It is every CEO’s nightmare; a situation is developing which has the potential to quickly spiral out of control undermining stakeholder confidence, financial stability and ultimately the reputation of the business. Yet the difference between those that successfully navigate their way through these challenging times, and those that fail, often comes down to recognising the risk and putting in place the necessary controls before the issue arises.
Whilst many businesses will have an Incident Management Plan, these are often left dormant until a problem arises. Building reputation resilience into any brand however requires an ongoing assessment that helps to identify the current and emerging risks facing the business so that it is better prepared to mitigate the threats in defending reputation.
Horizon scanning is a tool that enables businesses to identify and prioritise risk on an ongoing basis. In preparing the necessary response, horizon scanning also empowers businesses to proactively address any weaknesses.
The formation of any Incident Management Plan should also involve individuals from varying backgrounds and different skill sets from across the business. In making sure that all relevant concerns have been recognised, businesses will be better positioned to ensure that procedures are sufficiently embedded.
The error many businesses make when pulling together a plan is to try and cover every possible eventuality, resulting in an impressive, but ultimately impractical plan. The more concise and relevant you can make it the easier it will be to understand and utilise at the appropriate time. Ultimately, you may have the right message, but this will be lost if it isn’t delivered in an expedient manner.
Finally, businesses need to continuously practice. As good as a plan may be, circumstances will change, threats will dissipate and risk of exposure will increase. The only way to know whether the plan works in the heat of a crisis is to stress test it regularly.
Based on experience, crisis planning can play a key role in the event of data loss. Recently a prominent UK discussion forum was the subject of a breach in which hackers claimed to have stolen member passwords and personal messages. In another example, the CEO of a leading US retailer was forced to resign, primarily due to a breach last year that compromised the data of 110m customers, comprised of 40 million credit card numbers and 70 million addresses, phone numbers and other pieces of private information. As a direct consequence, the retailer’s reputation took a hit as sales decreased in the final quarter of 2013.
As these examples demonstrate, the risks facing businesses that handle sensitive personal data are significant. Yet current Incident Management Plans, many of which may be gathering dust in a filing cabinet, do not help to build the necessary reputation resilience that is required when it comes to defending reputation in a crisis. Businesses are rarely short at policy and procedure but whn has process ever solved a people problem? Horizon scanning, stress testing and employee engagement must form part of any Incident Management Plan, but at the end of the day it is people not plans that mean you can respond efficiently and effectively.