It’s time CEOs started to think more about crisis


A new study at Harvard has revealed a shocking statistic. CEOs spent just one per cent of their time working on crisis management. That’s pretty shocking considering nothing destroys reputation or market value faster than a crisis.

Moreover, the Institute for Crisis Management records that more than half of all business crises are triggered not by workers or other causes, but by management. So there is no doubt that the CEO and top executives have a critical role in crisis management. Yet the evidence is clear that companies have a long way to go to get this right.

While the newly published Harvard study identified that the subject CEOs – monitored over a three month period – spent just one per cent of their time working on crisis management, the reality is that this worrying number should not come as a surprise.

For example, a 2016 Deloitte survey of Board members around the globe found fewer than half said they had engaged with management to understand what had been done to support crisis preparedness or to discuss crisis prevention. And the same survey showed 73 percent of the non-executive directors named reputation as a crisis vulnerability, but only 39 percent said they had a plan to address it.

Reputation has been called a company’s greatest uninsured asset, and we know from research that up to half of a company’s reputation, and a similar share of its market value, can be attributed directly to the CEO. That may seem encouraging and an endorsement of strong leadership, which is great when the CEO and the company are performing well. But it also highlights just how potentially vulnerable organisations are when things go wrong. In the world of crisis management this is very much a two-edged sword.

Think no further than Tesla boss Elon Musk, once the darling of Wall Street. When he used Twitter in July to suggest one of the Thailand Cave rescuers was a paedophile, his company’s shares fell by $US2 billion. Then just weeks later he told the New York Times the stress of the job was getting to him, and Tesla lost over $US5 billion in market value.

Or consider Facebook, where cumulative reputation and performance issues recently led to a market loss of almost $US120 billion in a single day, the biggest ever one-day drop in a company’s value.

In their memorably titled book “We’re so big and powerful nothing bad can happen to us,” Ian Mitroff and Thierry Pauchant published a worrying catalogue of ‘reasons’ top executives gave for NOT being properly crisis prepared. These included:

  • Excellent, well managed companies don’t have crises
  • It is enough to react to a crisis once it has happened
  • Certain crises only happen to others
  • Crisis management is someone else’s responsibility
  • Each crisis is unique, so it is not possible to prepare for them
  • Most crises turn out to be not very important

It’s blindingly obvious that such statements are simply excuses for inaction. Responsibility for crisis management absolutely belongs in the executive suite and any CEO who thinks crisis warrants only one per cent of their time is seriously endangering the organisation.

Effective crisis prevention and crisis preparedness demands visible management commitment and leadership from the top. If the CEO doesn’t think it’s important, then why would anyone else?

Posted in Crisis management, Crisis Prevention | Tagged , , , , , | Leave a comment

Is ‘back-flipping’ on an issue really such a bad thing?

When an organisation or individual changes their mind on a public issue it is often derided as a back-flip or flip-flopping or a u-turn or caving in. But sometimes it is just part of the process of reaching the right decision.

Take the case of Australian supermarket giant Coles. The company announced they would phase out lightweight plastic shopping bags in favour of paid heavier-grade bags, then decided to make the replacement bags free on a temporary basis to allow customers to adjust. Then they announced the new bags would be free indefinitely, but quickly changed their mind to make them free only until the end of the month.

Was it messy and unhelpful? Undoubtedly.  But it surely was not, as an article in The New Daily was headlined, “one of the greatest PR bungles in history.”

Compare it, for example, with genuine PR disasters such as United Airlines CEO Oscar Munoz claiming the passenger brutally ejected from one of his aircraft was “disruptive and belligerent.” The incident lost the airline $1 billion in market value. Or British High Street jeweller Gerald Ratner light-heartedly describing his own products as “total crap,” which led to the virtual destruction of the entire business. Or BP Boss Tony Hayward’s infamous plea in the wake of the Gulf of Mexico oil spill that he’d “Like my life back,” which the New York Times described as the “soundbite from hell.”

Regardless of the merits of the plastic bag issue, over-stated media analysis raises the obvious concern whether such hyperbole deserves any place in serious commentary on an important issue of the day. Moreover, it also leads to the more important question: Does such exaggerated characterisation of a reversal inhibit future willingness to pursue proper and appropriate important changes of policy?

