According to research by The Conference Board, U.S. CEOs and C-suite executives rank cybersecurity their number one external concern for 2019. How many of those CEOs have asked their teams, “what’s our plan if that happens to us?” Or better, “What’s our plan when that happens to us?” Too few companies have that plan in place. If you’re a CEO or C-suite executive of a fast-growing company, you’re likely focused on attracting the best talent, raising another round and meeting revenue targets. Planning for a crisis, that may or may not happen, is likely not top of your list.
In my experience, few companies put in the advance work to prepare for inevitable issues. First, because they have pressing priorities and the likelihood of a crisis seems low; second, because planning for an unknown crisis seems daunting. How can you plan for the unknown? Here’s a secret: a little thoughtful planning can go a very long way in helping a company respond to the inevitable, and can save the company from significant financial, legal and regulatory ramifications.
Don’t let perfection get in the way of progress. Take some meaningful, but easy steps to ensure your brand can withstand an unexpected issue:
- Identify a Crisis Response Team. Identify an operational leader who can mobilize resources across the organization when needed. Add to the team key leaders across the business, with representatives from communications, legal, HR, IT, security, customer success, etc. Assign the team leader for driving next steps.
- Prioritize a few key issues. Let this team brainstorm the issues the company has or is likely to face. Consider different types of issues (physical, financial, natural disasters, HR, reputational and yes, psychopathic). It’s important to have a wide lens on these issues but pick a few that keep you up at night—the scary issues you know would have significant impact to your brand and may be bubbling near the surface. Some of these issues will be operational in nature – preparing for a service outage for example. Planning for these situations requires contingency and continuity plans in addition to communications plans, but this process of identification and prioritization will help illuminate gaps of that nature.
- Develop communication playbooks. Use the crisis team to develop playbooks for responding to these 2-3 issues. Bring in external support if you need it, but make sure there’s a plan and accountability for getting this done. Key elements of the playbook include:
- An overview of the issue and how it would likely surface inside or outside the organization
- Outcome goals and strategies
- Key stakeholders and concerns
- Organizational processes (decision making and escalations)
- Draft scripts that will allow the business to respond quickly
- List of external advisors and resources that can be called upon
- Prevent the preventable. Through this process, your team will inevitably identify situations that can be avoided. Empower them to make decisions that are aligned with the business’ core values and avoid unnecessary crises. If cybersecurity is your number one threat, then make the necessary investments. If you’re afraid your board is too white or too male, then start recruiting for diversity. If HR is dealing with multiple complaints about an employee, then take necessary action. Remember – when you or your company find yourself under scrutiny for any issue, you will be judged much less harshly if you can demonstrate the company’s good faith efforts.
Need more convincing? Harvard Law School published an excellent article about the role of Boards during crisis. If you’re an executive of a company – public or private – I recommend you read it. The article is about a year-old, but the content and advice are timeless.