Business Leaders Are Overconfident in Their Organizations' Readiness for Disruptions
A survey of more than 300 U.S. business leaders found a disconnect between executives’ confidence in crisis readiness and the reality in how major disruptions are handled.
While every respondent said that their organization was proactive when it comes to crisis planning, 93 percent admitted that the organization missed red flags of pending crises or disruptions. Almost half of respondents (48 percent) agreed that their organization’s leadership team is often surprised by market shifts and external pressures.
The types of potential crises that senior leaders felt most unprepared for included cybersecurity threats (48 percent), AI-driven misinformation (46 percent), geopolitical instability (45 percent), and financial market instability (42 percent), according to a press release from Crisis24. The survey was conducted between 3 February and 18 February 2026 by The Harris Poll on behalf of Crisis24.
Though the survey preceded the start of the military conflict between Iran and Israel and the United States, geopolitics was still a top concern for C-level executives.
Seventy-nine percent of respondents said that recent geopolitical events were forcing their company to reconsider its current crisis management strategy. Another 45 percent said they felt underprepared for geopolitical instability, and 26 percent said they had high or severe anxiety when it came to such instability. Of those who reported a high level of anxiety, 81 percent agreed that it directly impacted their strategic decision-making.
But it’s not just military conflicts that have given leaders pause in recent years. COVID, worker strikes, supply chain disruptions thanks to natural disasters and wars, and much more have shaken up norms and forced businesses to increasingly rely on resilience and the ability to adapt—and to do so quickly.
“A conflict halfway around the world can have a direct economic implication almost instantly,” Thasunda Brown Duckett, chief executive for investment firm T.I.A.A., told The New York Times.
In a November 2025 article for Security Management, Youssef Kchiere, CPP, stressed the need for geopolitical awareness in response to instability, citing it as an “essential tool” that can support an organization. “By emphasizing the interconnected nature of risk, geopolitical analysis applied to the risk domain holds the promise not only of breaking up established silos around different areas of expertise but also of building consensus around the perceptions of the risk, the integration of treatment measures, and the formulation of opportunities,” Kchiere said.
Businesses that are resilient to geopolitical instability can see beyond reactions and remediations to the opportunities in the disruptions. “Priorities no longer conflict when risk management—at different levels (strategic, operational, and tactical) and across multiple fronts (market, physical, operational, or cyber)— becomes part of a coherent plan addressing concerns at the root cause, not just the symptomatic manifestations,” Kchiere added. “In this model, opportunities are expressed not only in terms of process improvement but also in terms of driving down risk exposure in real ways.”
However, when an organization fails to see the warning signs or doesn’t react quickly enough, there is always a financial toll. These financial impacts include lost revenue, impacts on brand reputation, or even lawsuits. In 2023, organizations were facing record losses tied to class action lawsuits—more than $51 billion was awarded to plaintiffs in cases involving product liability, antitrust, securities fraud, consumer fraud, and privacy, Erik Antons, CPP, PSP, noted in an article for Security Management.
Today, the consequences of blind spots continue to haunt businesses, as Crisis24 found from responses to its survey. “Every respondent reported that their business had suffered a financial impact from a recent disruption, with more than a quarter (28 percent) putting the cost at $25 million or more from a single event. The median impact was $2 million,” according to Nick Hill, senior director of global intelligence and operations at Crisis24.
But there are certain steps that businesses and their leaders can take to reassess the readiness and efficacy of their crisis management programs. “A good starting point is to conduct an honest gap analysis by mapping current capabilities against realistic threat scenarios,” Hill said. “Leaders should also audit their intelligence-to-decision pathways. Sixty-seven percent of the leaders we surveyed said they have plenty of data but struggle to turn it into actionable insights. If your crisis management program can't help you anticipate what's coming and what it means for your specific operations, you're starting on the back foot.”
The most effective crisis preparedness plans will be tailored to an organization, however, there are some general characteristics that the best plans share, according to Hill. These include leaders reponsible for crisis management plans who are aware of where employees are, how to reach them, and relevant duty of care obligations. Effective crisis management programs also have access to intelligence that provides leaders with decision-grade information that is clearly digestible and prioritized, according to Hill. And these leaders “have pre-assigned decision authority so that nobody is trying to convene a committee to make every urgent decision in a fast-moving situation,” Hill said in comments emailed to Security Management. “The best-prepared organizations have already determined who makes the call for each category of threat, what authorities they hold, and what escalation looks like.”
Another shared element is regularly stress-testing crisis management plans that go beyond an annual run-through based on existing knowledge. “Genuinely challenging simulations with realistic injects, time pressure, and cross-functional participation are common at the best prepared organizations,” Hill said. “...Plans living solely on paper aren't enough.” Instead, good simulations will deal with answering important questions, like whether a team can reach its entire workforce within minutes, not hours. Organizations should also compare their performance to others—instead of assessing its performance in isolation, an audit from an independent specialist can help uncover gaps, Hill added.
For more Security Management articles on crisis management, resilience, and misinformation, check out the following:
- Focus on Geopolitical Resilience
- Focus on Deepfakes and Fraud
- Focus on Resilience and Anti-Fragility
- “GRC and Physical Security: Strengthening Strategic Resilience Through Integrated Risk Management”
- “How the Port of Antwerp-Bruges Built a Resilient Innovation Hub”
- "Most Organizations Fail to Incorporate Security in Operational Resilience Planning"
