The Impacts & Consequences of Today's Issues & Crisis Events

December 18, 2014

Sony & The Wisdom of Moms
aka “Always Wear Clean Underwear”

As your mom used to say, “always wear clean underwear in case you’re hit by a bus,” advice that went unheeded as the bus – in the form of the North Korean cyber attack – flattens Sony.

But if we think the solution to cyber attacks is going to be better technology, we’re focusing on the wrong part of the problem.

We’ve been here before. In 2007, TJ Maxx disclosed a data compromise of the payment information of 45 million of its customers. That event was claimed to be a “game-changer”, a “wake-up call” for anyone concerned about data security. Seven years later, Target was in essentially the exact same situation disclosing 45 million, no wait, 70 million, or maybe 110 million accounts had been compromised. Sony itself experienced a high-profile breach of its Playstation business in 2011, the platform going dark for weeks and 78 million accounts compromised, plus 25 million at its sister company, Sony Online Entertainment.

The real lesson to be learned here is to recognize that we’re living in an age of unprecedented transparency – wanted or not – which requires a new approach to operating and decision-making.

Threatening to sue or otherwise harass reporters who cover events – whether from Sony’s legal counsel or Uber’s SVP of business – is an approach that is doomed not only to failure but to ridicule. It also fundamentally fails to recognize the new reality in which reputation and reputational risk needs to be a primary criterion in an organization’s decision-making approach and strategy, in order to withstand the inevitable external scrutiny.

An organization’s reputation is most at risk during a crisis, probably the one moment in time when leaders all-too readily acknowledge its importance. Outside of a crisis, however, reputation is an after-thought, a secondary consideration to financial, operational or legal drivers. It is only by proactively incorporating reputational risk as a critical variable in decision-making – driving business decisions, policies, ethics and culture at an organization – will organizations be in a position to thrive in today’s transparent and critical environment.
For more info: Our Approach

Or, to draw equally applicable, if often ignored advice – don’t do (or say) anything you wouldn’t want your mom to read about on the front page of the paper.

October 16, 2014

Ebola: When Protective Gear Isn’t Enough

While originally posted on a healthcare focused blog, the recommendations are equally applicable for any organization, particularly those with international operations.

The response to Ebola at Texas Presbyterian in Dallas, Texas, and the transmission to two nursing staff (as of Wednesday, October 15) should be a wake-up call for senior leadership at all healthcare organizations. Training on the appropriate CDC Protocols—is obviously a first priority.  Another critical step is to make sure you have a practiced crisis management capability.

Crises Aren’t Easy

From an outside perspective, Texas Presbyterian’s response has not been as streamlined and effective as it could have been, and it is likely that their crisis response is going to define their reputation for years to come.  Indeed, our experience suggests that it’s the response to the event – rather than the event itself – which is the largest factor in the degree of reputational damage any crisis event or issue causes.

There is a chance that Texas Presbyterian might be given the benefit of the doubt by some stakeholders because it was the site of the first Ebola patient who died and the first transmission in the U.S.  But, that’s not going to be the case for a second hospital.

To Do Now:

Dust off that crisis management plan!  Actually, if your plan does have dust on it, you may already have a big problem, as no one will know what potentially great guidance it might have—or where it needs some work.  Dust-laden or not, your plan should define:

  • When, how and what information is escalated to decision-makers;
  • Coordination expectations and roles and responsibilities between an individual hospital and the corporate offices or equivalent if you are part of a system;
  • The core crisis management team, its leadership, and the role of the hospital CEO;
  • How the team will actually operate in a crisis to ensure understanding of decisions that have been made, who is responsible for executing specific tasks, and importantly, how the team is proactively identifying future risks and issues;
  • Crisis communications protocols, not just with the media but all critical stakeholders, particularly your employee-base and patients.

This is not the same as your emergency response plan.

Testing Your Leadership Team for Ebola.

In addition to the agreed documented procedures, you need to ensure your leadership team is familiar with roles and expectations.  The team should have been or should be “stress-tested” through executive-level exercises.  Depending on your risk, stress-testing can be anything from a two-hour tabletop exercise to multi-day, multi-team, and multi-location functional and full-scale exercise.

Improving Your Chances

Your hospital or healthcare network – let’s hope – may never have a case of Ebola.  However, the planning and procedures you formalize and put in place will benefit you for the broad range of reputational risks your organization faces.  Making it up as you go along – whether Ebola infection prevention and control procedures or crisis management – simply does not improve your chances of success.  For more information on how to get prepared, visit Blue Moon Consulting Group: Crisis Management.


September 18, 2014

Is It Easier to Row the Boat or to Rock It?

What NFL and GM have in common… and something everyone needs to consider.

While the former FBI Director Robert Mueller investigation is on-going, bets are the NFL’s leadership will be cleared.  It doesn’t mean, however that they are blameless.  Among all the noise and chatter about when the Rice tape arrived, if it arrived, who saw it and when, lies a more fundamental challenge almost every organization faces.  Does the organization have a culture that encourages proactively sharing bad news?

Human nature doesn’t help.  Faced with a problem, we all tend to want to solve it first, before confessing that something went wrong. Does a “shoot-the-messenger” mentality at your organization mean that bad news is buried, whether you are out in the field or at HQ?  Is “plausible deniability” more important than facing the issue and starting to address it?  Is it easier to row the boat at your organization or to rock it?  An organization’s culture can either further enforce this mentality or it can define a new set of expectations that are critical to managing reputational risk.

The legal department at GM probably wins the prize for the most egregious recent example of hiding information for fear of the fall-out.  Potentially that is what happened at the NFL also.  Developing a culture in which sharing bad news is not a career-killing step is important.  Developing a defined, understood and enforced escalation and reporting process can signal that culture change.  This isn’t a compliance program or an ethics hotline – rather it needs to be an intelligence-gathering process that allows an organization to get a heads up on issues that are potentially challenging, allowing it the time to make proactive decisions that will both stand the test of time and satisfy stakeholder expectations.
Crisis management isn’t just about how you respond to a crisis once you are in the middle of it.  It’s about identifying issues early enough to prevent them from becoming crises in the first place.