So, what is the role of the Board in crisis management? New research suggests it’s not well enough understood and needs a lot more attention. And the view from the Board Room shows a worrying vulnerability around crisis preparedness and prevention.
A major study by Deloitte looking at the attitudes of non-executive Directors across the world reveals a serious gap when it comes to crisis preparedness and planning.
The study found that more than three quarters of board members believe their company could deal with a crisis situation, yet less than half are confident they are properly prepared. Only 49% said their company monitor and have communication to detect potential crises – or have a playbook for likely crisis scenarios – and even fewer (34%) said their company engages in crisis simulations and training. Furthermore, 73% of the Directors named reputation as the single greatest crisis vulnerability, yet only 39% had a plan for it.
While the survey sought the views of board members around the world, the response from non-executive Directors in Australia was particularly worrying. Only 11% rated their organisation’s ability to respond to a crisis as “very effective” and only 17% believe they have “extensively” identified the potential risks that could create a crisis. Worse, only 3% of the board members in Australia felt their organisation was “very capable” in crisis prevention.
Globally, cybercrime was identified by Directors as the second most vulnerable area, and a separate study has reinforced this risk. A new British survey of almost 200 cyber security professionals found that nearly half believe their Board and Directors have a major gap in their understanding of cyber risk, or simply don’t understand the risk at all. The survey also found they believed their senior executive team too lack cyber risk awareness, and that the major factors holding back cyber security strategy were budget constraints, poor security awareness culture and lack of understanding of the real threat.
The important role of the Board in crisis management should not come as a surprise. For example, following the contamination false alarm crisis which struck Fonterra in 2013, the official inquiry concluded that the Board should “explicitly accept” responsibility for oversight of system improvement and should develop its own protocol for crisis management. Similarly, the inquiry into the fatal fire and explosion at the BP refinery near Houston, Texas in 2005 clearly sheeted home responsibility to the Board 8,000 kilometres away in London.
So what can be done by issue and crisis management professionals to improve Board and organisational preparedness? At least part of the answer lies in a further finding of the Deloitte study. Fewer than half of the Board members surveyed globally reported that they had engaged with management to understand what had been done to support crisis preparedness, and only half of Boards and management had specific discussion about crisis prevention.
That’s a troubling state of affairs. Improved engagement between management and the Board certainly isn’t the complete answer. But it surely would be a pretty good place to start.
Need help planning crisis preparedness? Contact Tony Jaques.