The word ‘crisis’ may automatically bring with it a certain sense of dread, but with the right amount of planning for the unexpected, companies can face down crisis situations (even if only through a role play) and come out the other side unscathed.

After all, a crisis by its definition is a situation where you face a critical turning point – and with some foresight and preparation you can make your way back to safer ground whatever the situation, and find yourself stronger for it.

A crisis will only become a disaster if you’ve failed to plan for the unpredictable. For example, an outbreak of sickness across your staff will always be a bit of a crisis but will only be a disaster if you haven’t got contingency plans in place to cover their work and avoid a loss of business continuity.

Be prepared

Deloitte’s analysis of its 2018 global crisis management survey responses found that:

• Experiencing a crisis teaches organisations to avoid them.
• Leaders need more development for crisis management.
• Confidence outstrips preparedness.
• Being at the ready significantly reduces the negative impact of a crisis.
• Third parties are part of the problem—and the solution.

It seems that undergoing some kind of crisis will inspire businesses to subsequently give more priority to ensuring they don’t have another one, and post crisis analysis may also offer companies an important lesson in whether they were as prepared as they thought.

Leaders have to be confident in their crisis management skills in order to successfully lead their organisation through a crisis with timely and effective decision-making – which will be made easier if they’ve been involved in drawing up the crisis management plans.

And finally, crisis planning should involve your partners and other stakeholders – whether that’s staff, customers or suppliers.

What you can do

From the smallest of start-ups to the biggest of multinationals, companies can and should be aware of the risks their company faces and the ways they will address any that come to pass. Only then will they be able to deliver effective organization and crisis planning.

An article in the Law Gazette suggests some top tips for law firms (most of which are also applicable to all companies, large or small), which include identifying five to 10 events that would create the most damaging internal or external crisis, preparing a cyber security crisis management plan for dealing with each including deciding how the firm will respond and who will be the key decision-makers and spokespeople, practising crisis management techniques through role-playing, and accessing cyber security training.

If we follow this guidance, firstly you should look at all the elements that your company relies on to make it work – for example your staff, premises, infrastructure and data. Then consider what you would do if something happened to put any of these out of action.

Don’t fall into the trap of thinking “it’ll never happen”, because each of the above areas could be taken out of service by any number of events, and risks can come in various guises – for example staff may commit fraud or simply go off sick; a natural disaster may leave your building damaged in a storm or the owner may sell it from under you; your phone lines could be affected by a nearby fire cutting off power or the phone company could cut you off (perhaps due to a systems error); your data could be hacked, lost or corrupted despite your cyber security. Some businesses also face additional risks of safety or product failures and recalls. And your reputation could be damaged by any of the above.

There are many companies out there offering advice and guidance on how you can address practical challenges such as these – for example One Voice has downloadable guidance on creating contingency plans – and some even offer services to develop plans for you.

The ISO 31000:2018 guidance claims to keep risk management simple and may help you identify the risks your company faces, improve your planning and make better decisions.

You can also get useful advice from the National Cyber Security Centre on protecting your data and you can report cyber crime – as it’s happening – through Action Fraud.

Whichever part of your crisis planning you’re working on, it will rely on good communication between senior management, staff and other parties involved.

Without communications, planning means nothing

Being prepared is critical for a rapid response and everyone needs to know what processes need to be put in place in the event of a crisis occurring; If you don’t have a dedicated communication team it’s essential to decide in advance who will communicate what and to whom to ensure a consistent and coherent response.

You will also need plans for communicating with your customers and ensuring enough capacity to do this. Bear in mind that a customer service team geared up for dealing with a regular number of contacts won’t necessarily be able to handle a spike in calls once a crisis hits – and that in itself can exacerbate the situation. If you run a small company or a start-up that relies on just a couple of people, consider how you will keep your phones clear for operational issues if you’re being inundated with customer or media calls.

Remember that while you may plan ahead for a straightforward loss of communications systems as a crisis in itself, your communications may also get hit by a crisis in another area. For example, if you can’t access your premises for some reason, can your staff still answer the phones or customer emails? Or if your customer service team can’t get to work because of severe weather conditions that are also affecting your deliveries, who will answer the customer calls when they try to find out where their purchases are?

If you don’t have a back-up plan you could be in real difficulty managing potential crises with no communications.

Building resiliency into your communications

No matter how well you plan your lines of responsibility, if team members can’t talk to each other you won’t get very far. While mobiles may be the answer for staff-to-staff conversations (make sure you have copies of the relevant numbers that can be accessed remotely), if you have customers phoning and emailing in, you need to make sure your usual external communication channels are covered as quickly as possible.

A good solution could be to have an agreement in place with a call answering service which will automatically pick up calls and emails if your system goes offline, either providing support to your team or taking over the function completely. If you’ve done your crisis planning well, you will already have scripts agreed that can be used in such circumstances.

The level of reputational damage caused by a crisis will be decided in many ways by how you’re seen to handle the problem and how well you support your customers through the storm until normal service is resumed. Most companies rely on having a reputation for good customer service, so maintaining that service and avoiding a PR crisis should be a key part of all your planning – radio silence and the lack of an effective real time news cycle will only result in complaints on social media and so on if customers are unable to find out what’s happening.

International consultancy PwC says that organisations who have pre-agreed what they want to be known for during a crisis, do better following a crisis. So make sure you’re known for customer service during a worst case scenario and it will stand you in good stead for a successful crisis recovery.