I had the opportunity yesterday to address about 50 risk managers representing some of America’s largest, best-known mutual funds. The subject of their two-day conference was mitigating the risks of identity theft, a huge and growing problem for an industry that is growing by leaps and bounds (fully 50 percent of Americans now invest part of their savings in mutual funds).
I was on hand to discuss the crisis communications ramifications of identity theft. The executives were anxious to know how they should respond to, and properly communicate, the next breech, what the media’s motivations are in covering such a crisis and whether there were any "best practices" I could share from other corporate crisis case studies.
Before touching on any of those issues, however, I started my talk by asking two simple questions: "How many organizations represented in the room had a formal crisis plan in place?" Most did. And, "Of those who had a plan, how many had taken the time to simulate an actual crisis to test their processes?" Most hadn’t.
My call to action yesterday was the same one I’ve been sending for years: test your crisis response plan. The last thing in the world an organization wants or needs is to "test" its plan in the harsh klieg lights of live television crews on hand to report on the breaking crisis. Just ask that poor mining company CEO who incorrectly stated that all 12 miners were alive and well when in fact, 11 of 12 had already perished.
Crisis simulation is not a big time commitment. It can be done in as little as three hours. And, its potential benefits are huge. Executives will know exactly what’s expected of them if and when the unforeseen and unexpected occur. They’ll know how to "divide and conquer" in order to make sure every key constituent audience is communicated with during a crisis. They’ll know what to say, to whom, and when. They’ll even be able to measure and evaluate their performance in the immediate aftermath of a crisis.
In today’s world, where a corporate reputation can be destroyed in a nanosecond, it boggles the mind to think that most organizations still don’t invest the time to test their crisis response plans. I had hoped the pre-9/11 mindset of "….it won’t happen to me" had disappeared along with the twin towers. Sadly, and alarmingly, it remains alive and well in Corporate America.