Dive Brief:

• Companies are more confident about facing a crisis, but they're not really prepared for one, according to a new Deloitte study. In "Stronger, Fitter, Better: Crisis Management for the Resilient Enterprise," 90% of the 500 respondents polled think they can handle a corporate scandal, for example, but only 17% tested their capability through a simulation. 
• Survey results show that 80% of organizations worldwide have had to deploy their crisis management teams at least once in the last two years. Most crises have been cyber- or safety-related (46% and 45%, respectively). Results also show that crises are learning experiences; 90% of organizations that faced a crisis did follow-up reviews and found that many dilemmas could have been avoided. Respondents recognized the need to handle crises better by improving early-warning and detection systems, stepping up prevention efforts and doing more to identify potential crises.
• Deloitte said organizations that keep clear of crises, effectively manage those that occur and get senior management and board members engaged in the process can avoid any catastrophes that may affect their reputation, financial performance, sales and employee morale.  

Dive Insight:

Preparedness for a crisis of any kind is critical for any organization, and a major takeaway from the Deloitte study is the realization that many crises can be avoided. 

Crises caused by misconduct, a lack of diligence, bad judgment or other human failings are avoidable, for example. The most notorious of public allegations of late are the recent string of sexual misconduct claims that ignited the #MeToo movement, Wells Fargo's fake customer accounts and Mylan Pharmaceutical's price-gouging. HR leaders can set ethical standards for their organizations, which forbid behavior or activities considered to be unlawful, immoral or irresponsible. But part of that is getting buy-in from high-level leaders — which also is key to managing crises.

Some more actionable training can take place, as well. With cyber attacks high on the list of business crises, training workers to identify and handle cyber breaches should be part of a prevention strategy.

While some events such as natural disasters can't be prevented, they can be handled well with a plan that includes a communication system for those charged with executing the plan; the safety, protection and evacuation of staff; the backup of essential files and proprietary information; and other measures.