Equifax. United Airlines. Uber. What do these three companies have in common?
The answer may not be as obvious as you think. All three faced crises in recent months, to be sure, but so did many, many others. Long before the string of negative headlines, CEO mea culpas and congressional scoldings, what bound these companies together is that they all screwed up their initial response -- and in the process took what may have been manageable events and turned them into full-fledged PR nightmares.
Our research, in fact, has shown that, in nearly every case, it is not the severity of the event itself, but rather a fumbled initial response that is the defining characteristic of any corporate crisis with staying power. For my new book Chief Crisis Officer: Structure and Leadership for Effective Public Response (ABA Publishing, 2017), we looked at hundreds of companies that confronted crises, from the physical (like an accident or plant explosion) to the virtual (like a data breach or legal matter). In every case where the event did negative reputational damage, the first few days -- sometimes weeks -- were characterized by curt, tone-deaf responses, lack of empathy or a fallback to legalistic, usually unfeeling, technicalities.
Indeed, of the major crises that have made headlines in the past decade, we couldn’t find a single event where a fumbled response didn’t play a central role in causing the event to spin out of control. Think BP, Volkswagen, or the Sony and Target data breaches. Each time, the bungled response was like pouring gasoline on a fire: it fanned the flames of public outrage, allowing the heat surrounding the event to rise to uncontrollable levels. And in this age of social media, if you are not ready to instantly respond at the speed of a Tweet or Facebook post, you’re likely to face a similar firestorm, regardless of the actual substance of the issue at hand.
And, in most cases, there is another unifying element: the crisis event in question struck so closely to the central mission of the organization that they clearly should have seen it coming. Consider the recent example of Equifax. One might reasonably expect that the one potential crisis the company should have been ready for was a data breach, given that they’re in the data business. But clearly, there was little planning at Equifax regarding how to respond publicly in the face of such event. Indeed, since the company disclosed in early September that the private data of 143 million customers had been breached, a series of self-inflicted blunders have not only torched its reputation, but -- perhaps just as damningly -- exposed the shocking lack of preparedness for this worst-case scenario.
Or consider United Airlines. As the graphic video of a passenger violently dragged off United Flight 3411 was going viral, United failed to recognize the severity of what they originally referred to as an “overbook situation.” Even after CEO Oscar Munoz tweeted out an apology “for having to re-accommodate these customers,” he “emphatically commended” employees on following protocol in a companywide email. It was only days later, after it was clear that the firestorm was only growing, that United directly apologized to the victim Munoz had initially called “disruptive and belligerent.”
Uber, too, faced a series of events touching the core of their operations, including passenger safety, the treatment of drivers and employees, and municipal regulations. Uber’s founder and recently ousted CEO Travis Kalanick earned his reputation as the bawdy boy wonder of Silicon Valley by running Uber like a frat house. When all those issues came to roost this year, Uber scrambled to outrun trouble. By the time the company came around to recognize the damage, the various scandals had transformed into a major reputational crisis.
In each case, the companies in question chose to ignore a problem until it had evolved into a full-blown crisis. More than this, in each case it was a crisis they should have seen coming: Equifax is in the data business; United Airlines and Uber in the passenger business. Going back further, consider BP’s reaction to the Deepwater Horizon oil spill. They’re in the business of drilling for oil. You mean to tell me no one in the organization ever thought about what might happen if a drilling rig caught fire and collapsed?
So what is to be done?
As a first step, companies should get over this notion that there are just too many potential crises out there to plan for any one effectively. I’ve heard this cliché repeated in the conference rooms of Corporate America for nearly two decades. It’s untrue. No matter its size, there are a limited number of scenarios -- be it 10, 30 or 50 -- that any company might face. There may be variations, of course, but the core universe is limited and definable. Figure out what those potential crises are and plan your reaction now.
Moreover, with technology facilitating response, you can execute on any of those potential crisis scenarios at the speed of Twitter, Facebook or other modern forms of communication. Crisis plans shouldn’t be binders gathering dust on corporate shelves, nor a complicated set of protocols buried in your corporate server somewhere. Technology exists today to have an executable plan accessible for a range of scenarios from any computer, tablet or smartphone. Like a football coach who has his color-coded playbook on a laminated sheet in front of him on the sidelines, your organization’s crisis team needs to have the plan at their fingertips. The right technology can alert the team, bring them together, and give them the tools, checklists and templates to craft a response at the speed of the modern crisis.
Finally, leadership. Company leadership needs to step up and put the type of planning, protocols and technology in place to ensure efficient and effective response. Just as that same football coach wouldn’t send his players onto the field and only then make up the plays, companies should take pains to ensure that tomorrow’s potential crises are part of the planning process today.