Crisis? What crisis?

Risk managers should reassess their use of the word ‘crisis’ in their risk management plans, delegates heard at the StrategicRISK Risk Forum in Sydney, Australia.

Held at the Hilton Hotel last week, the event brought together more than 50 risk and insurance professionals to discuss and debate the latest developments in cyber security and crisis management.

One risk director of a global retail brand said his firm had chosen to drop the word ‘crisis’ altogether.

“We now call it the ‘emergency response team’ on the basis that the word ‘crisis’ conjures up an image that you’ve lost control,” he said.

But another risk manager believed the word could still be used, if done so carefully.

“Misuse and too frequent use of the word ‘crisis’ of the word can dilute its potency,” he said. “When someone says ‘crisis’ it gets people to sit up and be ready for a call to action that something’s going to happen. But if you use it too often you can be accused of being the ‘boy that cried wolf’ and its impact is lost.”

It comes back to defining exactly what a ‘crisis’ means to a firm, said Scentre chief risk officer Eamonn Cunningham.

“For us, this is a determination that’s always made by the crisis management team and, in particular, its chair. Our approach is to be very agile, to take all of the facts into consideration in deciding if an incident is an operational emergency that can be dealt with by local management, or a crisis, in which case there is a preprepared approach that will be invoked to deal with this,” he said.

“The type of factors that would lead one to consider that [an event] was a ‘crisis’ as opposed to an ‘operational emergency’, as we in the group define it, are that multiple sources are involved, major media interest, it’s an ongoing situation that isn’t crystallised, there’s loss of life, major damage, a clear impact on brand, for example,” he said.

“Absent of all of those factors we’d say that it is more likely to be an operational emergency that our local management is well prepared to deal with and our crisis management team will then watch the situation closely, if required, with the ability to step in at any time if need be.”

Cunningham added that defining the role of the crisis management team and interaction with the chief executive was crucial.

“Too often [in a crisis] people bring all of the most senior people and the CEO together and it’s almost like a senior executive or board meeting. But it has to be absolutely different; it is not business as usual and therefore different ground rules need to apply,” he said.

Preparedness is key

In the event’s opening presentation, Deloitte Australia crisis management leader Graeme Newton said many organisations were getting better at crisis ‘readiness’ and many were now running simulated events.

“We are seeing clients starting to play out how a crisis might affect their business, how would they respond and, in those first 20 days, how they’d get on the front foot,” he said.

Newton, who was head of the Queensland Reconstruction Authority before joining Deloitte, emphasised that preparedness was key.

“For example, we have a major health sector client who has already gone through the process of looking at major disruptions from data loss to a pandemic outbreak,” he said.

To avoid any long-term damage to their reputation, companies needed to plan for a crisis and implement a well-practised strategy as soon as one erupted, Newton advised.

Newton went on to examine the key ingredients of a successful crisis management plan and the importance of rapid response and recovery – shifting from a ‘reactive’ state to a ‘crisis-ready’ state.

Also discussed at the event was the benefits of improving business resilience through combining the disciplines of crisis management, emergency management, disaster recovery and business continuity – and in that order.

The StrategicRISK Sydney risk clinic was sponsored by AIG and Swiss Re Corporate Solutions.