As the provision of legal services becomes increasingly global and dependence on digital technology increases, the potential for disruption is rising exponentially. Risks are becoming more complex and more connected.
Threats, such as terrorism, political violence, kidnap and ransom, and cyber risks can cause serious operational disruption, financial loss or adverse publicity that can impact a firm and its profits. That is why it is important to understand crises and the steps firms need to take in order to manage them.
The British Standards Institution (BSI) defines crisis as an “abnormal and unstable situation that threatens the organisation’s strategic objectives, reputation or viability” and crisis management as “development and application of the organizational capability to deal with crisis”. While your firm may have an incident response plan, incidents are usually something which can be predicted in advance and can be resolved quickly before long-term or permanent impacts occur. Crises, on the other hand, are unique or unforeseen events and can have dire consequences. Failure to respond to a crisis in the correct manner could potentially cripple an organisation and, as this is not something which is part of day-to-day management, companies will need to allocate the time and resource to introduce a crisis management plan.
Research undertaken in 2017 by Gallagher, in conjunction with YouGov, shows that UK companies are keenly aware of the need to build a culture of crisis resilience against the main threats their organisations face, but managing and responding to security threats like cyber extortion, terrorism and emergency repatriation is easier said than done. These incidents are low frequency but high impact – increasingly causing damage to brand and reputation, as well as financial loss and personal injury or loss of life.
The key to a successful crisis management plan is to start as early as possible and have a clear strategic direction including clear communication, effective leadership and a detailed record of all decisions taken. Companies need to shift their mind-set and take a comprehensive approach to building effective resilience aligned to four key pillars of activity: ‘Anticipate, Prevent, Respond, Recover’.