Tag Results: crisis management

December 18th, 2014

Sony & The Wisdom of Moms
aka “Always Wear Clean Underwear”

As your mom used to say, “always wear clean underwear in case you’re hit by a bus,” advice that went unheeded as the bus – in the form of the North Korean cyber attack – flattens Sony.

But if we think the solution to cyber attacks is going to be better technology, we’re focusing on the wrong part of the problem.

We’ve been here before. In 2007, TJ Maxx disclosed a data compromise of the payment information of 45 million of its customers. That event was claimed to be a “game-changer”, a “wake-up call” for anyone concerned about data security. Seven years later, Target was in essentially the exact same situation disclosing 45 million, no wait, 70 million, or maybe 110 million accounts had been compromised. Sony itself experienced a high-profile breach of its Playstation business in 2011, the platform going dark for weeks and 78 million accounts compromised, plus 25 million at its sister company, Sony Online Entertainment.

The real lesson to be learned here is to recognize that we’re living in an age of unprecedented transparency – wanted or not – which requires a new approach to operating and decision-making.

Threatening to sue or otherwise harass reporters who cover events – whether from Sony’s legal counsel or Uber’s SVP of business – is an approach that is doomed not only to failure but to ridicule. It also fundamentally fails to recognize the new reality in which reputation and reputational risk needs to be a primary criterion in an organization’s decision-making approach and strategy, in order to withstand the inevitable external scrutiny.

An organization’s reputation is most at risk during a crisis, probably the one moment in time when leaders all-too readily acknowledge its importance. Outside of a crisis, however, reputation is an after-thought, a secondary consideration to financial, operational or legal drivers. It is only by proactively incorporating reputational risk as a critical variable in decision-making – driving business decisions, policies, ethics and culture at an organization – will organizations be in a position to thrive in today’s transparent and critical environment.
For more info: Our Approach

Or, to draw equally applicable, if often ignored advice – don’t do (or say) anything you wouldn’t want your mom to read about on the front page of the paper.


October 16th, 2014

Ebola: When Protective Gear Isn’t Enough

While originally posted on a healthcare focused blog, the recommendations are equally applicable for any organization, particularly those with international operations.

The response to Ebola at Texas Presbyterian in Dallas, Texas, and the transmission to two nursing staff (as of Wednesday, October 15) should be a wake-up call for senior leadership at all healthcare organizations. Training on the appropriate CDC Protocols—is obviously a first priority.  Another critical step is to make sure you have a practiced crisis management capability.

Crises Aren’t Easy

From an outside perspective, Texas Presbyterian’s response has not been as streamlined and effective as it could have been, and it is likely that their crisis response is going to define their reputation for years to come.  Indeed, our experience suggests that it’s the response to the event – rather than the event itself – which is the largest factor in the degree of reputational damage any crisis event or issue causes.

There is a chance that Texas Presbyterian might be given the benefit of the doubt by some stakeholders because it was the site of the first Ebola patient who died and the first transmission in the U.S.  But, that’s not going to be the case for a second hospital.

To Do Now:

Dust off that crisis management plan!  Actually, if your plan does have dust on it, you may already have a big problem, as no one will know what potentially great guidance it might have—or where it needs some work.  Dust-laden or not, your plan should define:

  • When, how and what information is escalated to decision-makers;
  • Coordination expectations and roles and responsibilities between an individual hospital and the corporate offices or equivalent if you are part of a system;
  • The core crisis management team, its leadership, and the role of the hospital CEO;
  • How the team will actually operate in a crisis to ensure understanding of decisions that have been made, who is responsible for executing specific tasks, and importantly, how the team is proactively identifying future risks and issues;
  • Crisis communications protocols, not just with the media but all critical stakeholders, particularly your employee-base and patients.

This is not the same as your emergency response plan.

Testing Your Leadership Team for Ebola.

In addition to the agreed documented procedures, you need to ensure your leadership team is familiar with roles and expectations.  The team should have been or should be “stress-tested” through executive-level exercises.  Depending on your risk, stress-testing can be anything from a two-hour tabletop exercise to multi-day, multi-team, and multi-location functional and full-scale exercise.

Improving Your Chances

Your hospital or healthcare network – let’s hope – may never have a case of Ebola.  However, the planning and procedures you formalize and put in place will benefit you for the broad range of reputational risks your organization faces.  Making it up as you go along – whether Ebola infection prevention and control procedures or crisis management – simply does not improve your chances of success.  For more information on how to get prepared, visit Blue Moon Consulting Group: Crisis Management.