The past year has cemented crises as an unavoidable part of the modern business, political and regulatory landscape. The Grenfell Tower tragedy led to national outrage at public and private sector failures, while natural disasters rocked North and Central America with Hurricane Irma and earthquakes in Mexico. Cyber-attacks continue to disrupt organisations and internal scandals pulled global businesses into the limelight for all the wrong reasons.
It is inevitable that 2018 will continue to see organisations hit by crises, so what can we learn from the past and what might this year hold? We’ve outlined our top lessons from 2017 and have predicted areas to look out for over the year ahead.
Lessons learned from 2017
It is becoming increasingly challenging to predict which stories will consume the news agenda. 2017 saw major business disruptions caused by crises receive varying levels of media attention with no particular rhyme or reason, while seemingly minor customer incidents dominated headlines. Social media’s role in this selective amplification cannot be ignored – with organisations finding it increasingly hard to contain a crisis once it’s reached the online public domain.
1. Understand the unpredictability and reach of social media
2. Develop a social media strategy to manage unwanted attention
Employees can be an organisation’s greatest strength, but can also be the greatest risk. Disgruntled, careless or uninformed employees can cause physical security incidents, data breaches and damage to an organisation’s reputation. Increased levels of terrorism and cyber incidents show these risks need to be understood by employees now more than ever.
1. Keep employees well-informed and promote a culture that encourages notification of incidents
2. Have clear guidelines in key areas and learn how to hold people to account
No organisation is immune to a cyber-attack – as incidents such as WannaCry and NotPetya showed – and all organisations have a responsibility to do everything they can to continually review and enhance their approach to cyber security. Just as importantly, it is essential to have a robust process in place to ensure an appropriate response for such an event.
1. Improve the technical resilience of technology systems and complete regular back-ups
2. Have a clear response protocol ready in advance
3. Prepare for the worst to support an effective recovery – no organisation can ever be fully protected from a cyber-attack
Predictions for 2018
Cyber incidents have plagued businesses over the last few years. In 2018 critical infrastructure is likely to be the target of cyber-attacks which could have a significant impact. As a result, there should be an increased focus on planning for critical infrastructure failures or malicious attacks, particularly for the power network, water, food distribution, telecoms and payment systems.
The introduction of the General Data Protection Regulation in May 2018 will bring hidden crises into the public domain as organisations will be forced to report cyber incidents. Failing to be transparent could have significant impacts on an organisation’s reputation, as seen in 2017.
1. Think more carefully about cyber and the connections with critical infrastructure in your business
2. Get ready for GDPR et al.
With Brexit talks underway, US mid-terms scheduled for November and a general polarisation in global politics, crises will become even more politicised in 2018. Players will use organisations’ crises to push agendas, blame opponents and provoke frustration at corporate malpractice or governmental failure. Political instability will continue to impact financial markets and international trade, putting pressure on global economies.
1. Remain aware of the changing political landscape and the potential consequences for your organisation
2. Consider an influencing strategy to protect your interests and align your stakeholders
Crises caused by internal events have been common in 2017, largely due to some form of failure in operational discipline, and this is likely to continue this year. Every organisation must be prepared to respond to past or current allegations publically, with what used to be just personnel issues now regularly in the media glare. Allegations like workplace harassment will continue to foster public distrust of businesses and the elite and form a key item on the media agenda.
1. Promote an ethical culture in your organisation to build employee and public trust
2. Prepare a strategy to handle historical allegations of internal misconduct
The inevitability of crises is a fact organisations must face in 2018. It is impossible to prevent every scenario, but steps can be taken now – from developing response plans to promoting a positive culture – to help your organisation become more resilient over the coming year.
David Viles, Crisis and Resilience Lead Partner
David Viles began his career at Arthur Andersen in London. After the demise of Andersen, David joined Deloitte and was a senior partner in Deloitte’s risk practice, and the firm’s own Chief Risk Officer, before joining BP. At BP David was involved at the heart of figuring out what happened and implementing solutions following the world’s most scrutinised corporate crisis - the Gulf of Mexico oil spill.
His analysis and insights into the underlying causes of issues and crises have created a different perspective for his clients; to focus on prevention and not just preparing for when a crisis might occur– by avoiding the incidents, and managing the issues, that can destroy value and reputation.