As ABC commentator Julia Baird wrote recently: “We need to stop stigmatising public expressions of doubt or error – when they are genuine and not simply opportunistic – and instead welcome them as healthy and human. Have we abandoned the entire concept of evidence-bad persuasion?”

American political editor Jamelle Bouie went even further, arguing that rather than maligning flip-flopping, it should actually be seen as a skill. “The best Presidents can use it to further their goals and take advantage of new opportunities,” he says. “The worst, by contrast, are doctrinaire and rigid – unwilling to move from positions they adopted under different circumstances, and resolute to the point of disaster.”

For examples of ‘change for the better’ look no further than the Australian Government which initially opposed an inquiry into the finance industry, then embraced its capacity to expose wrongdoing. Or Lyndon Johnson, who abandoned his career-long opposition to strong civil rights measures to pass the strongest such measures in history after he became US President.

The key here is to understand the big picture, not just the short-term headline or the cheap media jibes. Because, as Todd Purdom described in Vanity Fair, there are good flip-flops and bad flip-flops, just as there is good and bad cholesterol. What makes all the difference, according to Purdom, is knowing the difference between the two.

But for all that, we continue to call for change and then jeer when it comes. So, should an organisation or individual be able to change their mind on a major public issue without being accused of an opportunistic back-flip? Absolutely … provided it comes after real research, new information, changed circumstances and genuine evaluation of the options. But not, repeat not, if it’s simply a knee-jerk response to some social media criticism – albeit not exactly “one of the greatest PR bungles in history.”

Posted in Issue Management, Reputation risk | Tagged , , , , | Leave a comment

Health data debacle and the need for trust in communication

It’s no secret that citizens don’t trust governments. Yet that lack of trust has seldom been so manifestly evident as when the Australian Government solemnly promised to safeguard the nation’s most intimate and personal health data.

The public rarely get the chance to exercise their distrust of government – except in the political framework of an election. But that opportunity arose recently with the start of a three-month period for people to opt out of My Health Report, a centralised registry of personal healthcare information designed to improve healthcare through better access to data by primary providers and researchers.

It was also an opportunity for issue and crisis managers to be reminded that effective communication demands a framework of trust, especially when dealing with real or perceived risk.

That was the challenge facing the Australian Digital Health Agency. The privacy and security threats were blindingly obvious from the start, not helped by a worrying catalogue of government data breaches, like when hackers offered Medicare Card details for sale on the dark web last year. As Ellen Broad of the Open Data Institute wrote at the time: “It just got a whole lot harder to trust government with our data.”

More recently, health data was hacked in Singapore, and the Australian Information Commissioner has just reported 59 data breaches in the healthcare sector in the last five months.

Little wonder that on the very first day of the opt-out window, more than 20,000 people got online to register their distrust in the system, despite the platform crashing under the unexpected demand. Moreover, distrust turned into shock when some people attempting to tell the government they did not want a My Health Record found they were among almost six million Australians who already have such a centralised file, most of them completely unaware.

Of course a high level of distrust is not new, is not just a problem for governments, and is not confined to Australia. The 2018 Edelman Trust Barometer – a global survey of 33,000 participants across 28 countries – showed that in Australia the four major institutions – government, business, the media and Not-For-Profits – are all now officially classified as distrusted for the first time since 2013, with some of the lowest numbers in the world.  The survey showed that trust in government at 37% is the lowest of the four categories. Edelman Australia CEO Steve Spurr concluded: “It is deeply worrying that a majority (56%) of Australians believe their government is broken.”

Criticism of the My Health Record project has been widespread – including from legal academics concerned about reliability and security, mental health bodies fearing potential discrimination if patient data leaks, and doctors worried data might be handed to police without a warrant. Soon the Government was forced to announce new protections.

This case is a good demonstration of how community and professional distrust can have a real impact on major public issues. And it also reinforces that trust is an essential prerequisite for effective issue management.

In 2016 the UK Government was forced to scrap a similar scheme to centralise records of all NHS patients because of inadequate safeguards. Dame Fiona Caldicott, Chair of the official inquiry into the failure, reported: “Building public trust for the use of health and care data means giving people confidence that their private information is kept secure and used in their interests. Citizens have a right to know how their data is safeguarded.”

