Measuring the Hallmarks of Crisis Leadership
Are you an effective communicator? Good at delegating tasks? A calming presence even during challenging times? Then congratulations—you have all the makings of an excellent crisis manager. But these talents alone will not produce a good outcome during an incident.
“Good crisis leadership happens when you plan for it,” says Lisa Zarzycki, director of corporate security for Daimler Truck North America, one of the world’s largest commercial vehicle manufacturers. “It is imperative to have a team in place that understands their role in crisis could be different than their daily line role.”
This goes beyond just the boardroom or the C-suite—preparation is key at the site level and frontlines as well. Zarzycki works in conjunction with the rest of the business to ensure that crisis management plans exist and are trained for at all sites and the corporate level. The corporate security team is strategically located throughout the United States and Mexico, so they regroup twice a year for crisis management exercises, and they go onsite to major locations to conduct hands-on training.
“As we are a small team for the number of locations that we have in North America, it is imperative that each of us can pick up the ball as needed,” she says.
Crisis response comes in two phases: acute and long-term, says Scott Fischer, CPP, CISSP, senior manager of global security for James Hardie Building Products, Inc. Acute responses are the immediate reaction of the organization to protect employees and infrastructure, but those are usually temporary bandages, not viable business solutions. Over the long-term, organizations will need to determine how to shift their responses from acute to more sustainable operations that align with strategic business priorities.
Some organizations might doubt the need to include security in aspects of crisis response beyond the acute crisis response—when life safety is a priority—but security leaders are in a unique position to help with many types of hazards and challenges.
“Security leaders typically have experience working under pressure and responding to crises, making them a valuable resource to any organization,” says James Mehta, chief security and compliance officer from Acuity International, a contractor that performs services for governments worldwide. “Frequently, a crisis involves threats to the business or its people whether from a natural disaster, terrorism, or workplace violence. Security leaders are comfortable dealing with routine threats and identifying the steps to eliminate or reduce those threats. Not all leaders have this experience.”
Zarzycki concurs, noting that, “As security works across business lines and across corporate functions, we are in the perfect position to be the liaison.”
“In addition to basic crisis management skills, security leaders bring their knowledge of the business, their soft skills in terms of negotiation and organization and their ability to see the bigger picture,” she adds.
This does not mean that security needs to lead crisis management teams, however. Mehta explains that during Acuity’s preparations to evacuate from Afghanistan in 2021, he served in a supporting role within the team. “I supported my decision maker the way I would want to be supported if I were making the decisions,” he says. “I set a daily operations tempo to track open actions and decisions, identify and include the right stakeholders from around the world, and anticipate emerging needs. Facilitating this rhythm through a daily briefing simplified information sharing and kept all stakeholders informed.”
While Mehta’s background is in the public sector—having spent 28 years in the U.S. Air Force—he believes leading through a crisis in the private sector requires the same skills and attributes. “The environments are different, and certainly, the cultures are different, but the universal qualities of leading an organization during a crisis are the same,” he says. “Leaders in both situations need to trust their people, be decisive, and communicate effectively.”
During a crisis, the importance of frequent and concise communication cannot be exaggerated, Fischer says.
“You have to keep people informed but not overcommunicate beyond what’s needed,” he adds. “Especially with senior leaders, you need to communicate in three to four sentences, or bullet points, to say, ‘here’s the update,’ and keep it at that. Then keep those updates flowing so that they stay plugged into the situation.”
“During a crisis, it is critical that senior leaders are engaged with their team, decisive, and communicate clearly,” Mehta says. “Being engaged doesn’t mean the leader has to do everything themselves, but it requires them to trust their team to gather the right information, bring in the right partners, and make recommendations.”
He continues, “The leader will never have enough information, but crises usually demand immediate decisions. Clear communication is vital during the chaos that naturally occurs during a crisis. This works both ways as information flowing up to the leader must be accurate and the leader’s decisive action directing the team must be clear and unambiguous.”
For example, the COVID-19 pandemic affected operations globally for Daimler. So, the company activated regional and business line crisis management teams—led at the international level—which would waterfall information throughout the organization to inform better decisions during the crisis.
