This work has usually been done under the purview of Operations, often under Security, sometimes under Risk and Finance. Resources available to crisis managers often depend on whether the company has to comply with specific resiliency regulations in its industry or not. In the case of the latter, this has often been a heavy inside sales job. The new aspect that 2020 has brought front and center is the need to put some structure around cybersecurity and response. Either way, it still has a heavy program management component, third party management, systems, and processes integration, change management, risk and compliance management, communications – internal as well as external, technology management, and getting things done through people who not only do not report to the crisis manager but are several ranks above. This is where the saying “never waste a good crisis” truly fits. Between crises, this is a persuasion and execution challenge. During the crisis, this is… well, adrenaline.
All emergencies can be loosely classified into two large types: outside and self-inflicted. Hurricanes, wildfires, tornadoes, mass shootings, civil unrest, floods, winter storms, earthquakes come at us from the outside. Datacenter, product, telephony, system outages, cyber incidents are seen as “the company’s fault,” i.e., self-inflicted. Overall, companies manage the first type better than the second and get very positive Net Promoter Scores from the clientele for dealing with the inevitable damage during and after the outside events. Not so with the technology events: NPS scores tank, social media multiplies and magnifies nasty comments from clients, and front line workers take a lot of heat, which has a tremendous negative impact on morale and loyalty. Organizational psychology may be at play here, but this is where the crisis managers spend most of their time and effort.
The number of incidents per year that become crises has gone up in 15 years that I have been in crisis management. Climate change and socio-economic tensions result in 30-35 weather and safety events to manage per year. Technology outages of the scale that requires some serious management can run anywhere between 20 and 50 per year. So, good crisis managers build and run their programs while literally fighting fires every single week.
The economics of it is – people don’t like to think about bad things that can happen, and they would rather have someone else clean the mess when it indeed piles up. And when you do well something others don’t want to do all – you can charge for it!
Crisis management of the future should remove humans from most of the mundane tasks. Let AI receive emergency notifications, check how many associates or assets are under threat, pull the contact data. Let automation push out the safety check. Train the neural networks on analyzing replies, scanning social media, sending client communications. Have IoT trigger emergency supply deliveries. And only in parallel with all this – activate truly human response teams like counseling.
Innovative tools such as cloud, data analytics, Tableau, Alteryx, SQL programming, mass notification apps already help a great deal in cutting down the time that it takes to assess impact, increase availability, account for people, and track the program performance. The Crisis manager of the future is the one who can deploy XXI century tools to respond faster and more effectively. But the job of leading and managing humans to resiliency is still certainly not for the faint-hearted.