plan that’s stored in binders on shelves, or a digital plan stored on a flash drive, a shared server, or in email. 

These forms slow down response, even if the plans themselves are top-notch in terms of their quality. For instance, when a crisis strikes, crisis management leaders must first find the binder or Word document and search through it for the right plan. Then, they must manually activate teams and disseminate information. These delays can increase both kinds of costs—those that are easy to quantify and those that are difficult to measure.

Traditional crisis management plans, be they in binders or Word documents, also hinder effective coordination. They don’t provide company leadership with a clear picture of progress, and they don’t allow crisis managers to track task completion. 

Let’s dig a little deeper into this idea by exploring the top four hidden costs of traditional crisis management plans.

  1. They don’t provide situational awareness to crisis response teams or leaders. 

    Situational awareness is an idea that originated in the military; it means being fully aware of your surroundings and being able to answer the following questions:
    • What’s going on?
    • Why is it going on?
    • What’s going to happen next?
    • What can I do about it?
    • (Then, more precisely) What tools can I bring to bear to solve the problem?

    When crisis strikes, response teams and business leaders need to become as situationally aware as possible as quickly as possible. (For more on situational awareness, see our blog post on the topic.) 

    But relying on traditional crisis management plans means organizations have to piece together relevant information from phone calls, emails, and briefings. Businesses aren’t achieving situational awareness through a single, easily updatable source of truth. As a result, their responses are slower than they could be. Indeed, some crisis management leaders find themselves spending more time making executives situationally aware through briefings than they do actually responding to the crisis.

    Executives, who usually serve as company spokespeople during a crisis, also create risk when they don’t have access to accurate information about their company’s crisis response. They may communicate conflicting information to the public, which can cause confusion and embarrassment, exacerbating reputational risk. 
  2. They require manual team coordination. 

    Speed is of the essence for an effective crisis response, and the delays caused by traditional crisis management plans extend beyond just finding the right plan. Crisis response leaders must also call, email, or text the members of the crisis response team to:
    • Inform them that crisis has occurred.
    • Tell them that they need to act.
    • Instruct them on exactly what they need to do.

    To do that, crisis managers must first gather the right set of contacts. These often include both colleagues within the organization and people outside it. For example, if a company must recall a product, the crisis manager will contact executive leadership, public relations personnel, and regulatory agencies. If the firm is hit by a cyber-attack, the crisis manager will be working with the IT team and, depending on the country, federal investigators or other authorities. 

    Once they have their contact list prepared, crisis managers must gather checklists and other documents that their response teams will need in order to act. For example, the crisis manager may need to find the list of steps for team members to follow in the event of an intruder on company property. Or, the crisis manager may need to search for the communications template to use if a severe storm is approaching. 

    All of these steps take time that, unfortunately, crisis managers simply do not have when an extreme event occurs. 
  3. They don’t track crisis response tasks, status, or trends. 

    Crisis managers don’t just activate crisis response teams and assign them tasks. They also ask for updates. They need to know: 
    • The status of individual tasks. Are they complete? How long did they take to complete?
    • The status of the overall response. How many of the necessary tasks have been finished?
    • Key trends. Is the situation improving or worsening? 

    But crisis response teams using manual communication channels for these updates inevitably work more slowly. Crisis managers must take time away from coordinating the response to gather information. Crisis response team members must put their tasks on pause to give updates. 

    In addition, having the latest information is not equivalent to having a real-time, fully organized picture of the crisis and the response. Crises are complex. Instantly organizing all the information they generate is simply too much for one person, or even a team of people. That’s true no matter how good an organization’s plan is because, with traditional crisis management techniques, tracking tasks, status, or trends is still a manual process.
  4. They’re time-consuming and expensive to update. 

