The Idea in Brief
You’ve readied your company for natural disasters such as fires and earthquakes. But what about industrial accidents like the Exxon Valdez oil spill and personnel crises such as strikes? And what of deliberate evil in the form of product tampering, cyber-attacks, or terrorist acts? Three out of four companies aren’t equipped to manage such unfamiliar crises.
Why? It’s difficult to accept that such things could happen to our companies. If disaster does strike, most of us can only react. We’re crisis-prone.
By contrast, crisis-prepared companies are proactive. Rather than fighting new wars with old strategies, they force themselves to confront crises they’ve never experienced—or can’t even imagine. These organizations encounter fewer calamities and recover faster. They also stay in business longer and fare better financially.
How to join their ranks? Start by imagining the unimaginable—using surprisingly simple tools.
The Idea in Practice
Envisaging the full range of crises your firm may encounter requires new mental capabilities, confidence, and flexibility. These tools can help:
Wheel of Crisis. With colleagues, build a wheel with a spinner at its center. On it, list categories of crises your company could face, such as “personnel” (e.g., workplace violence), “criminal” (product tampering), “economic” (stock market crash). Take turns spinning the wheel, then brainstorm all possible crises in that category—no matter how bizarre. Combine crises to create even more improbable scenarios.
This process’s randomness frees you from your mental straitjackets. It helped executives at one company combine car bombing and aircraft hijacking to envision “flying bombs,” eerily foreshadowing the 9/11 attacks.
Internal Assassins. Imagine yourselves as internal terrorists. Using knowledge of your company’s products, procedures, and systems, choreograph how you’d destroy the firm. You’ll expose weaknesses and encourage a proactive attitude toward crisis. Example:
When an insurance company had three teams devise swindles insiders or outsiders could carry out, they invented ingenious scams the company wouldn’t have detected. Realizing they were particularly vulnerable to small schemes, managers modified computer systems to red-flag suspicious transactions, however minor.
Mixed Metaphors. Envision grappling with other industries’ vulnerabilities. You’ll identify previously unimaginable threats. Example:
When an electronics manufacturer pictured itself in the food industry, it metaphorically applied that industry’s concerns about pathogens to its own business. It imagined the need to protect itself against product tampering by disgruntled employees or suppliers—its version of food pathogens. It created a system for checking whether product failures had been deliberately caused and then quarantining them for inoculation.
Spy Games. To test your crisis-preparedness, invite outsiders to stage attacks on your company. Banks hire ex-robbers to test their security procedures; computer makers use professional hackers to probe their networks’ safety. Some organizations ask journalists to report on their crisis-prevention plans—with complacency-shattering results.
Crisis Centers. Establish a crisis center whose head reports to the CEO, COO, or CIO. The center develops prevention and response plans for events in each crisis family; amplifies and distributes pre-crisis signals to executives; conducts regular audits and training; and establishes alternative work sites in case facilities are destroyed.
Over the last 19 months, the sheer spate and scope of crisis, from terrorism to Tyco, has forced firms to reevaluate the state of their crisis preparedness. Businesses that had crisis management plans in place reviewed and reinforced them. They analyzed the causes of each disaster and near disaster they had faced in the last five to ten years, calculated the costs, and evaluated the risk of recurrence. But despite doing it by the book, many companies have found that a sense of security eludes them still.