From cybersecurity breaches to natural disasters and worldwide pandemics, the impact of a crisis can be unpredictable. Andrew Carrick, VP Customer Success – Asia Pacific, Diligent, offers tips for board members, management teams and governance professionals on developing decisive yet flexible response plans that can accommodate a wide variety of scenarios.

When crisis response plans are triggered, cascading actions are set into motion across the business. Executives must trust the plans they put in place. Board members, management teams and governance professionals must stand ready to support business continuity. In the end, the impact of a crisis is rarely determined by the crisis itself, but rather the quality of the organisation’s response.

Technology is a critical enabler during times of uncertainty. Crisis response teams must have secure channels of communication. Data must be accessible. Sensitive documents must remain protected. Virtual meeting technology must keep teams connected. In the simplest terms, company leaders must have the right information at their fingertips to make the right decisions. This article explores two primary components of crisis response – preparedness and agility – and the technology structures that support them.

Crisis response tips for management teams and governance professionals

Communicate early, often and with transparency. Even if you don’t have all the answers, the importance of communication is elevated during crisis times. Consider each stakeholder group (for example employees, shareholders, investors, suppliers, regulators and government) over both short- and long-term horizons. How are their fears and uncertainties shifting and how must your message evolve in the weeks ahead? Connect and engage often with purpose and humility.

Be decisive, yet flexible. Identify the areas that need attention and allocate resources accordingly, but have plans for pivoting quickly, as needed. The crisis response team should include diverse members who gather the insights required for better decision-making.

A CEO cannot lead alone during times of crisis. Organisations should be prepared to empower leaders across the company to step up and support the executive team with consistent actions and messages. Open lines of communication are critical to ensure alignment.

Crisis response tips for board members

Activate your experience. Boards possess unique sets of experiences and ‘lessons learned’ that they can draw on in times of crisis. Directors should stand ready to galvanise their network of contacts and resources in response to the needs of management.

Be available. Make it clear that the board is ‘on call’ – ready and willing to engage. Support management in carrying out the crisis plan. Think twice about probing into areas that don’t support the task at hand – ask whether the issue warrants distracting executives from addressing crisis priorities, or whether those issues could wait for another day.

Stay focused on the long-term. As management attends to day-to-day crisis response, how can board members ensure a stronger organisation emerges on the other side? From supply chains to employee relations, organisations can’t miss the opportunity to become more flexible, sustainable and resilient.

Responding to a crisis

Organisations don’t always have the luxury of advanced preparation. Even when they can draw on existing crisis plans, boards and management teams must remain nimble, focused, connected – and uncompromising on safety and security. Here’s what that workflow could look like.

1. Contact response teams using secured channels

• Notify the board and any relevant internal stakeholders and external stakeholders (such as PR agencies and law firms).
• Establish or activate secure communication channel(s) for the crisis response team. Limit these channels to important, crisis-related updates only.
• Brief the crisis response team. Share all relevant information, current details and documents via secure channels.

2. Establish processes for meetings and information flow

• Establish intelligence sources to inform ongoing crisis response (such as news coverage, public sentiment and crisis developments).
• Determine the format and cadence for providing updates to key stakeholders (for example daily stand-ups, dashboards and regular CEO updates to the board).
• Determine how information and important updates will flow through the organisation.
• Continue to maintain secure channels for all communication and document sharing.

3. Communicate with all stakeholders

• Ensure communication is tailored to each stakeholder group (such as employees, customers, shareholders, regulators and communities).
• Be aware of laws and regulations related to notification timelines (for example cyber breach regulations).
• Monitor stakeholder responses and ongoing developments.

Preparing for a crisis

Crisis response planning is a crucial exercise by the board, management teams and governance professionals. Organisations must anticipate a range of crisis scenarios that could negatively impact the business, and they must establish the company’s response strategy spanning stakeholder communication, operational contingencies, and board involvement. Here’s what that process could look like.

1. Anticipate crises and develop response plans

• Anticipate potential crises and rank them by business impact. Identify those that would require a similar company response.
• Outline a few core response plans that could be adapted for different scenarios. Consider response triggers, communication strategies and key players (both internal and external).
• Establish a central location, which must be secure and accessible remotely by board members and management, for these crisis plans to live.

2. Build a rapid response infrastructure

• Establish a communication infrastructure for crisis situations (that is, channels for secure messaging and document sharing).
• Don’t overlook the importance of data integrity and security in crisis times. Ensure important subsidiary and regulatory information is up to date and accessible. Remember that cyber risk tends to increase in times of crisis.
• Conduct authentic run-throughs of your crisis plans to patch gaps and ensure the readiness of all parties involved.

3. Monitor systems for red flags

Develop a system for crisis monitoring that maps back to each crisis scenario.

Establish various intelligence sources and define what constitutes red flags or triggers for your response plans.

Extend these reports or tools to appropriate members of the board, management teams and the crisis response team.

Andrew Carrick, VP Customer Success – Asia Pacific

Diligent