Skip to content
Menu
menu
illustration of a man in a business suit running in front of a giant stopwatch

Illustration by iStock; Security Management

Strategies for Success: Preparing Practical Crisis Response and Resilience Plans

It is human nature to fall prey to optimism bias—the belief that bad things are less likely to happen to you. It’s also a dangerous trap for corporate executives.

Blindly trusting outdated resiliency plans to suffice in the event of a modern-day crisis can leave companies exposed to unnecessary risk. While standard resilience plans may have worked three decades ago, they simply don’t keep businesses and their employees safe in today’s world. Every second is precious in a crisis. Failing to prepare and adapt in advance wastes crucial time when it matters the most. Business leaders must prepare and practice streamlined crisis response plans that are tailored to today’s threat environment and adaptable to any situation.

Typical resiliency plans, while full of excellent material and data, are ultimately useless in their current form. Hundreds of pages of expert analysis from a consulting firm cannot be deployed quickly in a crisis scenario. Since decision-makers often don’t have the time to read and absorb the information during regular operations, the books end up collecting dust instead of informing a response to any given crisis.

Personnel turnover exacerbates this issue, as new executives rarely have the time to read these dense volumes either. It would take hours to sift through the information to identify key points, such as response paths, key roles, and available assets. These are hours leaders don’t have to spare.

Speed is paramount in a crisis. For example, if an employee with high-level access is in a car accident in Germany, their technology must be promptly locked down before sensitive, unsupervised information falls into the wrong hands. Or if an earthquake in Tokyo, Japan, traps employees, immediate action must be taken to locate them and get employees to safety. If a cyberattack has downed operations, every second before a system is restored is a loss in revenue and brand trust. In every instance, seconds and minutes are precious commodities. At the same time, few people make their best decisions while stressed and rushed. It’s all too easy for executives to become paralyzed in the moment by the fear of making an imperfect decision due to incomplete information.

Working Faster

Resiliency planning is a team sport. Each division lead within a company—the CSO, CIO, HR director, and others—must know their role in a crisis so that they can act immediately. It’s critical for companies to have a basic crisis playbook that can be overlaid with a customized response, factoring in the variables of each emergency, such as location, terrain, and the number of employees involved.

Although excellent in concept, 300-page resiliency plans mire decision makers in an overload of information. Condensing them into an actionable 15 to 25 pages allows decision makers to quickly access and digest the necessary information while under stress.

The first five pages should consist of templates that lay out the common components and phases of crises—such as kidnap, ransom, and extortion (KRE), as well as cyberattacks, medical emergencies, or natural disasters. This includes responses to when a warning is issued and there is a loss of communication and restriction of movement.

The following 10 pages should then outline a basic overview of the key people, questions, and responses involved in addressing each major scenario. This document serves as a playbook, providing the basic formations that executives can then adapt to each specific situation. Compressing hundreds of pages into a simple, uniform, and intuitive format moves must-read information to the forefront.


Blindly trusting outdated resiliency plans to suffice in the event of a modern-day crisis can leave companies exposed to unnecessary risk.


Working Smarter

Instead of being suddenly confronted with a host of high-stress decisions, business leaders can use the available information on terrain, assets, resources, and safe zones to quickly work through a decision tree and come to an actionable conclusion. This allows them to move expeditiously, knowing that their legal, operational, and communication needs are being met simultaneously.

Without these guardrails, fear sets in. Doing the basic analysis ahead of time will create a clear course of action and lessen decision paralysis when the crisis arrives. The key to surviving a crisis is keeping the organization focused and moving by making the best possible decisions in near real-time.

Too often, businesses assume that their insurance will cover a crisis. However, most insurance policies do not cover warzones, terrorist attacks, or natural disasters—meaning that executives could be unpleasantly surprised by their lack of assets during an emergency. So, the next step in preparing for resilience is working through the template to identify which responsibilities can be filled internally and which will require a vendor.

Working through questions about vendors’ capabilities and limitations is essential to being well-equipped for a crisis. Businesses must ask practical questions, such as whether vendors will negotiate with hackers, if they know how to pay using cryptocurrency, and who would be responsible for delivering the ransom in a kidnapping case. Forming relationships with vendors through regular meetings and tabletop exercises before a crisis develops will build the trust and understanding that yields quick results when disaster strikes. The 15- to 25-page document should contain a comprehensive list of vendors’ names, numbers, and email addresses, as well as which situations they will act in. Knowing exactly when and how vendors will act sets the entire crisis response team up for success.

Crises are happening with increasing frequency, but they don’t have to become catastrophes for corporations. Although it’s impossible to fully anticipate the details of a crisis, establishing a basic framework that can be customized to each individual emergency will go a long way in ensuring an effective response. Like a team using a playbook, corporations must prepare their responses in advance so that all personnel understand their role in crisis response, allowing organizations to quickly deploy the correct assets, personnel, and vendors.

 

Dale Buckner is the CEO of Global Guardian, a global security firm based in McLean, Virginia, USA, that provides its clients with access to a comprehensive suite of duty-of-care services.

arrow_upward