As an industry professional, you're eligible to receive a printed copy of the journal.

Fill out your address below.

Please reset your password to access the new
Reset my password
Welcome aboard, !
You're all set. We've send you an email confirmation to
just to confirm you're you.

Welcome to DRJ

Already registered user? Please login here

Existing Users Log In

Create new account
(it's completely free). Subscribe

As everyone who has ever stubbed their toe knows, the world can be a dangerous place.

Business is not immune to this reality. In fact, sometimes it seems to have a big target painted on its back.

Crises and emergencies happen all the time in the world of business and organizations. Equipment catches fire, chemicals leak, roofs collapse. Storms hit, sinkholes open, and people on company premises trip and are injured or become ill. Sometimes people representing the organization act inappropriately or unlawfully, bringing bad publicity and the attention of law enforcement. Sometimes disturbed people perpetrate acts of violence, turning offices, factories, and warehouses into crime scenes and places of tragedy.

The Trend of Rising Volatility

As if the standard shocks of life weren’t enough, in many respects the world today is growing more unstable. Numerous trends are raising the frequency and consequences of emergencies.

These trends are not limited to the United States. Many experts believe the entire world is entering a period of increased volatility.

To compound the problem, these days our global dependencies make us susceptible to upheavals a world away.

Three Contemporary Threats

Three threats loom largest in terms of the trends elevating the risk level for business. They include climate change, the proliferation of cyberattacks on company computer networks, and the rise of social media.

Climate Change

The reality of climate change is something no prudent leader can ignore. This reality is illustrated by the stories of extreme weather events that have come to dominate the news in recent years. This includes the fires that have affected large areas of California; the hurricanes in Puerto Rico, Florida, and the Bahamas; and record-setting flooding in places as far apart as Houston, Texas, and Venice, Italy.

This anecdotal evidence is borne out by studies and data. This type of weather has brought serious emergencies to many organizations. It brings a realistic possibility of them to many more.


Another trend that is creating new danger for business is the increase in cyberattacks. Over the past generation, we have become dependent on computer networks for doing business and running our organizations, but those networks are increasingly vulnerable to attack.

Every week brings a new story in the news about a municipality wrestling with whether to pay a ransom to hackers who encrypted their data or a corporation that has suffered a data breach and the exposure of their customers’ private information.

The cost of such problems can be enormous, including the inability to provide services, loss of consumer confidence, reputational damage, legal liability, and penalties from regulatory authorities.

Social Media

The third trend raising the risks faced by business is the rise of social media.

Traditionally, we think of an emergency as a situation where first responders come to our facility with their lights flashing. Social media crises are not accompanied by the sound of sirens, but they have just as much potential to harm your organization as any flood or fire. On Twitter and other platforms, complaints against your organization can spread like wildfire, no matter what their proportion of fact to fiction.

A social media mob can damage a company like nothing you’ve ever seen. It can drive media coverage, boycotts, and similar events that can cause lasting damage. Thanks to Twitter and Facebook, a seemingly minor problem can become an existential crisis in the blink of an eye. Problems that in the past might only have been known to a small number or people can go viral within a few hours.

Today any discussion of crisis management for business must address the issue of a social media driven reputational crisis.

Defining the Threat

Here are some of the crises that will almost certainly strike one or more organizations somewhere in the country within a short time of your reading these words (some will be more relevant to your organization than others). We give this list not to keep you up at night, but to help you think about your organization’s readiness and to motivate you to get prepared.

  • Cyberattack
  • Reputational damage
  • Flood
  • Hurricane
  • Tornado
  • Structure fire
  • Wildfire
  • Earthquake
  • Toxic gas release
  • Chemical spill
  • Explosion
  • Civil disturbance
  • Workplace violence resulting in bodily harm and trauma
  • Loss of utilities (power, water, etc.)
  • Ransomware attack
  • Leak of embarrassing internal communications
  • Liability for customer injury or death
  • Loss of data center
  • Loss of key people
  • Company leader charged with wrongdoing
  • Bomb threat
  • Accident involving motor vehicles
  • Pandemic
  • Terrorist attack

Crisis Management Can Help

The high and growing level of the threats businesses are facing is a reality. But here’s another reality, and it isn’t nearly as grim.

Organizations do not have to sit around twiddling their thumbs waiting to get damaged by the next crisis that comes along. They can do something about it.

They can’t prevent every crisis, but they can ensure they are well-trained and prepared to respond when they come, thus reducing the damage they will experience. In short, they can design and implement a good crisis management program.

What Is a Crisis Management Program?

A crisis management program is a collection of organizational arrangements, plans, and training exercises which are established in advance to help a company respond effectively to emergencies.

Crisis management (CM) provides the strategic framework to centrally coordinate and direct the organization in the event of an unplanned disruption. It develops a comprehensive process that incorporates the company’s internal and external resources to respond to a disruption.

A CM program sets up a team to manage crises and a plan for responding to them.

The plan addresses the whole range of crises that might impact the company, whether the causes are natural, technological, or human.

Crisis Management Priorities and Training

During an emergency, a crisis management program has four critical priorities. These are, in order of importance:

  • Protecting life safety
  • Stabilizing the incident
  • Protecting and preserving property
  • Recovering the business

A CM program includes training and exercises for the employees so everyone knows their role and is capable of carrying it out.

