More large companies are navigating public crises than ever before.
It’s not just a matter of more companies on the landscape (there are) or of a particularly divisive outlook on the business cycle (there is). The numbers are real: According to McKinsey & Company, a metric for judging how many companies are going through rough water has almost doubled since 2010.
The whys behind the trend are as varied as the crises themselves. Although activists and journalists often look for a pat narrative when pride goeth before a corporate fall, there’s no template to the rise in troubles. For example, companies pay out more in large U.S. regulatory infraction fines and settlements than ever before — a near quintupling between 2010–2015, to nearly $60 billion per year. But many corporate missteps are well afield of mere regulatory action or other events driven by the government.
Corporate risk profiles are changing
While there’s no pattern, several macroeconomic trends, societal changes and competitive pressures mean it’s prudent to reassess and update corporate risk profiles:
Complexity boosts productivity and often profits, but often at the cost of fragility. A new vehicle likely includes computer controls programmed with more than 150 million lines of computer code. Goods travel thousands of miles through supply chains that comprise multiple intermediaries and multiple jurisdictions. The rise of e‑commerce has concentrated hundreds of billions of dollars in GDP on the ongoing health of a relatively small number of large data hosts and logistics companies. And while none of those are bad business practices, they are all examples of evolving risk that should be part of crisis assessment, planning, response and recovery processes.
All the fuses have grown shorter. Social media has always placed more value on being first than being right; increasingly, personnel- and cash-strapped newsrooms are forced to make the same choice. A crisis that once generated a single bad news cycle before management and their crisis counsel could get their arms around it is now an instant social media event, racking up thousands or millions of views before traditional media even begin to report. And, like everything else on the internet, these social-first crises live forever online.
Everyone hates everyone else. Overstatement? Not by much. Studies of affective polarization show that political party affiliation — once a significant but by no means overwhelming factor in citizens’ civic lives — has grown into a strong, nearly tribalist ingroup/outgroup identity that impacts preferences and decisions that have nothing to do with politics. Companies that work extraordinarily hard to avoid political issues can find themselves dragged into public debate. Similarly, organizations choosing sides no longer have the luxury of only deeply activist customers caring about their actions, or the comfort of believing politics will wane when election season ends.
Worrying about crisis, but not doing much about it
Against this backdrop, why aren’t organizations rethinking their risk exposures and responses?
It’s certainly not for lack of worrying. In a 2011 study, nearly 80% of business decision makers feel they are less than 12 months from a crisis, and nearly 60% have experienced a crisis in their current or previous company. But that same study revealed that only slightly more than half of the surveyed organizations have a plan in place. Indeed, among those without a plan, the rare need for it and the difficulty of set-up and management were cited as top reasons for the gap.
Even among small and mid-sized enterprises, the majority of crises reported cost the company more than $500,000 — a number that can scale up into the billions for a large company recall or an episode that shakes investor confidence in a stock.
Faced with both this reality and clear evidence that crises are more prevalent than before, why aren’t organizations doing more and better planning?
Crisis and resiliency: management disciplines, not just communication specialties
Search Google for “crisis preparedness” and nearly 400,000 results show up. Most of the top results have to do with crisis communications — an important factor in crisis preparedness, but hardly the only one.
This public trove of opinions and sales pitches affects the larger ecosystem of crisis response. Executives at small and medium-sized companies have less exposure to full-spectrum crisis preparedness that approaches the issue for what it really is: A strategic management challenge. One that covers communication, yes, but also operational and financial planning, personnel, proactive monitoring and restoration for the road back to normal performance.
Best-practice crisis planning isn’t just about what to say — or not say. Well-prepared companies typically plan in five areas:
Evaluating and regularly reviewing possible scenarios. This looks at first glance like the low-hanging fruit of crisis preparedness — even marginally competent executives have a general idea of potential threats to ongoing operation. But there’s a night-and-day difference between informally blue-skying possible problems and rigorously approaching their likelihood, impact and mitigation. A viral customer rant on Facebook, product-delivery interruptions from a key supplier and a loss-of-life incident are utterly different scenarios; putting them all in the same general bucket of possible crises with the same general response borders on management malpractice.
Creating operationalized crisis-management responses that include all appropriate functional business areas. A truly operationalized plan of response allows managers deep in the organization to know what’s expected of them in a crisis, how to respond and — this is key — to do so with a measure of practice and confidence. Across every industry and imaginable black-swan event, the key to consistent operational response lies in training. Flavius Josephus was onto something nearly 2,000 years ago when he said of the Roman military: “Their drills are bloodless battles, and their battles bloody drills.”
Understanding the financial impact of those scenarios and determine reserve needs or other resiliency measures. Measures to provide short-term liquidity and navigate choppy financial waters should be known and available, with clear executive decision trees to their activation. Exposure to activist-shareholder issues should be understood as well, along with countermaneuvers. Contractual steps — such as “cooling off” periods in supplier contracts that avoid immediate changes in the terms of their accounts receivable, can offer extra protection and may be put into place long before a crisis occurs.
Monitoring relevant issues and providing a clear path for early escalation. Most externally-driven crises start as events that, effectively handled early on, didn’t have to turn into a dumpster fire. Early warning systems, in the form of personnel empowered to quickly escalate issues to resolution as well as third-party tools to monitor traditional and social media, are a form of insurance against small problems becoming major events.
Formalizing restoration efforts so focus can return to the core business as quickly as possible. There’s a temptation among some management teams to let the dust fully settle after a crisis before turning attention toward a new strategic foothold or brand repositioning. That’s a mistake — the delay may mean the market has left them behind. Whenever possible, moving on should begin immediately after stabilization of the immediate crisis.
Winners, losers — and not a lot in between
Today’s crisis environment is qualitatively and quantitatively different from what most leaders have ever experienced. A combination of changing business practices, societal shifts and instant amplification leave companies operating in territory that looks familiar, but hosts distinctly different risks just below the surface.
The net effect for most organizations? The semi-safe middle ground occupied by organizations with a basic level of crisis planning in place, or that operate in spaces where crises are thought to be less likely, is eroding. In the future, there will simply be the prepared and the unprepared, the latter carrying an unseen toxic asset on the organization’s balance sheet.
The data is clear: Most companies will endure a crisis at some point, most crises are expensive, and they are growing in frequency. Against that backdrop, crisis-response planning is no longer optional; it’s a core — and for some organizations, existential — management function.