Companies, governments and society at large are coping with the rising incidence of crisis events including cyber-crime, natural disasters, major product recalls, pandemics, terrorism and war. No company can immunize itself from the possibility of a crisis, but they can be better prepared.
Knowing when an “event” is really a crisis
When do you declare a crisis? Delays can slow response times, potentially making situations worse or even leading to a larger crisis. Yet, delays are common, either because management doesn’t recognize what is happening, or because there’s concern with labeling the event a “crisis.”
Companies should consider defining in advance what constitutes a crisis for them and determining “trigger points” that once reached may indicate a crisis situation. These will be unique to each company and should take into consideration the company’s risk tolerance levels. Examples of trigger points include financial losses above a certain dollar amount, particular networks offline for a specified period of time, reaching specified threshold levels for damage to a physical plant, or even loss of life. Management should discuss their definition with the board.