In a recent study conducted by PWCGlobal, a corporate consulting firm, 65% of CEOs stated that they have encountered at least one crisis in the past three years. More than 30% of CEOs predict they will experience more than one cyber security crisis in the next three years. Due to the likelihood of facing a crisis, it is essential that today’s leaders have a clear game plan in place and learn from other companies that have been through a crisis.
The recent Equifax data breach of 143 million customers’ data, is a prime example of how a lack of proper crisis prevention and response can severely damage an organization’s financial status and credibility. The Equifax hack was first traced to a flaw in their web application tool, however Equifax admits that although they were aware of the security flaw for two months, they did nothing about it until it was too late and hackers were able to gain access to their data.
According to CNN, Equifax reportedly waited six weeks before alerting the public about the breach (yet three executives sold shares days after they found out about the hack). In what is now termed a PR disaster, Equifax made several other huge missteps including silence from the CEO following announcement of the breach. Poor handling of the situation and bad publicity led to key executives leaving the company including the Chief Information Officer, Chief Security Officer, and Chief Executive Officer.
On the other end of the spectrum is a company that effectively handled a major crisis in 1982. Remember the infamous Tylenol tampering case? Johnson & Johnson CEO James E. Burke was praised for the way he handled the unprecedented attack that killed seven people. Fortune named Burke as one of history’s 10 greatest CEOs; the Tylenol case has become a case study of effective crisis management.
Immediately after deaths were linked to tampered Tylenol bottles, Burke quickly recalled 32 million bottles from all stores, even though he knew it would cost his company millions of dollars. On national TV, Burke announced that his company would stop all sales of the capsule form of Tylenol (because it was seen as vulnerable to tampering), and would switch to solid pills instead. Johnson & Johnson also implemented new triple-seal tamper-proof packaging standards for its products. Because Burke took immediate action and was transparent about the steps taken to ensure something like that didn’t happen again, he minimized long-term damage to the brand.
To ensure your organization is poised to handle a crisis effectively like Johnson & Johnson, start by evaluating your level of preparation:
- What are the specific known risks and are they being properly addressed?
- Is there consistency within your leadership that promotes immediate action and decision making?
- Do you have an incident response team ready?
- Do individual team members clearly understand their specific crisis response tasks and priorities?
- Do you need to fill any gaps with outside resources (such as a public relations or law firm) and has your organization identified these resources?
- Is there a crisis toolkit in place with crisis protocol, resources, and technologies?
- Has the team run through a crisis drill?
- Have you created a culture open for improvement as crises occur?
While no leader ever wants to face a crisis, understanding your risks and formulating a plan is key to minimizing the negative impact when one occurs.