The government then responded that it was vital full consultation and dialogue with the public and professionals takes place to establish that trust before implementation. As the Australian experience shows, the word ‘before‘ may represent the difference between success and failure

Posted in Issue Management, Risk Communication | Tagged , , , | Leave a comment

We’ve had a data breach. Let’s not tell anyone. 

It’s a basic question in the face of a data breach. Do we fix it and keep quiet? Or do we tell the world and risk the consequences. A major fuel company was recently confronted by this challenge, and their response and how they communicated it provides a worrying lesson for issue and crisis managers everywhere.

In November 2017 an unnamed person alerted New Zealand petrol company Z Energy that a “critical flaw” in its online fuel card system potentially exposed customer records, including names, vehicle registration details, where and when they bought petrol and, in some circumstances, even their home address.

Data breach reporting is not yet mandatory in NZ and the company decided to attempt a discreet system patch. However the anonymous customer later contacted them again, saying the so-called fix was “half baked” and data was still vulnerable. The company then took the system down, telling their 45,000 cardholders it was dealing with a “technical issue.” They subsequently told customers the site was down because “our technology experts have been building a new online portal.”

Then in June 2018, seven months after the initial report, and four months after the system was reinstated, it all began to unravel. The dissatisfied customer shared the story with local online news service Stuff Circuit, and the company response was disingenuous and unhelpful. “Yes, our Z Card Online system was taken down for a period whilst we made some improvements and changes. But it is now back up and running and we really don’t have any more to add on this.”

The reporters kept digging, and last month Z Energy CEO Mike Bennetts sat down for a videotaped interview. While confirming vulnerability had been identified in November 2017, he insisted their experts found no evidence at the time that data had been compromised. Therefore, he argued, it was a vulnerability issue not a breach and there was no need to tell customers. However, when presented on camera with a screenshot showing data from his own company’s vehicle fleet account he conceded: “It certainly is a security breach.”

The whole case seemed to be captured in reporter Paul Penfold’s final question. “Doesn’t it seem extraordinary that you had a whole ‘war room’ and were consulting with all these experts, yet one member of the public was able to simply change an account number and a URL and get all this information?”

Bennetts replied: “Yes, certainly very, very disappointing and I apologise to our customers. As I said, sometimes these things happen . . . This is something that was missed on the way through and we are very sorry about that.” Hardly a convincing apology or explanation.

On the basis of the ‘new information’ presented, Z Energy – which provides about one third of New Zealand’s petrol – only then disclosed the breach to the market and the Privacy Commissioner. Yet a company spokesperson admitted to Stuff Circuit that the very same evidence had been emailed to the company by the original informant seven months earlier, when the CEO was out of the country. Involvement by the media “now meant we chose to deal with this differently.” The spokesperson added that the company did not want to keep quiet about the incident, but did so on advice. “We repeatedly challenged this counsel as it did not sit well with our values, but ultimately chose to follow the advice of our experts given our commitment to cyber security.”

The most charitable interpretation which can be put on this sorry story is that the company tried to conceal an apparent data breach; failed to advise the regulator in a timely fashion; created a misleading narrative for customers; seemingly didn’t keep the CEO fully informed; and finally came clean only when there was no other option. Compare this with the value proudly stated in the company’s latest Annual Report: “We’re committed to being straight up with journalists and the media. That means providing meaningful information, giving straight answers, and setting new standards of transparency in our industry.”  Great promise. Poor delivery.

Footnote: At the time of writing a Bill introducing mandatory data breach reporting is currently before the NZ Parliament.

Posted in Crisis management, Crisis Prevention, Reputation risk | Tagged , , , | Leave a comment

Make like a Boy Scout, Optus. Be Prepared

The Optus World Cup online streaming debacle was undoubtedly an epic technical and reputational fail. But it is also a critical lesson in the need for well-prepared crisis communication.

When thousands of paying customers were shut out of the biggest sporting event on the planet, the telco got caught up in mixed messages, and never adequately explained how it happened.

Optus purchased exclusive rights to stream most World Cup matches and share the balance with free-to-air public broadcaster SBS. It was a bold plan to attract new paying customers to the Optus brand, yet it all went wrong from day one, with many viewers blocked by buffering and error messages

While the public outcry was inevitable and predictable, the technical failure was compounded by clumsy crisis communication. The company blamed “an extremely high number of viewers logging into our platforms just before kick-off, causing some systems to overload.” Which raises the obvious question, why would it be a surprise that viewers would log in just before kick-off?