“Working with our pyramid model of local at the base, regional in the middle, and corporate at the top, information flowed up and down throughout the organization with regularly scheduled virtual calls and meetings,” Zarzycki says. “This information sharing was critical to ensuring that risks were mitigated and strategic goals were aligned. Because the [crisis management teams] are usually led by the CEO or location manager, the top levels of management were engaged and able to make decisions in the best interest of the company and the team members.”
This can become a bit of a balancing act, especially if an acute crisis becomes a long-term challenge, Fischer says. During a short-term crisis, the management team might surge resources and host twice-daily calls to update stakeholders on the situation. But crisis management leaders should constantly reassess what the organization needs.
“You have to adapt to keep the team running and everyone engaged,” he adds. While at the start of a crisis, the entire organization may be ready to jump to attention and a crisis management team might have 12 people on daily calls, but that level of engagement is unlikely to last as priorities shift. As the organization comes to grips with the situation, people are likely to drop off of daily calls, and perhaps the crisis manager could shift to a daily email or a weekly. The goal, Fischer says, is to “get the right cadence for the right crisis and establish and maintain it, then you adjust as necessary.”
The best incident manager is not an incident responder, Fischer says. “You can get pulled into doing stuff, and you’re so busy doing stuff that you’re not managing it.”
But part of delegation is preparation—second-level leaders and deputies will not be ready to step into emergency roles unless they have been trained, supported, and encouraged to learn.
People often forget to delegate as we move up, but the more you embed people in day-to-day interactions, the more prepared they are, Fischer adds. Second-level leaders can be given larger roles and responsibilities on both blue-sky days and during incidents to boost their confidence and experience to take charge if needed.
“Leaders must always train the next generation of leaders,” Mehta explains. “This is vital not only for the organization, but also for second-level leaders to grow as individuals and be ready to take over tomorrow. Today’s leaders can help these emerging leaders grow and develop by sharing with them their experiences and thought processes, especially during a crisis. Leaders also need to empower this next generation by giving them opportunities to make organizational decisions. A good example is to allow second-level leaders to make real decisions when the leader is on PTO. This gives everyone—the leader, second-level leader, the team, and even the organization’s most senior leaders—confidence in those second-level leaders’ ability to do the job and trust in them during a crisis.”
Security teams are often small and overcommitted, though, so when a crisis puts additional pressure on personnel, security leaders will need to be blunt about bandwidth, Fischer says. If one security manager out of a team of three is dedicated to a crisis response, that significantly reduces the team’s ability to handle other tasks.
“You have to be able to call on different resources—even if they’re not in your department, if they’re external to the company, or if you can pull in other functions to say ‘Hey, I need somebody to help me with this,’” he says. “If you have people with different strengths, you can have people take on different tasks for you.”
It’s almost a cliché that after a crisis hits, security managers’ and business leaders’ email inboxes are inundated with sales pitches for new products and services that allege that they would have helped the organization avoid the whole ordeal. A good crisis leader will be able to bring existing resources together, get people talking, and keep people calm enough to logically evaluate the organization’s genuine needs and budget.
Calmness is tied to budget, Fischer says. “We have to spend something to do this, but we don’t have to spend everything to do this.” Looking at past incidents, current risks, and business priorities will help crisis responders take a breath, step back, and make practical decisions, he adds.
“Exercises and simulations are essential but are artificial by definition; there is no substitute for the real thing,” says Mehta. “Networking, learning about other parts of the organization, and being open to multidisciplinary solutions are also important for responding to a crisis.”
He recommends volunteering to participate in both exercises and real crises. “We all learn from experiencing both successes and mistakes,” he says. “As leaders, prepare by staying knowledgeable on the security situation in the countries your organization operates within so you can anticipate when a crisis may be brewing. Also, volunteer to review and update your organization’s crisis management plans so you are aware of standard operating procedure. No crisis will follow the ‘plan,’ but it will get you thinking about what is needed and what you would do in a crisis.”
In addition, Zarzycki adds, “Don’t get tied up on the type of crisis. Whether it is an act of nature, a pandemic, or cyberattack, the important thing is to have a team in place that knows their role in a crisis and is prepared to make quick but good decisions with the information that is available. Make sure to document the information that you have and the decisions that are made. This is critical not only for continuous improvement but also for covering your bases.”
Claire Meyer is managing editor for Security Management. Connect with her on LinkedIn or email her directly at [email protected].