Crisis Response Strategy Development

#Incidents Don’t Ruin #Reputations—Poor #Responses Do In any organizational #crisis, the response can have a bigger impact than the incident itself. #Cybersecurity breaches? Even more so. They don’t just hit your systems.. they test your #resilience, #trust, #transparency, and #tone. Let’s take a look at how different companies responded to major incidents, and what we can learn from them: ❌️ #Equifax (2017): Hackers accessed sensitive data of 147 million people, but the real damage came afterward. The company #delayed and waited weeks to disclose the breach, offered #unclear guidance, and #mishandled public communication. The result? Public #outrage, #lawsuits, and #billions lost. The breach was bad, but the response made it worse. ❌️ #Uber (2016, revealed in 2017): Instead of disclosing the breach, Uber #paid hackers $100,000 to cover it up and disguised it as a “bug bounty.” Once exposed, the #backlash was swift, #regulatory investigations, #reputational harm, and #leadership changes followed. A case study in what not to do. ✅️ #Microsoft (2020 SolarWinds attack): Though impacted, they didn’t hide. Microsoft #shared technical insights, #guided customers, and called for international #cooperation. Their clarity and leadership #strengthened, not weakened, their position. ✅️ #Maersk (2017 NotPetya attack): 80% of their global IT infrastructure was wiped out. But Maersk responded with #honesty, #speed, and #collaboration,restoring operations in record time. Their transparency turned crisis into #credibility. 🌩"You can’t #control the #storm, but you can control how you #sail through it." And in cybersecurity, how you respond speaks louder than what happened. 📚 So what should you #prepare in advance to #respond effectively to a crisis? ✨️ A pre-approved #crisis_communication plan with draft messages for different scenarios ✨️ #Darkweb_monitoring to detect compromised data and offer affected users early support ✨️ A list #contracts with of external #partners: legal advisors, PR firms, forensics experts, regulatory contacts ✨️ Incident #playbooks tailored to different attack types (e.g., ransomware, phishing, insider threat) ✨️ A #communication_chain with clear #roles for executives, legal, tech, and customer support ✨️Pre-established #customer_support workflows for high-volume, high-stress inquiries ✨️Regular #tabletop exercises to rehearse real-time crisis scenarios with leadership ✨️And most importantly: a #culture that values transparency, accountability, and speed 🚨"It’s not a matter of #if , but #when".. And when it happens, your preparedness is your #power.✊️ Have you seen an incident response done exceptionally well, or painfully wrong? What would you add to the preparation checklist? #Cybersecurity #CrisisResponse #Leadership #IncidentManagement #DigitalTrust #Reputation #BoardroomTalk #CxO #Governance #CyberAwareness #TechLeadership #CyberResilience

