Boards have historically used the standard Enterprise Risk Management approach for dealing with crisis. ERM was overseen by the Audit Committee. Typically ERM looked at things like disaster recovery from hurricanes and expanded to oversee areas such as cyber readiness.
While these topics need to be covered, I think the real risk is the fact that we live in the age of social media and a 45 second response to mitigate corporate crisis is what is really required to preserve the company’s brand and engage appropriately with investors, customers, and employees in the community.
Looking at the old ERM format, you listed the ten most likely crisis a company would face.
For example, if you’re a restaurant, the ten terrible crisis you have to have a response for could include: food poisoning, #metoo issue, kidnapping, breach of customer info, armed attack/active shooter, etc.
In today’s world I think boards who perform their ERM and risk mitigation oversight should challenge management teams to have a pre-reviewed “on the shelf” social media response ready to go for the ten most likely risks.
Look at the difference between Starbucks’ speedy response on an alleged…