Then Optus seemingly allowed their PR Manager to make the rather baffling comment that the company did not skimp on its back-end infrastructure, and add: “I can absolutely guarantee that we did not under-cater in any shape or form.” However CEO Allen Lew clearly said it was a load issue and promised: “We should have done better, we can do better and we will do better. We will solve this problem by the end of this evening.”

Unfortunately it was a well-intentioned but ill-judged pledge, because the problem continued next day. In fact Mr Lew’s premature assurance was reminiscent of when Andy Penn, CEO of rival telco Telstra, followed up a nationwide outage in 2016 by boasting that a review of their network showed its “incredible strength and resilience” . . . just one day before his system crashed again.

Meanwhile, an Optus spokeswoman tried to spread the blame: “Some customers who watched the match on the Optus Sports app, on certain devices through other telco networks, experienced buffering issues.” However, every crisis manager knows that in the midst of a public relations disaster it is never advisable to blame someone else – even when it’s not entirely your fault. And an unnamed staffer from the company’s broadcast studio was later reported saying “sensationalist” media outlets had made the streaming issues “seem like the end of the world.”

After intervention by the Prime Minister, Optus agreed to share some matches, and later all remaining matches, with the primary rights holder and offered refunds to customers.

Commenting on the system failure, Mumbrella’s Tim Burrows observed that “Streaming is not a mature technology and it’s not easy to get right.” While that charitable conclusion might be true, we are not concerned here with the technical aspects, but with the muddled communication. Bear in mind that this latest debacle came less than a year after Foxtel Australia’s network crashed for the premier of the new season of Game of Thrones and they blamed it on “unprecedented demand.” Managing Outcomes wrote at the time that “Unprecedented is a poor excuse for unprepared” and Optus seems to have learned little from what went before.

Crisis management is not just about how to respond when a crisis has already struck. It should also be about worst-case scenario planning, preparing in advance in case things go wrong, and having a good communication plan in place. There just may be an excuse for technical failure in a highly complex streaming environment. But there is no adequate excuse for not having effective crisis communication prepared and ready to go.

Footnote: Two weeks after the event, Optus took out newspaper apology ads admitting it was a “monumental stuff up.” Only time will tell whether that belated effort delivers any real upside.

Posted in Crisis management, Reputation risk | Tagged , , , , | Leave a comment

Hey banks. No reputation campaigns . . . Please

Financial Institutions across Australia are enduring their worst reputational crisis for a generation, and there is every likelihood it will get a lot worse before it starts to improve. But now is absolutely not the time to launch some hopeful “reputation building initiative.”

Recent evidence at the Banking Royal Commission commenced to shred the reputation of banks, wealth management funds and other financial institutions. Then, within the space of a few days, the Commonwealth Bank agreed to a $700 million fine for money laundering – the largest fine in Australian corporate history – and criminal charges were laid against three major banks and six of their highest executives over alleged cartel behaviour to artificially inflate the price of ANZ shares.

There is nothing like the threat of prison to focus the mind, and right now the unprecedented collapse of reputation in the finance sector is doubtless triggering some long-overdue soul-searching in boardrooms across the country.

And it’s not just a crisis confined to Australia. Two of the banks facing criminal charges over the ANZ cartel scandal are major global players – Citigroup and Deutsche Bank – while a third global organisation,  J.P. Morgan, reportedly avoided prosecution by blowing the whistle on the  deal.

At the same time, the reputational crisis engulfing Australia’s banks has had another immediate international impact. Westpac lost top spot as the “world’s most sustainable bank” (as measured by the Dow Jones Sustainability Index) and the other “big four” also dropping down the rankings.

It’s doom on all sides – and the Banking Royal Commission has many months of expected damaging evidence still to come. In the face of this onslaught it’s a sure bet that some worried executives are asking: “What can we do to restore our reputation?” But in the midst of a continually unfolding crisis it’s the wrong question. It should be: “What can we do to change our ways and perform better?”

The fundamental problem is not reputation as such. It’s years, maybe decades, of bad behaviour which is now coming to light and having a very predictable effect. The public are looking for tangible evidence of improvement, not platitudes and promises. And a feel-good reputation campaign just won’t cut it. Look no further than the recent Bankers Association advertising campaign on the theme “Australian banks belong to you” with the message “Profits don’t belong to the banks, they belong to everyday Australians like you.”

