A new survey by Deloitte finds that, while a big majority of companies have response plans, they may be overconfident in their ability to handle a crisis due to lack of training or shortcomings revealed through actually confronting a tough situation.

Deloitte queried 523 senior crisis-management, business-continuity, and risk executives at organizations with at least $5 billion in revenue for U.S. companies and $1 billion for all other countries.

Despite having crisis plans in place (84 percent said they did), the respondents named as challenges to effective crisis response, in descending order: effectiveness of leadership and decision-making, effectiveness of teamwork, familiarity with crisis structure and process, and clarity of roles and responsibilities. Another is information sharing and management (which is one reason you subscribe to CrisisResponsePro).

Those are all issues that should be addressed in training.

Back in 2016 we commented on the survey Deloitte did then, which queried board members about crisis preparedness and found a pronounced lack thereof. Similar to the current study, it found that the board members boasted of confidence in their companies’ ability to withstand a crisis, but only half had “playbooks for likely crisis scenarios” and only half monitored to detect trouble.

For the current survey, the Big Four accounting firm broke down the confidence/training divide by crisis scenario. For example, while 88 percent of respondents expressed confidence in their companies’ ability to handle a corporate scandal, only 17 percent conducted an exercise of that scenario. On the other hand, system failures had both the highest confidence response (90 percent) and a high training response (50 percent).

The three scenarios that got the most training attention were cyber attacks (53 percent), industrial accidents (37 percent), and natural disasters (33 percent). As Deloitte points out, that cyber attacks lead the pack is not surprising because IT professionals are used to training in this area.

Lessons Learned

Another interesting finding is that experiencing a crisis teaches companies to take them more seriously (including detecting them). The lessons the respondents said they learned should be lessons for everyone thinking about crisis preparedness.

The top three answers to what lessons were learned were to:

• “improve detection and early warning systems” (33 percent),
• “invest more effort in prevention” (27 percent), and
• “do more to better identify potential crisis scenarios” (26 percent).

Other important lessons learned:

• “better define the chain of command for specific scenarios,”
• “execute a more timely and robust communications plan,”
• “conduct better precrisis planning with emergency response teams,” and
• “monitor social media as a means of detection.”

All of those lessons underscore the importance of the front end of crisis communications — predicting and planning for the troubles that may visit your organization.

The Deloitte report emphasizes the need to look at the risks a company faces — however hard it may be to be honest about that. Deloitte points out that, for companies that are on top of things, crisis management “is anchored in a sensing capability that continually assesses internal and external data for signals of change or conflict in the company’s environment.”

That’s something all companies must address — and get better at.

Image Credit: Fotoscool/Shutterstock

This is an abridged version of an article that appeared today on the CrisisResponsePro paid subscription portal. (CrisisResponsePro subscribers can access the full version by clicking here. ID and password are required.) To take advantage of all of the content, data, and collaborative resources CrisisResponsePro has to offer, contact us at info@crisisresponsepro.com.