Blindsided by a Crisis
BLINDSIDED BY A CRISIS
Spotlight: Bruce Blythe on Clients in Crisis and Risk Management with Jim Satterfield, CEO of Firestorm
Bruce Blythe has been a long-time friend of Firestorm, and as the CEO of Firestorm, I am very pleased to present this first part of a multipart interview and recent Risk Management Spotlight conversation with Bruce. We look forward to further conversation at the 2017 RIMS “Risk Revolution” Conference, April 23-26, 2017, at the Pennsylvania Convention Center. This Spotlight interview with Bruce focuses on what we, as senior leadership risk and crisis management professionals, do when called in to assist our clients in crisis, and leadership’s role when “blindsided” by a crisis. We also discuss the release of the 2nd edition of his book Blindsided: A Manager’s Guide to Crisis Leadership. In this updated and expanded publication, Bruce walks us through two books in one: Crisis Response and Crisis Preparedness.
Jim Satterfield (JS): So Bruce, let’s begin at the beginning: how did you get into Crisis Management?
Bruce Blythe (BB): Well it started in my old Employee Assistance Program days where we doing counseling for employees and family members that were having problems. Escalated crisis assistance calls began to mount: we had one organization that had a shooting; we had another one a kidnapping; another one had a plane crash. I kept getting calls from executives asking, “What do we need to do? We’ve got people that are distressed.” Back in the 80’s, when I first started, people simply weren’t prepared, they weren’t thinking about it. When I sold the employee assistance firm, I decided to get into crisis management because there was obviously a need. So, it kind of chose me as well as my choosing it.
JS: So, what really brought you into crisis management was the human side of the business?
BB: Yes, that’s right. As you like to say Jim, every crisis is a human crisis. I think my background in psychology allowed a solid fit as well.
JS: You say “When I first started, people simply weren’t prepared.” We find a high number of business leaders still aren’t. We ask them “When you think about crisis in general, what keeps you up at night? What gives you nightmares?” I’ll put the same question to you Bruce.
BB: Well I am going to answer for myself here. I sleep pretty well, so nothing really keeps me up at night. I think probably, the point I want to make about that is sure, we can say there are horrible crises that could happen; instead, I think the salient point is that for some people, crisis management and getting involved in crisis management is simply not where their expertise resides. Many people, my wife being one, internalize an external crisis and this creates great distress for them. For me, and I suspect many crisis management professionals, I am able to stand back from the crisis and view it and actions required objectively. I am able to do what I need to do, lead my team and focus on the good we are providing and not lose sleep over the horrible things happen to people and organizations. Instead, I just like to focus on the positive and of course, help people and organizations anticipate and prepare as best as possible for a crisis event.
JS: So, when you get called in, you’ve got this crisis going on or that is starting to occur; what’s the greatest challenge that you see in those initial moments in the crisis?
BB: Well, I think command and control is certainly the issue. If you don’t immediately gain control of the crisis, you’ll always play catch-up. The crisis starts running amuck if you are not there or have the wrong or no people in place. If the right people are in place and they are well briefed, you can start taking control of the situation. If you don’t get ahead of the crisis early on, you’re going to be in trouble.
JS: Do you find management is receptive to having an outsider come in and take over and help direct them where they need to be?
BB: First of all I don’t take over. I’m certainly there to help and I make suggestions, but management is in control and they are the ones that have responsibility. I’m just there to help them with my expertise, to help them in any way I can based upon my broad experience, but by no means by taking over. I wouldn’t want to do that and of course, they wouldn’t want me to as well. Basically, what I am there to do is to draw upon what I have learned over the years of helping organizations in crisis, because when you are inside the “crisis bubble” it’s hard to really focus on what exactly to do when things come so hard and fast. It’s an exceptionally stressful and chaotic time. You have partial information and it’s extremely helpful to have someone you trust, someone there that can bring expertise and calm to the unfolding crisis.
JS: Well you certainly do that and having watched you in action and how people respond to you, it’s very clear that support is there. Clearly, I think people get that the client needs to be front and center. It’s their organization before the crisis, during and after and it’s their job to support it. At Firestorm, we are seeing growth in crises related to the rate of change and the impact that that has on organizations. Can you talk a little bit about the role of change in crisis?