That all sounds rather hollow when financial institutions are admitting in evidence before the Royal Commission to long-standing policies and grave mistakes which sometimes drove those same “everyday Australians” needlessly into bankruptcy and ruin.

Crisis managers everywhere ought to know the difference between branding and reputation. Branding is what you say about yourself. Reputation is what other people say about you. Reputation derives from how you behave and how it’s perceived, not from clever image-building and not from promises about what you plan to do. In other words, honestly address the bad stuff first and reputation repair should follow. As the saying goes: You can’t communicate your way out of a problem you’ve behaved yourself into. Moreover, we know from research that the credibility of business is low, and falling, and self-serving messages from big businesses during a reputational crisis are not likely to succeed. They may even backfire.

Way back in 1845, Henry Mahew penned a famous quip for Punch: “Advice to young persons about to marry – Don’t.” To paraphrase this Victorian witticism: “Advice to bankers about to suggest an image-building reputation campaign – Don’t. Please.”

Posted in Crisis management, Reputation risk | Tagged , , | Leave a comment

Crisis? What crisis? Why recognition is critical

Every organisation should know when it’s facing a crisis. Sadly, it just ain’t so, and that can be a major problem.

With the football World Cup about to begin, consider the notorious case of former FIFA President Sepp Blatter. When football’s governing body was accused of corruption way back in 2011, he famously responded: “Crisis? What is a crisis? We are not in a crisis, we are only in some difficulties and these difficulties will be solved inside our family.” Four years later, facing renewed allegations, Blatter was finally forced to resign.

A critical role for leaders is to define reality, including whether the organisation is facing a crisis. This is a genuine skill, and it requires judgement, leadership and honesty. Yet some senior executives will try to emulate FIFA and deny that a crisis is threatening or has already happened.

It’s understandable that executives may be reluctant to declare a crisis, to claim that everything is under control. Maybe it’s ‘justified’ by a desire to protect the share price or to avoid damage to reputation. But as British crisis expert Jonathan Hemus has written: “You can only begin to rebuild your reputation if you recognise you have a problem. Denial is the enemy of crisis management.”

Unfortunately it is not as simple as it seems. A crisis is pretty easy to recognise when it’s triggered by an emergency or major incident, such as a fatal mine accident or infrastructure failure or transport disaster, or warehouse fire or a product recall.

However, it’s much harder to identify when an ongoing or slowly developing problem has the potential to become a crisis, or maybe already is a crisis. Sometimes this is called a creeping crisis, such as repeated computer security breaches, persistent management misbehaviour over time, or a growing tide of customer complaints.

Take for example the infamous Ford–Firestone crisis, when more than 200 deaths were attributed to tyre failures, over half of them involving Ford SUVs. Ford CEO Jacques Nasser admitted before a Congressional committee that, despite replacing tyres overseas, Ford held off taking action in the United States “because review of its various databases assured the company there was not a problem here.” The databases might have suggested “not a problem here,” but the eventual result was one of the largest tyre recalls in history.

Or consider the Vice-President of a French airline following a plane crash which killed 87 people. Crisis authority Christophe Roux-Dufort says that, based on the fact that the morning after the accident the level of seats reserved on their flights had not changed, the airline executive asserted that it wasn’t a crisis at all.

Two separate forces are at play when senior managers attempt to deny there is a major problem. The first is a bias towards optimism – the assumption is that nothing can go wrong and success is sure to continue. The second force at play is wilful blindness – when top executives don’t or won’t hear bad news. What’s needed is open, blame-free, upward communication. In the wake of the famous Pentium chip recall crisis, Intel boss Andy Grove observed that “most CEOs are in the centre of a fortified palace.” He said he had been one of the last to understand the implications of the crisis.

Yet it shouldn’t be like that. The reality was captured in one of the most important early books on crisis management when Steven Fink wrote: “You should accept almost as a universal truth that when a crisis strikes it will be accompanied by a host of diversionary problems. As a manager, your task is to identify the real crisis.”

Posted in Crisis management, Crisis Prevention, Reputation risk | Tagged , , , , , | Leave a comment