The Elements of a Crisis Management Program

A good crisis management program incorporates the following elements:

  • Crisis management team. Includes a leader, primary members, and alternate members. Members should be drawn from a variety of key departments that cross-functionally represent the company.
  • Crisis management plan. A comprehensive plan to direct the team and its response.
  • Crisis management plan document. The written document setting forth the CM plan. Includes checklists to guide team members in responding to the crisis.
  • Crisis communications plan. An important subpart of the CM plan. Outlines the steps that will be taken to convey the appropriate information internally and externally.
  • Command centers. Includes physical and virtual command centers where the team can assemble during a declared event.
  • Training and exercises. Instruction and mock-disaster exercises to improve the staff’s ability to implement the CM plan and respond to emergencies.
  • Maintenance. The CM process and documents should be regularly reviewed and maintained.

Achieving “Organized Chaos”

One thing a CM program cannot do is eliminate the stress and confusion which occur when there is a crisis. However, a CM program can turn the scene from chaos into “organized chaos.”

In organized chaos, things appear confusing, and there might be a fair amount of stress. There is also a tested, familiar, underlying structure in place to guide the company and team’s response.

Experience shows this is what makes the difference between companies that get knocked flat on their back by crisis and those which respond effectively, limiting the damage and quickly getting back to work.

The Price of Neglect

Unfortunately, many organizations do not take advantage of the tools which crisis management provides to help in handling emergencies.

They prefer living with their heads in the sand.

Here are some examples of the kind of neglect we often see while working as crisis management and business continuity consultants:

  • Perhaps 75 percent of companies are unprepared.
  • Many people in positions of responsibility take a casual attitude toward crisis readiness.
  • Too often, what drives the approach to CM is the shortness of people’s attention spans, not the importance of the issue.
  • Many leaders assume their staff will do fine operating by the seat of their pants if and when crisis strikes.
  • Even many companies that have CM teams don’t conduct the necessary training, exercises, and maintenance. These companies have CM programs in name only.
  • At a large number of companies, many people have no idea where they should go if an emergency forced them to evacuate or relocate.

This kind of neglect comes with a price.

When emergencies occur, companies that aren’t prepared tend to learn the hard way that lack of readiness:

  • Leads to greater impacts on people’s lives and safety.
  • Leads to greater damage to property.
  • Increases the amount of time needed for normal operations to resume.
  • Increases the chances the company will never recover.

Staff who are winging it in situations of high confusion and great pressure have a high tendency to take steps that make the situation worse and to miss steps that could make it better.

Setting Up a Crisis Management Program

Organizations of all types and sizes should make adequate preparations for managing crises.

Not only that, but they can do it. It’s not hard or expensive.

Dealing with a crisis might be a high-stakes, high-tension affair but setting up a crisis management program is relatively easy and stress-free. It doesn’t require that anyone be an action hero. It only requires that the people in charge be patient, diligent, and follow through.

If you start now and work on it bit by bit over time, eventually you’ll get to where you need to be.

Spending on crisis management is money well-spent. Being prepared minimizes the impact of the event and heightens the potential for you to respond and recover the business sooner, with fewer impacts to your stakeholders.

A Responsible Approach to Crisis Management

Your goals as a company that takes a responsible approach to crisis management should be to

  • have a well-trained, cross-functional crisis management team.
  • have a defined CM process, methodology, and plan.
  • conduct regular CM training for staff and raise awareness of the CM plan and program.
  • hold regular mock disaster exercises to stress-test the program and challenge team members.
  • keep the CM plans and documentation updated.

Sooner or later, every company is hit by crisis. It’s a matter of when, not if, your company will be impacted by an unplanned disruption at some point. You can choose to be prepared or not.

You need to get your CM planning started today, not tomorrow. It is better to implement 75 percent of a plan and strategy right away than to wait with the goal of implementing 100 percent at a later date.

Organized chaos is much better than chaos.

These days it’s more important than ever that your organization is ready for trouble before it strikes.


  • Organizations today face many threats, including from the new trends of climate change, social media, and the rising rate of cyberattacks.
  • A sound crisis management program can help an organization take control of its fate and turn chaos into organized chaos, if, and when it is faced with an event.
  • Most companies are unprepared, but the responsible thing to do is to begin setting up a good crisis management program.



Michael Herrera is the CEO of MHA Consulting, a leading business continuity planning and information technology consulting firm. Herrera is the founder of BCMMetrics, which specializes in business continuity software designed to aid organizations in developing and executing business continuity programs. ... Richard Long is a senior advisory consultant and practice team leader for MHA Consulting, where he has successfully leads international and domestic disaster recovery, technology assessment, crisis management, and risk mitigation engagements.

The Next Generation of Mass Notification Software: How to bring your EN strategy up to date
In the early morning hours of Feb. 27, 2010, an 8.8 magnitude earthquake rocked the Republic of Chile. It was...
Outages Happen
In late October of 1980, the precursor to the modern internet (ARPAnet) failed for an agonizing four hours. Considered to...
Best Practices for Accounting for People during Crisis Events
In the stressful and chaotic environment of a critical event, it is essential that an organization has accounted for their...
The Difference a Hurricane Can Make: The Change of Louisiana’s Emergency Preparedness Effort
Thewaves of change in emergency management have been numerous sinceSept. 11, 2001. As direct result from these events, Louisiana’sstate and...