The history of the world is a study of crisis—natural and manmade. How well we deal with it, if at all, is what sets us apart as a species—not to mention bankruptcy.
Fire, flood, product adulteration, oil spills, airline crashes, pandemics, active shooter situations, and massive data breaches, often the result of corporate and leadership malaise, seem to be everyday occurrences. And lying in the weeds is insatiable mainstream and online media that feed off everything, exacerbating an already miserable situation.
It makes no difference if your brand has been around for one year or 100 years. Everyone is vulnerable to the slings and arrows of outrageous disasters. In fact, a crisis is virtually inevitable at some point in the life of any company. The worst thing is to believe that it can’t happen to you.
But you do have a choice. You can hunker in the bunker and wait for the storm to pass, or get ahead of the story by embracing crisis management, not as a necessary evil but as a corporate imperative that can save a company from a firestorm of public condemnation and keep a brand from falling into a bottomless pit.
Given the state of the world, this should be common sense. But too many companies are in denial. Or, they pay crisis management consultants six- or seven-figure fees to study potential vulnerabilities and come up with detailed plans on how to mitigate or avoid them, only to put 1000-page reports on the shelf to collect dust.
When they suddenly need help, they find that the guy who spearheads the crisis management team left the company five years ago, the emergency number is now a Taco Bell in Oxnard, and as a result, everyone’s running around like chickens with their heads cut off—which is a crisis in itself.
In any crisis, a company must position itself as the voice of trust and credibility to make sure both employees and customers feel safe and that the company in question is taking every step to protect them.
An unexpected crisis seems to be an opportunity for companies to shoot themselves in the foot. Take the case of some high-powered tech firms. Despite high profile data breaches, companies like Google, Apple, and Microsoft are resisting government requests for encrypted information that could uncover hackers or other cyber criminals.
The government feels lawful hacking would go a long way toward preventing data breaches and other crimes. The tech companies are convinced this is a bad idea leading down that slippery slope called violation of privacy. They see it as a digital wiretap that would only weaken their own cyber-security efforts. The result so far is a Mexican standoff with vulnerable consumers caught in the middle.
Frankly when I hear the term “crisis management” I get a mental picture of executives rearranging the deck chairs on the Titanic in a disingenuous attempt to spin the story their way. But there are valuable lessons to be learned from companies that have done things the right way, as well as from those that have mucked things up.
When I was a young reporter (and yes, that was after the invention of moveable type) I covered the 1982 Tylenol crisis in which seven people died from cyanide poisoning. At the time Tylenol was Johnson & Johnson’s most powerful product, controlling nearly 40 percent of the painkiller category. Without hesitation, the company pulled every bottle of Tylenol off the shelves—31 million bottles with an estimated $100 million value—rather then wait for evidence.
J&J immediately got ahead of the story by disseminating warnings to the public, putting up a $100,000 reward for the perpetrators, and updating the public and the press with almost daily briefings and conference calls with then-chairman James Burke.
The situation had the widest news coverage since the assassination of President Kennedy, and by handling the situation properly, J&J recovered from being the victim of a heinous crime to successfully re-establishing its brand with consumers.
In 1993, a syringe was allegedly found in a Pepsi can. It turned out to be a hoax. But rather than dismiss it as such, the company put out videos detailing the safety measures in the canning process and their CEO became a media staple.
A few years ago when ice storms savaged the East Coast and JetBlue cancelled 1,000 flights, the CEO didn’t stand there on camera blaming the weather. He apologized to customers and the company then developed its customer bill of rights.
Of course, missteps get the most attention and there have been some doozies.The classic example of how not to respond comes courtesy of BP Oil and the explosion of the Deepwater Horizon drilling rig that killed 11 people and the subsequent oil spill that ruined the livelihoods of countless thousands around the Gulf of Mexico. The lack of empathy and the cover-up on the part of the company was typified by then-CEO Tony Haywood who said in an interview, “I want my life back”—a statement that unleashed a public anger from which the company is still trying to recover.
One consistent rule of thumb is: Don’t blame the customers. That didn’t stop Lululemon founder Chip Wilson from claiming in an interview on Bloomberg TV that differences in women’s bodies were to blame for transparent yoga pants. Open mouth, insert foot!
American Apparel has also had its share. In addition to salacious emails and comments to female associates from former chairman Dov Charney, the company used Hurricane Sandy to stage a sale. People were worried about their homes and livelihoods and the company put out an email blast stating: “In case you’re bored during the storm, 20 percent off everything for the next 36 hours.” Self-promotional and pompous does not take the place of compassion.
I’d be remiss if I didn’t mention Target’s lack of reaction before, and after, its massive data breach. Security managers reportedly ignored signs of the breach and the company was slow to follow up afterwards, except to have the CEO and CIO fall on their swords.
The right way to handle a data breach came from Anthem, the nation’s second largest healthcare provider.
The company itself discovered and immediately reported the breach, and then used the media in order to get the message out to customers. At the same time they alerted the FBI and brought in a third-party to investigate.
Chipotle Mexican Grill, one of the high flyers in healthy fast food was hoisted on its own petard after hundreds of people in about 13 states were sickened by E. coli outbreaks, the source of which has yet to be determined.
The company, which in the past was quick to condemn competitors for not being natural and healthy, got a big dose of its own medicine with customers staying away in droves and sales plummeting 30 percent in the last quarter.
Chipotle quickly turned into the poster child for what not to do. It seemed most concerned with appeasing Wall Street to stop the slide in its stock price, but provided loyal customers with little information on what was going on and did nothing that would rebuild confidence in the brand.
Recently, Chipotle ran apology ads in 61 newspapers outlining food safety initiatives which now include, centralization of produce preparation, as well as a greater focus on food safety and employee practices. But whether consumers—particularly millennials who are among the chain’s most ardent patrons—like the big burritos enough to forgive the transgression remains to be seen. It’s going to be a long road back for Chipotle with some significant brand rebuilding needed.
Good public relations is the essence of crisis management. But you can’t simply spin a bad situation and expect to come out clean on the other side. There are proactive steps every company must take:
- Develop a crisis management plan with clear objectives that’s regularly updated. People have short memories and something that’s a crisis today becomes less urgent as time goes on, but still deserves the same level of attention.
- Work out a business continuity plan for all divisions and every department.
- Include crisis preparedness information in employee newsletters and emails, and set up a calling tree that can be used to communicate with employees using an out-of-town number in case local lines are down.
- Top executives must be proactive and readily available. Establish a crisis management team with staff from every part of the company. Make sure everyone is briefed on proper protocols.
- Identify a spokesperson that can be contacted for updates and make sure they’re prepared to answer all media inquiries. Some experts believe in setting up a separate media team to monitor blog and website chatter.
- Don’t get into an online bar fight with enthusiastic bloggers. Ignore rude or aggressive comments. Use social media strategically. Just try to set the record straight and help people understand the situation.
- Don’t hold back! People want honesty and transparency. If you don’t give it to them, you’re fueling the rumor mill and a second crisis is born.
- Don’t analyze crisis management from a cost/benefit perspective. You can’t view crisis management as spending money on something that might never happen. Again, it’s not a question of if but when something will happen and, when it does, how deeply it will impact the business.
- Establish an offsite mobile command center(s) in the event of natural disasters.
- Maintain constant, open communications with local, state, and federal law enforcement.
- After a crisis has passed, convene everyone involved and critique what was done well and what could be improved. It’s an opportunity to adapt plans accordingly.
I leave you with a quote from the Oracle of Omaha, Warren Buffett, who said: “It can take 20 years to build a reputation and five minutes to ruin it.”