How can I be sure it won’t happen to me? Lessons learned from 2017 and predictions for 2018

It is inevitable that 2018 will continue to see organisations hit by crises, so what can we learn from the past and what might this year hold? We’ve outlined our top lessons from 2017 and have predicted areas to look out for over the year aheaad.

Lessons learned from 2017

Media focus has been erratic and unpredictable 

It is becoming increasingly challenging to predict which stories will consume the news agenda. 2017 saw major business disruptions caused by crises receive varying levels of media attention with no particular rhyme or reason, while seemingly minor customer incidents dominated headlines. Social media’s role in this selective amplification cannot be ignored – with organisations finding it increasingly hard to contain a crisis once it’s reached the online public domain.

Lessons:
1. Understand the unpredictability and reach of social media
2. Develop a social media strategy to manage unwanted attention

Clear communication is as important internally as it is externally

Employees can be an organisation’s greatest strength, but can also be the greatest risk. Disgruntled, careless or uninformed employees can cause physical security incidents, data breaches and damage to an organisation’s reputation. Increased levels of terrorism and cyber incidents show these risks need to be understood by employees now more than ever.

Lessons:
1. Keep employees well-informed and promote a culture that encourages notification of incidents
2. Have clear guidelines in key areas and learn how to hold people to account

Technology resilience is key

No organisation is immune to a cyber-attack – as incidents such as WannaCry and NotPetya showed – and all organisations have a responsibility to do everything they can to continually review and enhance their approach to cyber security. Just as importantly, it is essential to have a robust process in place to ensure an appropriate response for such an event.

Lessons:
1. Improve the technical resilience of technology systems and complete regular back-ups
2. Have a clear response protocol ready in advance
3. Prepare for the worst to support an effective recovery – no organisation can ever be fully protected from a cyber-attack

Predictions for 2018

Cyber will continue to be a challenge and grow to become a threat

Cyber incidents have plagued businesses over the last few years. In 2018 critical infrastructure is likely to be the target of cyber-attacks which could have a significant impact. As a result, there should be an increased focus on planning for critical infrastructure failures or malicious attacks, particularly for the power network, water, food distribution, telecoms and payment systems.

The introduction of the General Data Protection Regulation in May 2018 will bring hidden crises into the public domain as organisations will be forced to report cyber incidents. Failing to be transparent could have significant impacts on an organisation’s reputation, as seen in 2017.

Actions:
1. Think more carefully about cyber and the connections with critical infrastructure in your business
2. Get ready for GDPR et al.

Political instability will be a factor in major crises 

With Brexit talks underway, US mid-terms scheduled for November and a general polarisation in global politics, crises will become even more politicised in 2018. Players will use organisations’ crises to push agendas, blame opponents and provoke frustration at corporate malpractice or governmental failure. Political instability will continue to impact financial markets and international trade, putting pressure on global economies.

Actions:
1. Remain aware of the changing political landscape and the potential consequences for your organisation
2. Consider an influencing strategy to protect your interests and align your stakeholders

Crises from within should be avoidable, but won’t be

Crises caused by internal events have been common in 2017, largely due to some form of failure in operational discipline, and this is likely to continue this year. Every organisation must be prepared to respond to past or current allegations publically, with what used to be just personnel issues now regularly in the media glare. Allegations like workplace harassment will continue to foster public distrust of businesses and the elite and form a key item on the media agenda.

Actions:
1. Promote an ethical culture in your organisation to build employee and public trust
2. Prepare a strategy to handle historical allegations of internal misconduct

The inevitability of crises is a fact organisations must face in 2018. It is impossible to prevent every scenario, but steps can be taken now – from developing response plans to promoting a positive culture – to help your organisation become more resilient over the coming year.