I spent part of the recent weekend binge-watching series two of “The Crown” on Netflix. (Yes, I will admit, I am hooked.) One of my favorite scenes has been when the personal secretary has almost concluded his report to the queen but then says, “Ma’am, there is one more thing I must bring to your attention” and goes on to reveal some impending crisis that threatens to bring down the monarchy or bring doom and gloom on the United Kingdom and the Commonwealth.

Certainly, several CEOs of major Japanese companies have been in a similar position this year, with people coming to them with revelations that the company had been involved in some activity that was not exactly above board, or even worse to report that a whistleblower had posted something indicating malfeasance by the company on social media.

It’s everyone’s worst nightmare. A crisis.

And these corporate crises seem to be getting more frequent, don’t they? Not only in Japan. A McKinsey report analyzing headlines suggesting corporate reputation risk in the United States shows 130 instances in the 1990-1999 period increasing to 570 between 2000 and 2009, and a whopping 1,030 in the six years from 2010. A back-of-the-envelope calculation shows this to be an increase of almost 10 times.

The Economist Intelligence Unit has reported that 74 percent of respondents to a survey on risk said a crisis could significantly harm the reputation of their business, while 73 percent said a crisis could harm the financial value of their business. All of the industries surveyed report an escalation in risk and expect that reputation risk will only increase.

What is the cause of this huge jump? Has the propensity of management to mess up increased significantly over this period?

The answer lies in the definition of a crisis. The dictionary definitions suggest an upheaval or a condition of instability or danger. As a communications professional I tend to add another lens to that definition. An incident only becomes a crisis, and a challenge to corporate trust or reputation, when it encounters external scrutiny, or has the possibility to encounter external scrutiny.

In today’s world of interconnectivity, the democratization of information and smartphones and social media enables everyone to be a reporter. It is not the incompetence of management that has increased but the ability of third parties to scrutinize. The speed and amplification of risk in a world in which more than one-third of the global population are active online citizens is transforming risk.

It’s a dangerous world out there and “but it could never happen to us” is about the most dangerous thing management can say or think these days.

For decades, most industries and companies have operated with their own definition of “common sense” regarding how they operate their business. These business practices were in some cases widely known and accepted as common good operating practice.

The problem is that with the democratization of information and the lack of trust in organizations generally, the determinant of whether that practice is right or wrong is no longer someone in the company or the common sense of the industry, but it is now in the hearts and minds of the ordinary person on the local bus, so to speak. Someone who knows absolutely nothing about your company or industry but has been empowered to make comment (scrutiny) on how you run your business so they can earn clicks or have their moment of fame.

“It won’t happen to us” cannot be the default any more. Somewhere, someone may take a dislike to what you are doing. And that external crisis may be the spark that leads to a crisis. The default should be “What can I do now to minimize or head off a crisis?”

Yet my experience suggests that rather than invest $100,000 in being prepared, the preference seems to be to have to spend considerably more and suffer the reputation and trust loss when a crisis does occur.

Once a crisis happens there are too many moving parts out of your control. The speed of information will usually outstrip the speed of decision-making in your organization. You may have a CEO who is bad with the media. You may not have full access to information. All sorts of people, lawyers and PR people included, will be weighing in, telling you to do this or that. What a nightmare!

Isn’t it better to take a few simple steps to make risk mitigation a seamless part of your organization?

There are four steps I suggest business leaders look at to maximize their preparedness.

Conducting a vulnerability assessment of your systems and processes is the first step. I am constantly surprised by the number of businesses that do not do this on a regular basis.

While it can be done through an internal audit, the new benchmark of right and wrong — the person on the local bus — would seem to suggest that to have third-party eyes looking at your business from a purely objective basis is more effective. This sort of assessment will enable you to develop a scenario matrix and identify readiness gaps. Then the management team, along with the third-party reviewer, align on the priority vulnerabilities that need to be navigated and mitigated.

The next step is to map the voices that matter to you. Based on your vulnerabilities, who are the influencers and detractors that you would need to reach out to in a crisis? What are the engagements and listening opportunities?

Once again, most companies do not understand who might be their supporters and detractors and leave it to chance. In a crisis, if I were to ask “who do you know?” can you honestly answer you know the people who will have the greatest influence on your reputation?

With your priority vulnerabilities in hand and an informed idea of the landscape of the voices that matter, it is possible to create scenario playbooks for priority items and craft some messaging and materials to develop a promote-and-protect strategy and build an understanding of tactical rollout should it become necessary.

Finally, you should conduct risk and issue management simulation and training for traditional and digital channel engagement. This is the key test of whether your protocols and capabilities work. It is no use having a protocol that only the CEO may engage with the media when the CEO travels a lot and may be out of the country when a crisis breaks.

And very lastly, it is very worthwhile to establish a regular monitoring and listening capability across media and digital channels to track relevant trends impacting your industry and changes in influencers that are driving the conversations.

A crisis is truly the worst nightmare of any business leader. By their very nature they come unexpected, but most have their roots in internal practices — so good preparation can help mitigate the impact on your reputation and business.

Ross Rowbury is president and CEO of the PR agency Edelman Japan. He advises senior business executives on issues ranging from corporate branding to media strategy and internal and external communications strategy.

In a time of both misinformation and too much information, quality journalism is more crucial than ever.
By subscribing, you can help us get the story right.