Preparing for Tomorrow’s Crisis Today
By Francisco Mateo, CPP, CFE
Security practitioners strive every day to be effective leaders. From managing security staff, coaching, and problem solving to maintaining strategic focus and meeting financial goals, the security practitioner has to lead from the front. Crisis leadership also offers a unique opportunity for the security practitioner to shine and add needed value to the organization. The security practitioner is uniquely qualified to lead before during and after a crisis situation.
Crisis leadership is not an easy task. We’d need to demonstrate to other qualified business leaders that our skills are suitable to direct these efforts most effectively. It takes prescience and preparation to achieve a high level of response.
Reacting to unforeseen events is a costly approach and the results can’t be guaranteed. The security practitioner with the right skills set can offer a better way, like planning for incidents well ahead of their occurrence. It requires taking a long term view of events, addressing systems, stakeholders, and procedure requirements before and during the crisis life cycle.
What would you consider the worst case scenario?
- Workplace violence
- Product recall
- Severe weather
- CBRN Incident
- Expropriation of assets
The list can go on and on, but you get the idea. The common threat between all of these events is that they all required a tiered approach starting with crisis risk analysis and prevention strategies.
The best way to avert the worst impact of a crisis is to prevent it from occurring; both the organization and its leaders need to be counterintuitive. That means that you’ll need to go against the grain of conventional thinking regarding catastrophic events to beat out complacency and fatigue.
Among the security practitioner’s traits most suitable for crisis leadership are:
- Instructor and ability to coach diverse audience
- Team-builder; ability to recruit and keep talent
- Life-long learner
- Real world experience in diverse industries
- An inquisitive mind
- Ability to earn respect from peers
- Passion and solidarity
Adding the security practitioner’s knowledge, effort and skills would greatly benefit any organization’s crisis team. I would reinforce here that if your organizations have the foresight to prepare for disastrous events, it “doesn’t mean they’re fatalists. Rather, it means they understand their fiduciary responsibility to protect their employees in every jurisdiction, their duty to think about how they could deploy aid to expatriates and their families living abroad….”
Assessing Crisis Risk
Before planning gets on the way the crisis team, with its leader at the helm, would assess what catastrophic events the organization realistically faces. Below are the top ten issues to consider:
- Threats against individuals
- Major fire or flood at key facilities
- Power failures and utilities and sustained loss of utilities
- Pandemic flu sweeps across a region where your enterprise operates
- Bomb or bomb threat at your facilities.
- Terrorism specifically aimed at your company, people and facilities
- Terrorism (not aimed at your company) in a region that disrupts business travel, product shipment or port functions.
- Exposure to a product recall
- Alleged compliance violation
- Geopolitical instability in core markets disrupts supply chain
- Sole source provider is destroyed or impaired
- Major currency issue causes significant devaluation (20% or more)
- Community protests by residents or union activist.
- Organized boycott of company
- Competitive intelligence threat. Theft of customer/financial/data design.
- Widespread counterfeit product and/or adulteration.
If plants produce great products free of defects; if a business traveler practiced caution in hotspots; if we took an all-hazards scenario planning approach to natural or man-made disasters; etc., we wouldn’t need to focus on crisis management. The fact of the matter is that we are mostly reluctant to accept these deviations from the norm; therefore, we must come to grips with the fact that preparedness is everyone’s responsibility.
One way the crisis leader can guide the team to effectively prepare is by:
- Collecting and screening information and evidence
- Understanding and evaluating the different risk scenarios
- Deciding what actions would be taken during a crisis event
- Achieving controlled outcome
On that last point, it’s obvious that to achieve a controlled outcome the crisis team would need influence over the message communicated to the general public regarding the event, as well as external decisions made to guarantee public safety. For that matter the crisis team has to ensure good relations with the media and local authorities.
The security practitioner as a crisis leader would need to add a new skill to his/her toolkit, such as strategic communication. There are many pitfalls in crisis communication; thus most “executives are largely uncomfortable with crisis communications.” For that reason the crisis leader should defer to internal/external communications expert within the team
Let the following questions frame your crisis communications plan:
- What do we know?
- When did we know it?
- What are we going to do about it?
What does the “roadmap for effective crisis communication” look like?
- Verify facts with pre-assigned subject matter experts
- Prepare a brief statement for you phone operators
- All media inquiries should be directed to appropriate spokespeople
- Communicate known facts to employees first
- Consider that each stakeholder may have unique crisis communication needs
Knowledge and skills for Crisis Preparedness and Management must be kept permanently up to date. Remember that a sustainable crisis management position calls for:
- Training crisis management teams
- Fast and efficient communication flow
- Globally consistent crisis system
- Clearly defined procedures and role
Once the crisis team has established the crisis scenarios; identified the stakeholders and defined internal/external lines of communication, it’s now time to rehearse. It is the crisis leader’s responsibility to set up table-top exercises and other crises simulations. Since crisis are very rare events the stakeholders need to refresh their recollection in order to keep the skills top of mind. At the same time participation in drills helps to maintain contact data and other aging information relevant.
The crisis leader should also focus attention on the events after-action during the planning and test process. Both the post event review and root cause analysis provide the leader with a process of continuous improvement by critically reviewing performance; updating procedures, as well as seeking a timely answer to the question of why the crisis happened. These are key questions that the crisis leader should explore if he/she wants to avoid making the same mistake twice and be able to share the experience with all relevant parties.
Dr. Laurence Barton, crisis leadership expert, in his book “Crisis Leadership Now” reminds us to “don’t run and hide from crisis preparedness. There’s hope. Your organization has you, and you can also groom and hire talent that has experience in risk and crisis management.”
Lastly, remember that good crisis preparedness is the prerequisite for crisis prevention and management. It ensures that businesses provide an acceptable level of service to employees, clients, customers and other business partners, regardless of what devastating events may occur. The crisis leader and his team should give their best and be prepared for the worst.