Survey of Global Organizations Finds Senior Executives Lack Confidence in Their Crisis Management Plans

Morrison & Foerster and Ethisphere release Crisis Management Benchmarking Report, which includes best practices and insights for business leaders seeking to address shortcomings in their companies’ crisis preparedness

12/13/2018

John P. Carlin and David A. Newman

Global Risk + Crisis Management and National Security, CFIUS, Sanctions + Export Controls

Press Release

WASHINGTON, D.C. (December 13, 2018) – Morrison & Foerster, a leading global law firm, is pleased to present the inaugural global Crisis Management Benchmarking Report, which was conducted in partnership with the Ethisphere Institute, a global leader in defining and advancing the standards of ethical business practices.

The report includes the results of a global survey of nearly 250 senior executives in ethics, compliance, legal, communications, and risk functions, from both public and private companies and non-profits across the world. The survey, which was conducted online, included questions about crisis management plans, the roles involved in the development of these plans, how companies prepare their teams, and the ways that companies use outside counsel for crisis management and preparedness. The data from this survey was combined with interviews from large, multinational companies with sophisticated legal, ethics, and compliance programs, as well as from Morrison & Foerster’s partners that have practices in various domains of corporate crisis management, in order to identify best practices for plan development, maintenance, and implementation.

View the Crisis Management Benchmarking Report.

Some key findings from the survey about crisis management plans (CMPs) include:

  • Organizational confidence in CMPs appears to be low, with nearly two out of three senior executives being only somewhat (56%) or minimally confident (10%) in their plans;
  • Cyber breaches continue to be the event most covered by CMPs, with 67% of companies including it in their plans; workplace violence and harassment followed as a close second, with 57% of companies including this event in their plans;
  • In addition to cyber breaches and workplace violence and harassment, companies are planning for a range of other incidents, including intellectual property theft and litigation, terrorism, events relating to a government investigation, environmental damage, bribery and corruption allegations, and product recalls; and
  • Outside counsel are being used for more than just general strategy and planning; approximately two out of five companies surveyed also use outside counsel for advance planning with communications firms (41%), which is a critically important element of a CMP.

“This report gives business leaders insights into current trends involving crisis management response around the world and highlights best practices for crisis planning,” said John Carlin, chair of Morrison & Foerster’s Global Risk and Crisis Management practice group and co-head of the National Security practice group. “Having a well-designed crisis management plan is a critical aspect of being prepared. But too often, as this survey shows, executives lack confidence in their plan and don’t know whether it could be relied upon in an actual crisis. That is why it is so important that organizations practice how they would respond to different scenarios and test whether their plan is workable.”

Interviews with Morrison & Foerster attorneys and senior compliance and ethics professionals helped inform key recommendations covered in the report that will raise organizational confidence in crisis management plans. Examples include:

  • CMPs should be well documented, practiced, quick to implement, and reviewed often; they should also include a plan for implementation if standard system access is not available;
  • Senior-level stakeholders, including boards of directors, need be involved in the process and should conduct annual reviews of their CMPs;
  • Companies should prepare across functions and not in silos; the best and most prepared companies have a crisis management team comprised of cross-functional leaders, all of whom must have good working relationships and regular communication;
  • A CMP should be general, flexible, and adaptable; your plan should be able to cover incidents of all types, from cyber breach to natural disasters, leadership crisis (for example, the death of a CEO) to a dawn raid by government regulators; and
  • Organizations should benchmark their plans annually, having formal, documented crisis management teams, and running drills on key risks areas at least annually.

David Newman, of counsel in Morrison & Foerster’s National Security and Global Risk & Crisis Management practices, previously served in the White House Counsel’s Office and on the National Security Council staff, where he helped coordinate the response to crises ranging from the Ebola outbreak in West Africa in 2014 and international terrorism incidents. He highlighted the importance of ensuring that the response plan reflects input from all relevant components of an organization and is tested with the actual participants who would be called upon to use it through tabletop exercises and other drills. “Don’t prepare in silos. Consider not just preparation within workstreams but true cross-functional planning; part of the purpose of a good tabletop exercise is to give people the experience of working through challenging scenarios and elements of the response. To be able to go fast and also be effective, you have to have practiced.”

Email Disclaimer

Unsolicited e-mails and information sent to Morrison & Foerster will not be considered confidential, may be disclosed to others pursuant to our Privacy Policy, may not receive a response, and do not create an attorney-client relationship with Morrison & Foerster. If you are not already a client of Morrison & Foerster, do not include any confidential information in this message. Also, please note that our attorneys do not seek to practice law in any jurisdiction in which they are not properly authorized to do so.

©1996-2019 Morrison & Foerster LLP. All rights reserved.