If your emergency response plan has 2 pages on communication, that's not enough. I review these plans regularly. Engineering firms with 500+ employees. Healthcare facilities managing patient safety. Educational institutions protecting students. Oil & gas companies with complex operations. Most have precisely-mapped evacuation routes. Safety protocols for every scenario. Regulatory compliance checkboxes filled. Then I flip to the communication section. Often two pages. Maybe three. "Notify stakeholders." "Issue press release." "Monitor social media." That's like saying "fly the plane" without teaching someone how to take off. Here's what those 2 pages are missing: 𝗦𝘁𝗮𝗸𝗲𝗵𝗼𝗹𝗱𝗲𝗿 𝗺𝗮𝗽𝗽𝗶𝗻𝗴 𝗯𝘆 𝘀𝗰𝗲𝗻𝗮𝗿𝗶𝗼 Not just "employees and media." Which employees? Through what channels? Who speaks to families vs. regulators vs. community members? Figure this out - the conversations you have now make it so much easier when the heat is on. 𝗠𝗲𝘀𝘀𝗮𝗴𝗲 𝗳𝗿𝗮𝗺𝗲𝘄𝗼𝗿𝗸, 𝗻𝗼𝘁 𝘀𝗰𝗿𝗶𝗽𝘁𝘀 Scripts fail under pressure. But frameworks work. C̲o̲m̲p̲a̲s̲s̲i̲o̲n̲,̲ C̲o̲n̲v̲i̲c̲t̲i̲o̲n̲,̲ ̲O̲p̲t̲i̲m̲i̲s̲m̲ with facts sprinkled in. Under stress, there's no need to guess what works. A structure with flexibility brings clarity for you - and for your audiences. 𝗗𝗲𝗰𝗶𝘀𝗶𝗼𝗻 𝘁𝗿𝗲𝗲𝘀 𝘄𝗶𝘁𝗵 𝗿𝗲𝗮𝗹 𝘁𝗿𝗶𝗴𝗴𝗲𝗿𝘀 "Significant media attention" means nothing at 8pm when social media is lighting up. You need specifics: 5+ media calls in an hour, trending in your city's top 3 media stories, employee post shared to community Facebook groups. Take away the guesswork by sorting out what is meaningful to your organization ahead of time. 𝗖𝗵𝗮𝗻𝗻𝗲𝗹 𝘀𝘁𝗿𝗮𝘁𝗲𝗴𝗶𝗲𝘀 𝘁𝗵𝗮𝘁 𝗺𝗮𝘁𝗰𝗵 𝗿𝗲𝗮𝗹𝗶𝘁𝘆 Your people check for texts before email. Parents use Facebook groups. Media monitors X. Your channels need to match where people actually go for information during a crisis. If they're out of date or have gaps, the time to rectify is now. 𝗔𝘂𝘁𝗵𝗼𝗿𝗶𝘁𝘆 𝗺𝗮𝘁𝗿𝗶𝗰𝗲𝘀 𝘁𝗵𝗮𝘁 𝘀𝘁𝗶𝗰𝗸 Who approves what, when? Not titles - actual names. Not "Communications Director" but "James can approve statements up to Level 2. Above that, call Sarah." One education client's 2-page communications section hadn't been updated since two Communications Managers ago. Their media list included retired reporters and outlets that no longer existed. We built it out to 20 useful pages. Not bureaucracy but tools. Templates they actually use, even in day to day work. Frameworks that flex with reality. Later that school year, a bus incident triggered parent concerns. The expanded plan meant they responded in minutes, not hours. Parents got answers where they looked for them. The situation was quickly contained, media didn't even pick up on it. That's the difference between 2 generic pages and being ready. What's in your communication section - real tools or wishful thinking?

If a major tech incident hit your organization tomorrow, would your executive team know how to respond? I’ve been in rooms where systems were down, information was incomplete, and every decision carried real consequences. In those moments, preparedness isn’t a binder sitting on a shelf. It shows up in the quality of leadership decision-making under pressure. There are three stages of crisis response during a cyber incident: before, during, and after. Each one requires different executive discipline. Before an incident - Clarify who has decision authority. - Align on risk tolerance at the board and executive level. - Rehearse executive communication plans. - Agree in advance on what transparency looks like during a crisis. During an incident - Avoid reactive decisions driven by fear. - Prioritize action over consensus-building. - Delegate execution to the technical experts. - Avoid speculation. Make decisions based on verified facts. After an incident - Run a rigorous, blameless review. - Fix structural weaknesses, not just surface symptoms. - Reinforce accountability without triggering defensiveness. - Institutionalize what was learned. Technology will fail at some point. That’s the nature of complex systems. What matters is whether your leadership team has already been tested before that moment arrives. #BusinessLeaders #Cybersecurity #RiskManagement #LeadershipDecisionMaking #TechnologyRisk

