Lessons learned from 2017 | Deloitte UK has been saved
Limited functionality available
The past year has cemented crises as an unavoidable part of the modern business, political and regulatory landscape. The Grenfell Tower tragedy led to national outrage at public and private sector failures, while natural disasters rocked North and Central America with Hurricane Irma and earthquakes in Mexico. Cyber-attacks continue to disrupt organisations and internal scandals pulled global businesses into the limelight for all the wrong reasons.
It is inevitable that 2018 will continue to see organisations hit by crises, so what can we learn from the past and what might this year hold? We’ve outlined our top lessons from 2017 and have predicted areas to look out for over the year aheaad.
Media focus has been erratic and unpredictable
It is becoming increasingly challenging to predict which stories will consume the news agenda. 2017 saw major business disruptions caused by crises receive varying levels of media attention with no particular rhyme or reason, while seemingly minor customer incidents dominated headlines. Social media’s role in this selective amplification cannot be ignored – with organisations finding it increasingly hard to contain a crisis once it’s reached the online public domain.
1. Understand the unpredictability and reach of social media
2. Develop a social media strategy to manage unwanted attention
Clear communication is as important internally as it is externally
Employees can be an organisation’s greatest strength, but can also be the greatest risk. Disgruntled, careless or uninformed employees can cause physical security incidents, data breaches and damage to an organisation’s reputation. Increased levels of terrorism and cyber incidents show these risks need to be understood by employees now more than ever.
1. Keep employees well-informed and promote a culture that encourages notification of incidents
2. Have clear guidelines in key areas and learn how to hold people to account
Technology resilience is key
No organisation is immune to a cyber-attack – as incidents such as WannaCry and NotPetya showed – and all organisations have a responsibility to do everything they can to continually review and enhance their approach to cyber security. Just as importantly, it is essential to have a robust process in place to ensure an appropriate response for such an event.
1. Improve the technical resilience of technology systems and complete regular back-ups
2. Have a clear response protocol ready in advance
3. Prepare for the worst to support an effective recovery – no organisation can ever be fully protected from a cyber-attack
Cyber will continue to be a challenge and grow to become a threat
Cyber incidents have plagued businesses over the last few years. In 2018 critical infrastructure is likely to be the target of cyber-attacks which could have a significant impact. As a result, there should be an increased focus on planning for critical infrastructure failures or malicious attacks, particularly for the power network, water, food distribution, telecoms and payment systems.
The introduction of the General Data Protection Regulation in May 2018 will bring hidden crises into the public domain as organisations will be forced to report cyber incidents. Failing to be transparent could have significant impacts on an organisation’s reputation, as seen in 2017.
1. Think more carefully about cyber and the connections with critical infrastructure in your business
2. Get ready for GDPR et al.
Political instability will be a factor in major crises
With Brexit talks underway, US mid-terms scheduled for November and a general polarisation in global politics, crises will become even more politicised in 2018. Players will use organisations’ crises to push agendas, blame opponents and provoke frustration at corporate malpractice or governmental failure. Political instability will continue to impact financial markets and international trade, putting pressure on global economies.
1. Remain aware of the changing political landscape and the potential consequences for your organisation
2. Consider an influencing strategy to protect your interests and align your stakeholders
Crises from within should be avoidable, but won’t be
Crises caused by internal events have been common in 2017, largely due to some form of failure in operational discipline, and this is likely to continue this year. Every organisation must be prepared to respond to past or current allegations publically, with what used to be just personnel issues now regularly in the media glare. Allegations like workplace harassment will continue to foster public distrust of businesses and the elite and form a key item on the media agenda.
1. Promote an ethical culture in your organisation to build employee and public trust
2. Prepare a strategy to handle historical allegations of internal misconduct
The inevitability of crises is a fact organisations must face in 2018. It is impossible to prevent every scenario, but steps can be taken now – from developing response plans to promoting a positive culture – to help your organisation become more resilient over the coming year.
Simon leads the UK Crisis and Resilience practice. Simon is an experienced forensic practitioner, with over 16 years’ experience as a partner. He has extensive experience of working with special committees drawn from the boards of organisations to oversee forensic reviews and investigations into sensitive incidents and circumstances which have led to public, regulatory and government scrutiny. Simon has interacted with, and overseen the preparation of reports and material that have been provided to, various regulatory bodies. Simon is also an experienced disputes practitioner, acting in court, arbitration and determination processes. He has been named by Who’s Who Legal as one of the leading experts in quantum of damages and investigations.