Basil Jarrett | Do you know how vulnerable you really are?

WITH JUST 131 days gone so far in 2023, the banking and security sectors seem intent on dethroning perennial favourites – local politics – for the title of Newsmaker of the Year. If you work in any of these two industries, the last four months have certainly provided enough drama to see out the rest of your career. If you don’t, be thankful. Just don’t get too comfortable, as accidents, incidents, emergencies and crises seem to be lurking perpetually in the shadows, waiting to make you the lead story on the next evening news.

It’s not a matter of if, but when, a disaster will strike. Some are of our own doing and some are completely out of our control. But in all cases, how you manage that incident will not only determine how well you’re able to recover and resume normality, but also how long you will be saddled with the issue. Far too often, however, we tend to compound the problem by making a hash of one of the few things that we actually do have control over – our communications. Specifically, our crisis communications.

TO BE FOREWARNED

Thanks to the massive proliferation of online and traditional communication technologies today, crisis communications planning has and must become an essential part of any organisation’s risk management strategy. In the face of a crisis, companies must be prepared to communicate with all their stakeholders, even competing ones, simultaneously. This includes, obviously, customers and clients; shareholders and media; as well as regulators and employees. But to do so effectively, organisations must first identify and address their inherent vulnerabilities. This will not only help to predict and plan for the communications challenges that will accompany a crisis, but if done properly and given enough priority, may actually prevent a crisis in the first place. That’s where vulnerability audits come in.

A vulnerability audit is an assessment of an organisation’s weaknesses and vulnerabilities in the context of a potential crisis. The goal of the audit isn’t to highlight or single out who’s not doing their job, but rather to proactively identify potential risks and develop strategies to mitigate those risks. This includes identifying and assessing physical vulnerabilities, such as buildings or infrastructure, but also organisational vulnerabilities, such as communication systems and data management. In the case of the latter, for example, a vulnerability audit may identify weaknesses in an organisation’s data management system which could potentially lead to a data breach. With cyberattacks being so commonplace today, especially since the pandemic, any organisation that handles critical data must make vulnerability audits a routine part of doing business. By addressing these types of vulnerability gaps before a crisis occurs, the organisation can reduce the likelihood of a data breach and minimise the potential impact of one. To be forewarned really is to be forearmed.

MIND THE GAPS

Vulnerability audits also have a second very important value. By identifying the most critical gaps, organisations can then focus and tailor their crisis communication efforts toward addressing those specific vulnerabilities which are most likely to occur, cause the most headaches, or have the greatest impact. Let’s say, for instance, that a vulnerability audit identifies that an organisation’s physical infrastructure is at risk of damage in the event of a busy hurricane season this year. The organisation can then focus its crisis communication efforts on developing evacuation plans and procedures to ensure the safety of its employees, but can also pre-prepare communications plans aimed at delivering appropriate messaging should the need arise.

Vulnerability audits can also help organisations to comply with regulatory requirements, instead of allowing a crisis to expose their non-compliance. For example, the healthcare industry is required to have emergency plans in place to respond to public health crises, while banks and financial institutions also have to meet regulatory standards in order to protect customers’ money. By conducting routine vulnerability audits, organizations can identify potential areas of non-compliance and develop strategies to ensure that they meet these requirements in the first place.

Another key but often overlooked benefit of the vulnerability audit is that it can help to build trust with a company’s stakeholders. By demonstrating a commitment to identifying and addressing vulnerabilities, especially ones that affect staff and employee safety, organisations can show their members that they take their safety and well-being seriously. This builds trust and goodwill, which can be invaluable during a crisis.

WHEN DISASTER STRIKES

Of course, conducting a vulnerability audit is just one piece of the puzzle when it comes to crisis communications planning. And regardless of how well-oiled and well-prepared your organisation’s machinery is, something will eventually go wrong. When this happens, there needs to be a comprehensive plan in place to manage communications around the issue. This plan should include clear protocols for who will be responsible for managing the crisis, how information will be communicated to stakeholders, and what steps will be taken to mitigate the impact and protect the company’s reputation in the event of a crisis.

It must include identifying a spokesperson who is trained in crisis communications and knows how to deliver key messages under the most intense, and possibly hostile, conditions. Far too many problems are made unnecessarily worse by poor communications. Here, it is important not to downplay the value of charisma and an empathetic and genuine face. Some organisations make the mistake of trotting out their most technically astute persons, hoping that the public will trust his or her technical credentials. This often leads to a disconnect when there is a wide gap between technical astuteness and human compassion.

And that, I believe, is the challenge for many organisations: how to strike that balance between technical competence and human connectivity. The short answer may be to train your technical people to be less, well, technical. But because charisma and empathy can be difficult to teach and learn, the not-so-short answer may be to ensure that your people with the communications and human connectivity skills are well integrated into your operations and plans from the get-go. Either approach is useful, but, again, only your vulnerability audit will tell you which suits you more.

Major Basil Jarrett is a communications strategist and CEO of Artemis Consulting, a communications consulting firm specialising in crisis communications and reputation management. Send feedback to columns@gleanerjm.com.