🎯 I just published an exploration of how military crisis communication frameworks are revolutionizing how organizations manage their most critical moments. 💡 **Here’s what military strategic communicators understand that many organizations miss:** ✅ Crisis management isn’t linear—it requires continuous OODA Loop thinking (Observe, Orient, Decide, Act) ✅ Every crisis is an opportunity to build organizational resilience, not just restore status quo ✅ Multi-domain awareness matters—modern crises don’t stay in single channels 🔥 **The convergence of military operational planning + academic crisis theory = game-changing frameworks** I’ve implemented these integrated approaches globally—from coalition environments to high-stakes government communications. The results? Faster response times, clearer stakeholder messaging, and organizations that emerge stronger from adversity. 📊 **Key frameworks we’re deploying:** - SCCT (Situational Crisis Communication Theory) with military threat assessment - Crisis Communication Management Plans (CCMPs) that actually work under pressure - Signal detection systems adapted from intelligence gathering 🌍 **This isn’t theoretical.** These are battle-tested approaches now transforming how organizations prepare for and respond to crisis. ➡️ **Want this level of crisis preparedness for your organization?** Whether you’re facing reputational threats, operational challenges, or navigating complex stakeholder environments, these frameworks can be customized for your context. **Let’s talk about building your crisis-ready organization. DM me or comment below to discuss bringing this training to your team. Read the full article: https://lnkd.in/gs4c3Gth #CrisisCommunication #StrategicCommunications #Leadership #RiskManagement #OrganizationalResilience #MilitaryLeadership #PublicAffairs #CrisisManagement #ConsultingServices Steve "Bleeder" Blevins

The fastest way to lose control in a crisis is to let others explain your silence. In a crisis, social media is a weapon. The question is: are you wielding it—or is it being used against you? I've seen brands navigate crises brilliantly on social media. And I've seen them implode because of one careless post. The difference isn't luck. It's strategy. Social media moves fast. Too fast for most crisis teams to keep up. But when used correctly, it can protect your reputation, control the narrative, and keep your audience engaged. When used poorly, it amplifies the damage and gives critics ammunition. Here's how to make social media work for you—not against you—during a crisis: 1. Stay silent if the source is unreliable. Not every fire needs your attention. Sometimes, responding to a baseless claim just gives it oxygen. Ask yourself: Is this credible? Is it spreading? Does it require our response? If the answer is no, let it pass. Reacting to noise can turn nothing into something. 2. Share with care. Every post during a crisis should be intentional. Helpful. Relevant. Clear. Before you post, ask: Could this be misunderstood? Could this make things worse? Because once it's out there, you can't take it back. And in a crisis, one poorly worded post can undo weeks of damage control. 3. Post with purpose. Random updates create confusion. Every message should align with your overall crisis communication strategy. Ask: What does our audience need to know right now? How does this help clarify the situation? If you can't answer that, don't post it. 4. Be human. Corporate-speak kills trust during a crisis. People want to know there's a real person—who cares—on the other side of the screen. If someone criticizes you unfairly, don't get defensive. Address it with empathy. If the complaint is valid, own it and explain what you're doing to fix it. Authenticity defuses tension. Deflection escalates it. 5. Monitor constantly. You can't manage what you don't see. Set up alerts. Track mentions. Watch for patterns. If misinformation is spreading, you need to know immediately—before it becomes the dominant narrative. 6. Control your channels. Don't rely on the media or third parties to tell your story. Use your own platforms—your website, your social accounts, your spokespeople—to communicate directly. Own the narrative. Don't let someone else shape it for you. Social media in a crisis is high-risk, high-reward. It can save you—or sink you. The brands that survive are the ones that move fast, communicate clearly, and stay relentlessly strategic. The ones that fail are the ones that react emotionally, post impulsively, or go silent when they should be present. In crisis, social media doesn't give you time to think. So you better have a plan before you need one.

I keep seeing people say that companies should ditch their crisis playbooks and just hire savvy communicators with executive access. Having managed nearly every type of crisis—from natural disasters to ransomware attacks to the pandemic—I strongly disagree. Yes, the days of the 3-inch crisis binder filled with outdated lists and pre-written messages for every scenario are over. Even 20 years ago, those binders rarely came off the shelf. But throwing out a playbook entirely? That’s a fast track to chaos. The biggest issue in crisis response isn’t access to reams of messaging and templates. It’s a lack of role clarity, decision-making, and processes. Companies often fail at crisis response because they haven’t established the critical elements of success, including: ✅ What differentiates an issue from a crisis ✅ How the core team is established ✅ How decisions get made and who makes them ✅ How information is shared ✅ What happens after the initial event A modern crisis playbook captures this and more. It should be simple, scannable, and approved at the highest level. And it should be practiced. Pair that with strong communicators and a strategy for handling sustained events (because business doesn’t stop just because you’re in crisis mode), and then—maybe—you have a shot at a successful outcome. Too often, I’ve seen well-meaning leaders complicate a crisis response by intervening or demanding to be part of the decision or review process when it wasn’t mission-critical and the designated team had it handled. This creates angst, slows down the team, and often waters down the response. I’ve also seen teams with role and process rigor move quickly and effectively in times of crisis. It is a thing of beauty to watch a crisis team in action when they have clear direction. Competent and savvy communicators are invaluable. But you still need a playbook.

