Not a week goes by that the news isn’t filled with stories of crises happening all over the world, affecting companies big and small, from start-ups to established veterans, in emerging markets and developed ones. Today’s crises are triggered by events both inside and outside of a company’s control: political interference, instability and unrest; terrorism; physical and cyber security breaches; workplace violence; insider malfeasance; IP theft; fraud; regulatory compliance failures; product recalls; natural disasters; and supply chain disruptions.
While the existence of crises is not a new phenomenon, a number of factors are combining to increase the frequency, complexity and types of crises companies face. These issues challenge organizations’ ability to remain resilient in the face of uncertainty and while under scrutiny from stakeholders near and far. And with change to the very DNA of crises comes the need to change how organizations ensure they stand ready, respond effectively and recover stronger. The good news is that companies do not need to start with a blank slate or reinvent the wheel. Rather, success can be found through embracing an approach that melds traditional crisis management orthodoxy with modern-day techniques and technologies to focus on reducing the likelihood of crises occurring, maintaining organizational readiness, minimizing the impact when crises do occur and embracing continuous adaptation and improvement. The competitive advantage gained from such a process is immense.
So why are crises changing? Some will point to an increase in traditional crisis triggers, such as extreme weather events and natural disasters, which appear to be on the rise due to factors like climate change, or the persistence of greed and corporate malfeasance on both Main Street and Wall Street, or changing market conditions and increased expansion into unstable developing markets.
Others will focus on the realities of the world we live in today, including the politicization and weaponization of regulation and compliance regimes across the world, the undoing of established geopolitical orders with uncertain political transitions, or the wholesale migration to an interconnected digital economy and the resulting spread of globally connected and highly capable threat actors.
Apart from all that, there is also the increase in organized criminality and the increasingly dangerous emergence of new types of terrorists and violent criminals (the self-radicalized individual, anonymous actors and motive-less active shooters all come to mind) both at home and abroad. This development is resulting in risks that were previously considered limited to emerging markets and are now increasingly appearing in the developed world, too. Heightened mobility of goods, capital, people and information as well as concentration of economic activity and population density are key drivers. When coupled with the centralization of critical systems the breadth of impact of disruptive events and natural disasters is amplified. It is through these interconnected pathways that risk accumulates, propagates and culminates in a much greater scale of effects. What would have previously been an isolated risk can now have an impact across geographical areas and national borders.
Further complicating the realities of today’s business environment are the speed of social media and its ability to turn any private problem into a very public crisis, as well as far-reaching regulatory bodies with the ability to enforce and penalize in ways we could not have imagined even 20 years ago. Think about it: Do you think the United Airlines passenger removal incident would have ever risen to the level of a crisis 20 years ago when cell phones and social media were in their infancy? Probably not – instead it likely would have been a story on page 4 or 5 of a local paper and would not have resulted in the financial and reputational damage United Airlines is still dealing with today. So why are crises changing? Is it the increase in traditional crises triggers or the new reality of the modern world we live in? The answer probably lies somewhere in between, on top of, underneath, and all throughout all of the above. This speaks to the complex nature of crises and highlights a simple truth: Crises have always existed, and always will, but the shape, speed and sources of crises have become more complex than ever.
Ultimately, the impacts of these crises are far from inconsequential. They significantly challenge companies’ ability to meet both their strategic goals and the rising expectation of shareholders, customers and stakeholders that they will live their core values: ensuring employee and customer well-being, sustaining and growing profitability and shareholder value, providing superior customer service, innovating products and services, and creating and maintaining a favourable brand and reputation. As any company that has been through a crisis can tell you, the fallout is real. It can include stock price drops, decreases in market share, intense and unwanted media coverage, attention from activists, brand value index hits, tarnished reputations, opportunistic competitors, and customer trust issues that could take years to repair, if they are even repairable at all.
Thanks to today’s incredibly complex risk ecosystem, companies and other organizations cannot afford to be caught flat-footed during crisis events. They must take proactive steps and be prepared to act with speed and efficiency. The real question then becomes: how does a company do that? Based on Control Risks’ experience, companies must adhere to four core principles: Reduce the likelihood of reasonably foreseeable disruptions Reduce the impact of crises and critical business issues through appropriate response mechanisms Respond with laser focus on comprehensive business recovery Embrace continuous adaptation and improvement Within each of these principles, companies must also recognize that effective readiness, response and recovery require a combination of long-standing crisis management orthodoxy – the best-practice guidance that Control Risks has been providing its clients with for 43 years – and innovations to keep pace with today’s (and tomorrow’s) threat environment, modes of operation and stakeholder expectation.