Companies which are not properly prepared to manage a crisis sometimes say “We are small and not likely to have a crisis” or “There are so many possible crises you can’t plan for everything.” Such excuses are dangerously wrong and can lead to costly reputational and operational damage.
There surely is no shortage of surprises when it comes to crisis management. And of course no company can develop a detailed crisis response for every possible eventuality.
One answer to this challenge is to focus initially on what I call your ‘natural’ crises. This doesn’t mean they result from natural disasters. They are natural to the organisation. They are the industry-specific or company-specific crises which are most likely, which are reasonably predictable, and should be clear priorities. They are the risks which keep mindful managers awake at night.
For example, a chemical company would be expected to plan for a possible leak, fire or explosion; a transport company should have a plan in place for a serious road or rail accident; a hotel must be prepared for a highly publicised outbreak of food-poisoning; and a bank should be prepared for customers in ski-masks making large unauthorised cash withdrawals.
Sadly, some companies fail to adequately prepare for even the most obvious ‘natural’ crises, and this is exposed by some well-known examples. For instance, every food manufacturer should be expected to have strong plans in place for a major product contamination or recall. But when suspected botulism contamination of milk product caused an international recall crisis for New Zealand dairy giant Fonterra (which eventually proved to be a false alarm), the official investigation concluded the organisation was badly unprepared. They said it had failed to “join the dots” between botulinum contamination, infant food products, consumer sensitivities and the company’s global reputation. And now they have just been ordered to pay $183 million in damages to a major client affected by the recall.
Similarly, there could hardly be a more likely crisis for an oil exploration company than a major spill. Yet in the wake of the mishandled Deepwater Horizon disaster in the Gulf of Mexico, BP CEO Tony Hayward later admitted the company’s contingency plans for such an oil spill were inadequate. He told a reporter: “We were making it up day to day.”
Finally let’s consider the risk of data breach, which should be a ‘natural’ crisis for just about every organisation which holds confidential information in computer systems. Some IT experts say there are only two sorts of companies – those that have been hacked and those which don’t yet know they have been hacked. That might be an exaggeration, but it clearly identifies a priority. So how did Sony CEO Michael Lynton respond after his company was hacked, allegedly by North Korea? He tried to present the breach as a complete surprise and the company as a helpless victim. “There’s no playbook for this,” he said. “You’re on completely new ground. We were adequately prepared, just not for an attack of this nature, which no firm could have withstood.”
Sony shareholders and Hollywood celebrities compromised by the hack must have wondered how a cyber-attack was “new ground,” and how a major corporation could have “no playbook” and still be “adequately prepared.”
Clearly not every crisis falls into my category of ‘natural’ risks. But it’s a pretty good place to start. The American management expert Kurt Stocker once wrote: “When you look at the majority of crises, what happened should have been on or near the top of the list of possible events. Why wasn’t anyone prepared?”
It’s a good question and one every company should ask.