As trade becomes increasingly global and dependence on digital technology increases, the potential for disruption is rising exponentially. Risks are becoming more complex and more connected, and it’s no longer just major organisations or cities that are at risk - events can happen anywhere, at any time.
Threats, such as terrorism, political violence, kidnap and ransom, cyber risks or product recall can cause serious operational disruption, financial loss or adverse publicity that can impact your organisation and its profits. That’s why it’s important to understand crises and the steps you need to take to manage them.
The British Standards Institution (BSI) defines crisis as an “abnormal and unstable situation that threatens the organizations strategic objectives, reputation or viability" and crisis management as "development and application of the organizational capability to deal with crisis". While you may have an incident response plan, incidents are usually something which can be predicted in advance and can be resolved quickly before long-term or permanent impacts occur. Crises, on the other hand, are unique or unforeseen events and can have dire consequences for your organisation. Failure to respond to a crisis in the correct manner could potentially cripple your organisation and, as this is not something which is part of day-to-day management, you will need to allocate the time and resource to introduce a crisis management plan.
Research undertaken in 2017 by Gallagher, in conjunction with YouGov, shows that UK companies are keenly aware of the need to build a culture of crisis resilience against the main threats their organisations face, but managing and responding to security threats like cyber extortion, terrorism and emergency repatriation is easier said than done. These incidents are low frequency but high impact – increasingly causing damage to brand and reputation, as well as financial loss and personal injury or loss of life.
The key to a successful crisis management plan is to start as early as possible and have a clear strategic direction including clear communication, effective leadership and a detailed record of all decisions taken. Companies need to shift their mind-set and take a comprehensive approach to building effective resilience aligned to four key pillars of activity: ‘Anticipate, Prevent, Respond, Recover’.
This guide practically outlines certain key principles in the Airmic ‘EXPLAINED: Business Continuity Management’ guide, BSI standards publications – ‘BS65000: Guidance on organizational resilience’ and ‘BS11200: Crisis Management – guidance and good practice’ as well as Airmic's ‘Roads to Resilience’.