The role of HR leaders through crisis eventsby
Today’s world is unpredictable, so it’s essential for HR professionals to lead the way when it comes to planning for crisis situations.
Following a series of high-profile crisis incidents, response protocols and planning have become a major focus for many UK businesses.
Given the varied and unpredictable nature of attacks in a modern, digital era, it is critical that HR professionals take the lead in train and educating their people to build on-the-ground resilience against a stressful scenario – no matter how small their business.
In today’s global, highly digitised, interconnected and volatile world, businesses are more likely to face a crisis event than ever before. Crisis events, which we define as a terrorist attack, cyber attack or cyber extortion, an act of industrial espionage or product tampering which incurs financial loss and/or business interruption, are ongoing risks for UK businesses.
Beyond the financial impact of crises on SMEs, which can be immediate, such events can have a lasting impact on the health and wellbeing of firms’ employees.
Businesses must carefully assess their risk exposures and, where necessary, seek expert support to ensure they have appropriate crisis response plans.
In 2018, the Skripal attack in Salisbury powerfully demonstrated the fact that no UK business is safe.
In today’s heightened threat environment, most UK cities are well primed to respond to a major incident, but no one could have anticipated that the community at the heart of this quiet Wiltshire cathedral city would be the centre of a nerve agent attack.
Businesses in central Salisbury continue to be significantly impacted by this incident, and few were adequately prepared for the prolonged closure of the main economic thoroughfare and resulting denial of access, not to mention the longer-term psychological impacts on people living and working in the area.
Looking ahead, businesses must think critically about their resilience to a worst-case scenario and how such an incident would impact their people, premises and logistical operations.
For HR leaders, the onus must be on equipping their people to respond – both in the immediate aftermath of a crisis and indeed, over the longer term.
Risks on the rise
Recent research by Gallagher on the incidence and impact of crisis events on UK SMEs found that 2018 was a particularly challenging year for smaller British businesses.
A quarter of the 1,120 SMEs we surveyed were impacted by a major crisis event last year, a 5% increase on levels recorded in 2017, equating to 1.4 million companies across the UK and a combined cost of £8.8 billion.
Prolonged absences of key personnel can prove critical, particularly for some of the UK’s smaller companies.
Data breaches, cyber attacks and cyber extortion accounted for 15% of all crisis events in 2018, as SMEs played catch up against the increasingly sophisticated world of the cyber criminal.
While it is impossible to be 100% secure and prevent cyber attacks and extortion, even for the UK’s largest companies who are able to invest heavily in their cyber defences, we need to ensure there are systems in place to support a business, no matter what size, when an incident takes place.
The key thing for SMEs is to know what to do when their business is attacked and how to mitigate the impact – whatever the scenario. Businesses must carefully assess their risk exposures and, where necessary, seek expert support to ensure they have appropriate crisis response plans.
The need for proactive planning
Generally, UK SMEs remain poorly prepared in their crisis response. Of the SMEs we surveyed, 60% had no crisis protocols in place and nearly half (49%) had no systems in place to deal with the immediate aftermath of an attack.
Of course, the nature of crisis response varies widely depending on the nature of the incident. In the event of a cyber attack, crisis protocols might involve a switchover to a back-up server, or the establishment of an alternative communications channel.
By contrast, the response to a violent terrorist attack might involve evacuation, access to medics and immediate support of staff.
HR leaders can go further to protect their people and think holistically about crisis preparedness and how to tackle areas of potential weakness in crisis planning.
Across the spectrum of crises, HR professionals must be prepared to take action and respond. Among larger businesses it is common to see management and HR teams collaborate in taking part in live exercises, a process whereby the team role-plays a major crisis event to assess necessary responses and potential areas of weakness.
This type of exercise could prove equally useful to smaller businesses seeking to stress test their reaction and response to crisis scenarios and does not need to be a costly practice.
Our research evidenced that SMEs have their people front and centre of their thinking when it comes to major incidents. Aside from casualties, the potential impact of a serious security incident on employees’ health and wellbeing is as much a priority for SMEs as the potential for denial of access or financial loss.
As the examples of the Manchester bombing and London Bridge terrorist attacks demonstrate, the threat of harm to people across UK businesses exists.
Prolonged absences of key personnel can prove critical, particularly for some of the UK’s smaller companies, many of which may not have the capacity to provide cover for employees affected by issues suffered as the result of a crisis event.
It is essential therefore that small businesses invest in insurance cover and advice specifically designed to support and protect their people, intellectual property and premises in the event of a crisis.
Supporting businesses to make decisions through a crisis
Nearly half (44%) of the SMEs we surveyed had already trained their staff to respond to incidents, evidence that preparing employees for worst-case scenarios is on the radar for small businesses.
HR leaders can go further, however, to protect their people and think holistically about crisis preparedness and how to tackle areas of potential weakness in crisis planning.
Organisations’ ability to understand what they should be doing in response to a major crisis incident is often limited, but expert help is on hand.
At Gallagher we talk about the ‘golden hours’ of a crisis – the period in which decisions made are most critical – and being able to get ahead of the curve by having resources in place to communicate and respond effectively across the company.
Access to a 24/7 crisis number (which triggers the coordination of external resources), external support to help businesses respond to new information as it comes in and the implementation of an effective communications framework, are among the most critical tools to any successful crisis management approach.
This could be as simple as having collated mobile phone numbers and created a plan to trigger an emergency group message, via Whatsapp or other messaging platform. In the event of a cyber attack, this could well be the only way to communicate with your team.
Fundamentally, thinking about risks and planning for the very worst-case scenario demands a collaborative approach.
The responsibility for response should not just sit within the company from a financial or operational risk perspective. HR leaders must take a seat at the table as they push for the best preparation and protection for their people.
Interested in this topic? Read Risk management is not just about threats, it's about innovation too.