BB: Organizations change and strategic plans include global expansion; or a company expands distribution or manufacturing to another region or country; or a service company begins a manufacturing arm. M&A activity, expansion, reduction, product shift…you name it; every decision, every change within an organization has inherent risks. Having a strong risk manager at the table while strategic decisions are being made allows inherent risk to come to light and fosters the ongoing risk management discussion at the executive management level. Given the velocity of change that is happening in our society and in business, you need to pay attention to what risks lie ahead. If you are not taking a look forward, if you are going headlong into growing your company without considering the risks, if you have no specific risks response plan, then you are putting yourself and your organization at greater risk.
JS: So, when you think about it, change – and associated risk – is really a governance and fiduciary responsibility both for the C-Suite as well as the board. Are you seeing the board become more active from a crisis perspective?
BB: I do see boards becoming more active or at least more concerned. It’s not necessarily the board’s role to be active in a crisis, it’s really management’s responsibility unless the CEO is compromised, and at that point, the company will most likely require help from the outside. While the board doesn’t come in and take over when a crisis happens unless the CEO is compromised (or some other very high level things), it makes sense to think about scenarios ahead of time: at what point do we get closer to the CEO during a crisis and at what point do we stand back, stay abreast of what’s going on but let management do their thing? Those are some questions that I think boards are starting to grapple with and if the board does get involved, how do they handle a crisis? A common characteristic I see with boards right now is that they are not truly crisis prepared and so if they do need to take action, what are they going to do? Good things to think about at this point.
JS: Agreed. We see a board member who suddenly says, “Well, we have to frame this situation, we have to get out in front of it, we have to deal with the media!” In many cases, that’s exactly the wrong strategy at exactly the wrong time. So, I think that the “Noses In, Fingers Out” debate for a board member: do they stick their nose in and asks questions or are they actually getting their fingers in and getting involved – that in itself becomes a pivotal risk factor. I know you’ve been doing a big project looking at this for a technology player. In light of your most recent experiences, tell me a little bit about crisis risks today and what are the greatest crisis risks that organizations face?
BB: Certainly cyber-attacks and the precarious nature of how we are so interconnected is a risk. It’s a heaven and hell, all at the same time. Cyber risk is invisible in many ways – many organizations don’t know they’ve been attacked or compromised. It’s such a huge issue for many organizations; it’s not “If” but “when.” Are we prepared? I think probably the greatest crisis risk ties into social media and social society. It’s a good way to destroy a company. Social attacks allow broad hits on reputation, attacks directed at the brand, at the ability to operate, at the morale of the employees and the loyalty of customers. Certainly, any high-impact crisis is something that needs to be addressed. But, many, many times, and I’ve seen research on this and it comes out year after year, management mistakes tend to be right up there at the very top of what cause crises. Once the media grabs on to management mistakes or issues that have not but should have been considerations, an organization is left vulnerable with no plan. Management must take a look and say, “We need to be prepared for a crisis of our own making, and if we do make a mistake are we ready to respond responsibly and respectfully?”
JS: We have seen a revolution over the last decades in the role insurance plays in crisis management. What role should insurance play when we think about crisis management?
BB: Insurance is one of the risk mitigation techniques that allows risk transfer. A good insurer is going to do more than just provide money; they may also provide consulting to help to minimize their own exposure. I think it’s interesting that the Templeton studies done at Oxford University several years ago, took a look at older organizations that were well-prepared versus those that were not well-prepared. The study found a 22 percent differential in the stock prices between the companies that responded well to crises versus those that didn’t. It’s a very good study and the interesting conclusion is that the way an organization responds is much more important than the insurance itself. Whether an organization was properly insured or not had nothing to do with how well a company recovered later on. For a small organization, if you don’t have insurance and it doesn’t cover some of your assets that may be damaged, well that could put a small business out of business. But insurance is not a panacea; it’s dangerous to think, “Well alright, we’re well insured so we can handle any crisis because we have insurance to cover it.” Certainly, the reimbursement aspect of insurance is not the primary deciding factor. I think though, the idea that you potentially have external resources that could be called in to help support during a crisis makes a difference. Some of the triggers that we’ve seen in the crisis management area however, are onerous, requiring multiple deaths or public declaration of crisis. You could have a crisis where no one had died; you could have a crisis where you don’t want to make a public declaration; complex triggers become burdensome.
JS: What advice would you give to an organization in crisis?
BB: First, you need to get the right people around the table, at the right time, an early time, get the fact pattern and then decide what needs to be done from there. The biggest mistake after crisis hits is that in chaos, you don’t get the right people around the table with the information needed on a timely basis. At a bare minimum, get the right people around the table, get the fact pattern down the best you can – knowing that there is only partial information in the early hours. Organizations need to plan for what historically has been labeled “unplannable.”