For some organisations, crisis management is something they practise only when a crisis occurs. They reach the end of a year, hopefully incident free, and pat themselves on the back for time and money saved. But any organisation that has successfully navigated its way through a crisis will be the first to tell you that effective management starts long before any potential event is on the horizon.
Take Marriott. It’s currently dealing with the fallout from announcing that its guest reservation system had been accessed since 2014 by hackers. As a result, up to 500 million customers’ financial and personal data could have been compromised. Following the announcement, its share price dropped 7% overnight. No doubt there will be more financial pain to come with remediation costs and regulatory fines.
However, its response bears all the hallmarks of an organisation that was prepared for an incident of this kind – although perhaps not of its magnitude. It has a robust and well-thought through website to give guidance to those impacted and other practical support including call centres and access to a free data monitoring service.
Whilst dealing with a crisis will always involve extraordinary demands – in terms of both time and money - planning ahead can significantly help to reduce this strain.
Scenario planning is a great way for organisations to work through the challenges that these unique situations present. Executed well it can help identify trigger points for escalating an issue. It can provide answers to those ‘what if’ questions before they become a reality. It can encourage the identification of critical gaps in current responses and plug them. It can get all those nebulous fears on the table and find real and tangible solutions. Most importantly it can stop an organisation looking like a rabbit caught in the headlights should the worst happen and allow it to put in place the processes and solutions it has invested in honing.
No-one wants to be in Marriott’s shoes but the reality, for most organisations, is the risk of a data breach is only a click away and crossing your fingers and hoping it never happens is a fool’s paradise.