CEO

After the crisis, what comes next: a primer for boards and CEOs

Critical takeaways

  • It’s normal to want to move on once a crisis recedes but this is when CEOs and Boards need to learn the lessons from the crisis to improve their resilience.
  • Skills gaps should be closed and technical mastery sought but businesses should also be reevaluating their risks to make sure they are properly prepared. 
  • Technical mastery and greater risk readiness will allow you to transform your organization and to become more crisis resilient

Imagine yourself as a CEO or a board member of an organization that’s recently gone through a reputation-impacting crisis. It could have been a data breach or sexual harassment accusations. Possibly charges of fraud or something related to product tampering. Whatever it was, the crucible of crisis is behind you. The question now is, what do you do next?

I’m not the first to ask this question and a few years back, Deloitte released a fascinating survey of board members and CEOs called ‘A Crisis Of Confidence’. It’s an excellent conversation with board members and CEOs reflecting on what they learned after a crisis had died down. One of the most notable findings was that there was no single point that stood out, although there were some common themes: 

  • A wish that they had done more crisis exercising
  • A desire for a better understanding of the risks they faced
  • Many of them noted gaps in applicable skill sets and an overall lack of crisis readiness
  • Several felt that early warning systems would have helped
  • Many believed that they could have been more effective communicating internally and with partners, allies, and stakeholders.

For more information, I encourage you to check out the report.

However, as a CEO or board member, you don’t need to wait for Deloitte’s call to reflect on what just happened. The ability to perform this kind of self-assessment and introspection close to the event is key to developing an infinite mindset and treating crises as edgeless. Plus, you increase your chances of avoiding a repetition of the same mistakes in the future. You’ve survived the crucible of crisis and should be proud of that, but there’s still work to be done.

First, you need to convene the organization’s decision-makers and start to reflect on what went well and what didn’t. Identify members of your team that are better suited for this type of work than others. Examine how you interacted with the Board and vice versa. Where were there skill gaps, and where were processes robust and effective? What did your internal communications look like? What about external messaging? Did you manage to achieve speed?

Next, you need to look at your successes and ask yourself how much was due to excellent strategies and superior communications and how much was dumb luck and good fortune? Remember, the 20/20 hindsight  you have allows you to be honest and to learn the real lessons from the crisis.

Now you face a choice between two courses of action. Luckily, these aren’t mutually exclusive. 

 

Technical mastery

The first option is to focus on closing gaps and improving the organization’s crisis readiness. You want to see your chain of command enhanced and strengthened. You want to understand how your mission and values align with that chain of command to make you faster. You want to hone the skill sets of your communications team to ensure they can craft smart, clear messages under pressure. And you want to make that your operational subject matter experts (SMEs) are genuinely aligned with your communications operation. 

All of those create workflows. All of those create tasks and responsibilities of improved crisis readiness. All this helps you achieve technical mastery, building on the experience you just survived.

Achieving awareness

The second thing that this hindsight provides is an opportunity to begin a parallel journey of greater risk awareness. You need to catalog and look at your risks – both those that caused the crisis and your risks in general – and determine if you are genuinely aware of your risk environment. Use something like our strategic, preventable, and external risks framework to properly understand your risks and the implications they could have on your organization. 

Then you can start the work of mitigating these risks and strengthening your resilience.

Identify those that, from a public standpoint, pose the greatest risk and single out those where you can actually change their direction. Some external forces – such as force majeure, weather, and some criminal events – are things where you have very little ability to make a change. However, other strategic risks are areas where you have a great deal of influence.

But in order to be successful, you need to tackle head-on the risks that have the potential to crush your company’s reputation. You need to look deep within your organization and understand the dangers that lie there. Ask your executives and SMEs about emerging risks: those things that lie beyond what you currently manage but know are approaching. What do the new technological frontiers, such as automation and AI, mean? What kinds of legislation relating to data privacy might be coming? Where does political instability threaten your supply chain or customer base? 

Then you need to identify your gaps and begin to mitigate those risks. Generate buy-in and align operations with communications so you can start to tell these stories, build stakeholder relations, and develop your resilience.

In short, begin to transform.

Be a phoenix, not a V2.0

Developing technical mastery is essential and I believe that this is a fundamental requirement in the aftermath of a crisis. Gaps must be closed and risks better understood to avoid a repeat performance. But without significant change, the emerging organization is essentially just a V2.0 of what existed before the crisis.

Instead, I believe that organizations need to begin a journey of transformation to become a genuinely reputation-resilient organization. 

This starts with boards and CEOs driving real change in technical crisis readiness and forcing much greater risk awareness. Addressing the more challenging risks is significantly more challenging and a much more arduous path, particularly when this comes on the heels of a crisis. But this is where real transformation takes place. So use that 20/20 hindsight to improve both aspects of your organization and transform your organization into something bigger, better, and more resilient. 

Emerge as a phoenix, not just a V2.0.