    Crisis management plans need to be updated more frequently than you might expect. Here are a few examples of situations that should trigger an update:
    • Every time membership of the crisis management team changes—due to employee turnover, for example. When that happens, role assignments change, and plans need to reflect that. 
    • The launch of a new product or service comes with its own crisis risk that needs to be prepared for. Product leaders need to play some role in that crisis management planning. For example, they may    need to serve as subject matter experts if a crisis erupts related to the product they’re in charge of. 
    • Each time the company moves to a new location or expands into a new city or country. New locations will have different emergency and media contacts. Different jurisdictions impose different regulations that become relevant in the time of a crisis. 

The more extensive a company’s operations, the bigger the costs to update paper-based plans through photocopying and distribution are. Digital plans don’t incur those costs, but they come with other costs. If crisis management plans are stored on flash drives, those drives need to be updated or replaced and distributed to employees. If plans are stored in email, crisis management professionals must manually send the right plans to the right people and, in the event of an actual crisis, hope the response teams are using the latest versions. 

Crises aren’t going away, and a fast, coordinated crisis response will always be necessary. What, then, can companies do?

Fortunately, new solutions offer the features businesses need to respond quickly, efficiently, and cost-effectively  to a crisis and do so cost-effectively. To ensure speed and coordination in your organization’s crisis response, here are some of the key features to look for:

Situational awareness builders. There’s a suite of features that contribute to situational awareness, including:

  • Issue and crisis management capabilities so you can record and share information about any issue or crisis, with dashboards summarizing the situation, impact, response, actions, media, and talking points.
  • Impact and trend indicators to monitor current and potential impacts, overall or by categories, and see at a glance if situations are improving or worsening.
  • Task trackers to monitor duration and resolution so you can see exactly how long each issue has run for and when it will be resolved. 
  • Update logs that allow you to post updates to each issue or crisis, keeping teams and executive leaders informed as situations develop or decisions are made. 

Coordination functions. Respond more quickly and more effectively with these features:

  • Crisis team stand-up so you can instantly activate any team and have the system automatically ask who can act in each role, in the order you’ve defined, via push notifications. 
  • Team updates so you can view who’s responded to a team activation and how, and who’s currently acting in each role.
  • Action managers to quickly add actions to an issue or crisis, as a simple checklist, or assign each action and add more details.
  • Contact managers to keep everyone involved in crisis response, from the crisis management team to business continuity professionals to other stakeholders, all in one place.
  • Integrated, secure chat to collaborate quickly about any issue or crisis.
  • Accessible anywhere, on any device.

Citations

i     Jan Schwartz and Victoria Bryan, Reuters, VW’s Dieselgate bill hits $30 bln after another charge. Available at https://www.reuters.com/article/legaluk-volkswagen-emissions/vws-dieselgate-bill-hits-30-bln after-another-charge-idUSKCN1C4271.

ii     Adam Shell, USA Today: Wells Fargo fined $1 billion by regulators to settle auto-loan, mortgage abuses. Available at https://www.usatoday.com/story/ money/2018/04/20/wells-fargo-fined-1-billion-auto-loan-mortgage-abuses/535534002/.

iii     Allison Joyce, NBC News: Target Settles 2013 Hacked Customer Breach for $18.5 million. Available at https://www.nbcnews.com/business/businessnews/target-settles-2013-hacked-customer-data-breach 18-5-million-n764031.

iv     The TASA Group: Why You Need a Workplace Contingency Plan. Available at https://www.tasanet.com/Knowledge-Center/Articles/ArtMID/477/ ArticleID/1251109/Why-You-Need-a-Workplace Contingency-Plan.

v     SecurityIntelligence: Ponemon Institute Cost of a Data Breach Study 2018. Available at https://securityintelligence.com/series/ponemon-institutecost-of-a-data-breach-2018/.

vi     Freshfields Bruckhaus Deringer: Containing a crisis: Dealing with corporate disasters in the digital age. Available at https://www.freshfields.com/globalassets/campaign-landing/cyber-security/containing-a-crisis.pdf

New call-to-action