Dealing with one crisis at a time is no longer effective as the onslaught of unprecedented events becomes the norm for businesses, writes Colette Devey
A fire at a substation causes a catastrophic power outage. A cyberattack paralyses the operations of an organisation. A major storm deprives a business of power, water and telecommunications. The imposition of tariffs by major trading partners requires supply chain reshaping.
These are all examples of real-world crises that have affected corporations in the recent past. While they may take many forms, together they form an urgent call to action that goes well beyond the normal course of business.
The age of permacrisis
Organisations today have shifted from managing multiple interconnected crises to operating in a constant state of crisis. We have entered the era of the permacrisis, an ongoing period of instability resulting from a series of catastrophic events.
Business leaders can no longer rely on traditional one-off business continuity practices to manage this new reality. They have been forced into a state of constant firefighting, often supported by outdated plans and response mechanisms.
Those that are managing best have shifting their approach to focus on resilience, with stronger capabilities and less organisational stress.
When a crisis hits, the typical approach has been to apply a ‘playbook’ based on how previous business disruptions have been handled. There is no such thing as a standard or textbook crisis, however. Each event, and its consequences, tend to be unique in their own way.
Instead of preparing organisations for all potential scenarios, this limited approach forces organisations to improvise when each new crisis hits, expending scarce resources in the process.
Worse still, it can lead to flawed decision-making and missteps as the people involved are operating in unknown territory.
More frequent unexpected events
A different approach is required in the face of increasingly frequent crisis events—one that can help to build organisational resilience.
Catastrophic and once-rare events occur with greater frequency these days, including cyber breaches, IT outages such as CrowdStrike, and weather events such as Storm Éowyn and Storm Darragh. Each brings with it the potential to compromise an organisation’s ability to do business.
The question for organisations now is how best to prepare for the increased frequency of such events and situations never encountered before.
The nature of their response to unanticipated events is crucially important. In recent years, many organisations have found that just thinking about business continuity is probably too narrow an approach.
It is more important to consider what is critical and core to the organisation.
If yours is a services business, ask yourself: what are the most critical services we provide, whether that be to a patient, citizen or consumer?
If you sell products, identify your core products and the operational processes critical to their production and distribution.
This approach will help you identify and prioritise the aspects of the crisis requiring an immediate response, and determine the order of recovery that will enable the business to resume operations as quickly as possible.
A successful resilience programme encompasses the process and plan of action that empowers an organisation to manage any crisis, no matter how improbable or unexpected.
Five-step approach to crisis and risk management
To effectively prepare for, and respond to, crises, organisations should follow these five steps:
Anticipate – Plan ahead and consider the risks and threats that may arise in the future. Think about what might go wrong in the organisation and the impact this would have.
Prepare – Establish a business resilience policy and framework encompassing crisis management, communications, business continuity and disaster recovery.
Respond – It is critically important that everyone in an organisation understands their assigned role in a crisis response, and how to perform it.
Learn – Organisations should examine what has gone wrong during a crisis response, and what should be done differently in the future. Equally important is the need to examine what went right. This will help you identify the strengths you can build on in future crisis responses.
Improve – Drawing on these lessons, leaders should seize the opportunity to reshape their business in preparation for the next crisis.
The increasing frequency of previously improbable and unprecedented events, requires a new approach to crisis response. What worked in the past will not necessarily be effective today or in the future.
Organisations must focus on resilience and implement processes and action plans that will shield them for the full impact of unexpected events, and protect core operations.
Colette Devey is Risk Consulting Partner at EY Ireland