This article was originally published in 2015 and has been completely updated in 2020.
Most organizational crises are predictable and preventable. About two thirds of crises have been smoldering for some time – their causes are apparent, but no action has been taken to prevent them or reduce their impact. Only about half of organizations around the world have a crisis plan in place. Yet only about 30-50% of organizations hit by a crisis manage to survive.
A survey by Burson-Marsteller/Penn Schoen Berland in 2011 attributed the causes of crises largely to indifference and cost. However, analysis by international issue and crisis expert Tony Jaques found the real causes were more likely to relate directly to poor management:
Jaques’ conclusions were supported by analysis by the Institute of Crisis Management, which over many years has found the most common cause of corporate crises to be internal mismanagement/incompetence, or other reasons that amount to the same thing:
You can conduct a vulnerability analysis for your organization to better protect it against a crisis occurring. The number of crises has not necessarily increased in recent years, but the internet and social media have certainly made the business environment more volatile and therefore organizations more vulnerable.
I have been doing a crisis preparation exercise recently for my organization. We are identifying the possible types of crises we could encounter and working through the steps to predict and prevent them from occurring.
You can start the crisis vulnerability analysis by defining a crisis, so you know how a crisis is different, for example, from a pseudo-crisis caused by sensationalized discussion in social media.
A crisis is any issue, problem or disruption triggering negative stakeholder reactions that can threaten the organization’s viability.
Notice that a crisis is about communicating with stakeholders, and is not an operational emergency, which is internally focused.
For instance, a list could be divided into groups of causes, such as:
Crisis simulation in preparation for a national census
Step 1. Start by conducting a brainstorm with relevant staff to identify the types of crises that could happen to your organization. This may produce a proliferation of scenarios, which can be intimidating and difficult to analyze to identify patterns. However, you can bring order to the list by putting the crises into types or categories.
Step 2. Meet with the key management across the organization. The reason for doing this separately from Step 1 is that staff at lower levels may be very reluctant to suggest in the presence of senior decision makers any potential crises directly caused by those people’s mismanagement.
Depending on the size of your organization, these managers could include: C-Suite (President/CEO, CFO, COO, CIO), general counsel, corporate communication, senior divisional and regional managers, safety and risk management, human resources and investor relations, etc. Ask them these two key questions:
Their feedback should complement the potential crises suggested in Step 1. Combine the two sets of feedback and so you can prepare a matrix to assess the most probable types of crises and their likely impact.
Step 3. Matrix
Crisis vulnerability matrix
Create a matrix to rank common crises in terms of probability of occurrence and impact if they hit (see top matrix above as a broad guide). Use the above list of common types of crises as a guide.
The top version of the matrix shows the four broad scenarios. In the second version of the matrix, underneath, these scenarios can be analyzed by allocating a points score out of 10 for the probability of occurrence (shown on the vertical axis) and also for the extent of impact (shown on the horizontal axis).
Then multiply those two scores out of 10 to derive a total score for each scenario. For instance, if an earthquake is extremely unlikely to happen, you would allocate a score of, say, 1 for the vertical axis. But the impact could be catastrophic because your factory uses sensitive equipment, so you might allocate a score of 10/10 for impact. Multiply 1 by 10 to reach a score of 10 for that scenario.
Do the same for all the other main types of risks. Compare the scores for those main types of risks against the earthquake risk. A higher total points score means you give a higher priority to those types of risks in your crisis management strategy. You can plot the position of each type of risk and show in the bottom matrix for quick comparison.
Step 4. Meet again with the management from Step 2. In your meetings, discuss the most common types of risks raised overall and ask for their comments. Then ask questions such as:
It is vital to get honest and open feedback from the organizational leaders you meet with about potential crises. Often, an external consultant is best to conduct the vulnerability assessment and impact analysis because managers are more likely to share their true concerns with a consultant than they are with a colleague from within the organization.
Step 5. Use the vulnerability analysis to brief senior management and make recommendations for developing operational crisis management and crisis communication plans, including crisis recovery plans. The briefing may include a summary of each potential crisis, the estimated impact, alternative strategies to deal with them, and recommendations to prevent or minimize the damage to the organization.
Hard experience shows it is much easier and cheaper to prepare for and prevent crises than it is to recover and apologize after they happen. By carefully reviewing the probability of certain kinds of crises and preparing for them to happen in some form at some stage, senior management can protect the organization from serious operational damage or even closure.
The problem is that crises seldom occur to the individual organization, and in my experience, senior managers don’t want to seriously think about such matters due to the cost of preparing against their occurrence and the executive time to do this effectively. Discussion on this in further articles.
Many people hate the idea of playing office/organizational politics. But staying out of such activities may hold back your career
The public relations field has changed remarkably in the past decade. Hiring practices have also changed as a result -
Many students think public relations is only about publicity and parties - glitz and glamor in media relations and event