Why Your Business Needs a Crisis Management Plan: Lessons from Sony

Barbara Siegel

Friday, May 08, 2015

The ability to plan for adversities that seem unlikely and improbable is a challenge for businesses and corporations. With any luck, a crisis management plan will be a documented, trained and ready to implement set of procedures that the corporation will never have to put into action until an anomalous event occurs that threatens operational continuity. However when it is needed, a crisis management plan is an essential tool, helping businesses return to operational norms as quickly as possible.

The Sony Cyber Attack

One of the best contemporary examples of effective crisis management was the incident with Sony that began on November 24, 2014. At Sony headquarters in Culver City, California, a skeleton with a text warning appeared on every employee computer screen with a warning. The hacker’s message read “We’ve already warned you and this is just the beginning. We continue until our request [be] met. We’ve obtained all your internal data including your secrets and top secrets. Determine what you will do by November the 24th at 11:00 PM (GMT).”

Unwilling to comply with the demands of the hackers, Sony had private business information, correspondence and even pre-release video and movie collateral shared virally, costing the company millions of dollars as a direct result of the cyber-attack.

At that point for Sony, the corporation headed into digital lock down with a crisis intervention plan which provided contingencies for data breach. Sony’s detailed crisis management plan states the necessity for pre-preparation and was updated in August, 2014 – just three months before their data breach: “Since some events can have a significant impact on the entire Sony Group as a whole, Sony has established a Group crisis management procedure to enable a swift and organized Group-wide response to crises as needed.”

Visit the website for details on the Sony Crises Intervention Plan. The corporation had established and trained for the kind of adverse situation it experienced in November of 2014, and was able to manage the situation and minimize further loss and data breach as a result of preparation.

Keynote Security Expert Dr. Larry Barton

Large corporations like American Airlines, Boeing, Walmart and Johnson and Johnson choose a security expert like Dr. Larry Barton to help them develop qualitative measures and crises intervention plans to help insulate against loss and ensure operational continuity.

Dr. Larry Barton was invited as a special guest keynote at Lake Forest Graduate School of Management and was onsite for our First Friday Event on May 1. Speaking to our audience of managers, business owners and corporate leaders Mr. Barton reiterated the importance of having a formalized crisis intervention plan in place. Share our pictures and read comments from the special event on Facebook.

How to Create an Effective Corporate Crisis Intervention Plan

  1. Start by planning for every possible situation that would impact the normal flow of business for your organization. This includes contingencies for natural disasters, theft and vandalism, fire, power loss, IT and network failure (or data security breach), disease outbreak in staff or infectious disease in the workplace, acts of terrorism, supply chain disruptions and public relations issues (i.e., product recalls, staff or legal problems).

 

  1. Calculate the loss and impact of each adverse event using the “worst case scenario” as a measurement of damage, monetary or reputation loss to the organization.

 

  1. Implement procedures and a plan of reaction that outlines management and staff protocols for each situation. Identify not only steps but also key personnel responsible for leading the crisis intervention. Front line responders must be trained and intervention protocols should be reviewed on an annual basis.

 

  1. Review and implement policies and procedures that could be changed now to minimize risk and exposure for the organization. Evaluate what your business can do today to reduce loss and disruption.

 

  1. Test your crisis management plan in action. Does it clearly define the roles of employees, managers and leadership in the event of a crisis? Does the plan allow for a return to regular business operations (continuity) within a reasonable period of time to reduce loss?

The experience for Sony was, among many things, a wake-up call for businesses in the United States and abroad. If a corporation with the resources and advanced security could be susceptible, so too was every other business equally vulnerable. An effective crisis intervention plan is essential to protect data and property, personnel and personal information, reputation, production and revenue.

 


 

Barbara L. Siegel

 

 

Barbara L. Siegel
Director of Marketing,
Lake Forest Graduate School of Management
LinkedIn

TwitterLinkedInPrintFriendlyShare
 

(Category: , , , , , , )