Be prepared and plan for the worst. That’s the maxim for managing communications in a crisis, as indeed it is for all contingency planning. For its part, security communications planning is a strategy designed to help management make better decisions. Only preparation and practice can ensure that an incident is handled as well as possible under difficult circumstances. With too little preparation, suggests Patrick Rea, the business may be forced to guess solutions when under intense pressure.
In an era of 24-7 digital news and viral comment on social media, how you respond to a crisis will affect the organisation’s reputation and relationships with stakeholders. If an incident is serious enough to worry customers and impact on the share price, it warrants the resources necessary to explain what you will do to fix it. Crisis communications planning is what responsible companies do.
Your goal should be this: to be ready with a tried and tested contingency framework that you can put into effect immediately if any potential crisis threatens. On the day it happens, you and your team can then quickly evaluate the scale of the problem and take effective action as necessary, with your management team able to agree goals and messages, clearly understanding their responsibilities and lines of communication.
The starting point is to minimise the risk of a crisis in the first place. This requires listing and assessing relevant threats and testing for vulnerability, then evaluating how the organisation should respond in each case. This matters to ensure preparedness, but also if an incident occurs you want to be able to prove that you took all reasonable steps as a responsible organisation to avoid the risk or minimise the consequences.
In essence, you require a plan and a record of the steps taken and relevant checks and accreditations. Risks will fall under a range of headings including physical security, data security, fire and financial, for example. The it’s a case of asking questions and assessing the implications for each risk category such as:
*Has an incident like this happened before?
*What do we know about the current risk level?
*Have we taken proportionate precautions?
*Who would be impacted and how?
*Who would find out about an incident and how?
*Do we have a team and structure in place to respond?
The nature and scale of risks changes over time. The most significant threat for many organisations and security teams at present is from terrorism. Many organisations have still not made use of the free schemes available from the police service to assist with preparedness. Courses include Project Griffin and Project Argus and the Passport to Good Security for Senior Executives. They cover, for example, ‘prevent’ strategies and table-top exercises where participants work through a terrorist incident, developing an understanding of current threats, the best responses and ways of maintaining business continuity.
It’s not the plan that’s most important so much as the planning process itself. Crisis plans are not there just to specify the tactics necessary to help the organisation through the crisis, but also to provide a strategy to identify and avoid an incident in the first place and rehearse and prepare teams and delegate tasks.
If a crisis strikes, you need flexibility to deal with an evolving situation and the communications demands as they change. This means responding to new information that emerges, to reaction and rumour on social media and any coverage and comment in the press and by analysts.
“It is not the strongest of the species that survive, nor the most intelligent, but the one most responsive to change.” (Charles Darwin)
Organisations are increasingly expected to be open and accessible to all interested groups when a crisis strikes, which demands good preparation so that, if necessary, you can set up consumer helplines and press hotlines and provide information updates on your website, for example.
The first question will always be: ‘What do we know?’ swiftly followed by ‘What information do we have?@ The crisis plan must be designed to assist the gathering of information on a swift basis. Managers need to know operationally what constitutes an issue that demands escalation for Board or C-Suite attention. The communications team should be monitoring external issues that might impact. Your plan should set out details of the crisis team’s composition and clear lines of responsibility and contact with all stakeholders.
Depending on the scale of the crisis, the team leader will usually be the CEO, who may also be the principle spokesperson subject to the associated workload. A key position reporting to the CEO is that of the communications co-ordinator who’ll manage all information and organise the response and team activities.
Reporting to the co-ordinator, members of the PR and marketing team can each be delegated with specialist tasks (such as fielding press enquiries, dealing with internal communications, writing messages or managing social media) to ensure clear lines of responsibility.
During or soon after the incident, you should be ready to prepare and regularly update a formal statement containing succinct and factual information to clarify as much as possible what has happened and what’s being done about it and outline when any further information may be available.
Staff communications are critical in dealing with a crisis. Messaging needs to be clear, succinct and jargon-free. It must include guidance about security standards and procedures. Any detailed procedural documents should feature at-a-glance process maps, summaries and checklists with essential points such as the actions to be followed in the event of an incident.
Communication should be two-way: daily research is invaluable in understanding trade reaction and public sentiment and therefore avoiding the risk of either under or over-reacting to a crisis.
Market research systems enable organisations to collect data and view summary results and analysis online in real-time – not forgetting the free and invaluable Google Alerts service.
‘Action This Day’
Ascertain the facts: Identify the nature of the issue. Who’s impacted directly and indirectly by it. You cannot fix it without this data or report on progress. The scale of the problem should be quantified as the cost and logistical remedy will vary according to the scale of the incident. Monitor and keep track of the problem as it changes and evolves. Response should be proportionate
Take control: There needs to be clear lines of management responsibility and communication ‘from the shop floor to the Boardroom’. It’s essential that someone is – and what’s more is seen to be – in charge and has overall control such that decisions can be made and effected quickly. The two key figures are the CEO, the principal spokesperson, and the communications co-ordinator, a board level director, taking advice from relevant specialists – legal, technical and, of course, PR communications
Fix the problem: The honest response is to fix it if you possibly can – and as soon as you can. Many companies have failed to learn from the 1972 Watergate incident that if you try to simply cover up the problem it will only worsen. Then it’s even more costly and damaging to the company’s reputation
Communicate clearly: Clear lines of PR communication are essential, with a full understanding of who in your organisation – or on behalf of it – are the communications contacts dealing with Government, national and trade press, customer and other enquiries. You need different contact points for each country in which you operate. Ensure staff know they should refer all press enquiries to your co-ordinator or designate
Obtain legal advice: This is essential in relation to liability and other issues. The legal argument must be balanced with other considerations as well, such as the need for prompt communication and management action. The role of the lawyer is to advise on the legal case. They’re not supposed to manage the crisis or the messaging
Set out your communications goals: Whom do you need to inform and influence and how? What will ‘success’ look like in the real world? Plan what channels you can and should use to reach your target audiences both quickly and efficiently. You must, of course, monitor responses and replies daily, if not within the hour, according to the nature of the issue
Agree the message: Clear and unambiguous messages must be consistent for all stakeholders – customers, staff, shareholders and others. People first need the reassurance over any issues of safety and how they might be affected. They also want to know to whom they can go to for dealing with a specific problem. Twitter can be useful for this. Explain how the problem is being resolved and the timeline
‘Action This Day’: That’s what Sir Winston Churchill stamped in red on documents when managing a real crisis, namely World War II. Customers and the trade respect a prompt and proactive approach, but it has to be properly thought through. It should not be an approach that might have to be reversed at a later juncture
Regain trust: Trust is the essential precursor to any commercial relationship. This requires that clients are reassured and know they will receive the service and response they expect. A ‘cultural’ change may be required to ensure the incident isn’t repeated, perhaps with additional training and new processes to support any change
Institutionalise risk aversion: Organisations need an internal audit team that identifies areas of physical, financial and reputational risk and checks the key processes and compliance issues for the business. That team should function independently from the mainstream operation and report at Board level
Seek expert help: You many need independent crisis communications assistance for your planning and also for Board-level counsel if an incident occurs. Both communications and marketing expertise is needed to address the PR and wider commercial implications
Patrick Rea FCIM is CEO of Rea Marketing and a Member of ASIS International’s UK Chapter