Your Incident Response Plan will FAIL. That’s right, when you need it most – the plan will fail. Why? Not because it isn’t detailed enough… Not because it hasn’t been tested… Not because it didn’t check a box… It fails, because it’s fundamentally flawed. Why? IMO the core issue is – Cyber threats and bad actors are dynamic. Yet, most IR plans are static and rigid with steps 1 to done memorialized in documents. …written as if to combat a known and unchanging bad actor. Most IR plans I’ve reviewed -lol including some I've written in the past - were obsolete before they were even "done”. From my experience and during a crisis, teams scramble, not because they lack skill or dedication, but because their playbook is several steps behind the adversary. Most IR plans are linear and useless. So, how do we break this cycle and build a functional IR strategy? The answer lies not in crafting a more detailed plan, but in fostering a more adaptable one. Think differently… IR is NOT a plan, but rather a set of building blocks. These blocks – skills, tools, processes, and partnerships – can be dynamically assembled to minimize the damage. Skills: consider investing in ongoing, scenario-based education that emphasizes adaptability and problem-solving over rote procedure. Tools: Equip your team with flexible, interoperable tools that can be tailored on the fly to address emerging threats. Processes: Design processes that are guided by principles rather than prescriptive steps, allowing for quick adaptation to unforeseen challenges. Partnerships: Cultivate a team of external partners, from law enforcement to industry peers, ensuring you can quickly gather the right resources and intelligence. Let's pivot from drafting elaborate, wordy, static plans destined for obsolescence and failure. The future of IR is not in the plan, but in the preparation. Thoughts? #incidentresponse #IR #cybersecurity #preparation

Organizational Trauma: The Recovery Killer Your Change Plan Ignores After Capital One's 2019 data breach exposing 100 million customers' information, leadership rushed to transform: new security platforms, restructured teams, revised processes. Despite urgent implementation, adoption lagged, talent departed, and security improved more slowly than expected. What they discovered—and what I've observed repeatedly in financial services—is that organizations can experience collective trauma that fundamentally alters how they respond to change. 🪤 The Post-Crisis Change Trap When institutions experience significant disruption, standard change management often fails. McKinsey's research shows companies applying standard OCM to traumatized workforces see only 23% transformation success, compared to 64% for those using trauma-informed approaches. ❌ Why Traditional OCM Fails After Crisis Hypervigilance: Organizations that have experienced crisis develop heightened threat sensitivity. Capital One employees reported spending time scanning for threats rather than innovating. Trust Erosion: After their breach, Capital One faced profound trust challenges—not just with customers, but internally as well. Employees questioned decisions they previously took for granted. Identity Disruption: The crisis challenged Capital One's self-perception as a technology leader with superior security. 💡 The Trauma-Informed Change Approach Capital One eventually reset their approach, following a different sequence: 1. Safety First (Before planning transformation) - Created psychological safety through transparent communication - Established consistent leadership presence - Acknowledged failures without scapegoating 2. Process the Experience (Before driving adoption) - Facilitated emotional-processing forums - Documented lessons without blame - Rebuilt institutional trust through consistent follow-through 3. Rebuild Capacity (Before expecting performance) - Restored core capabilities focused on team recovery - Invested in resilience support resources - Developed narrative incorporating the crisis 4. Transform (After rebuilding capacity) - Created new organizational identity incorporating the crisis - Shifted from compliance to values-based approach - Developed narrative of strength through adversity 5. Post-Crisis Growth - Built resilience from the experience - Established deeper stakeholder relationships - Transformed crisis into competitive advantage Only after these steps did Capital One successfully implement their changes, achieving 78% adoption—significantly higher than similar post-breach transformations. 🔮 The fundamental insight: Crisis recovery isn't just about returning to normal—organizations that address trauma can transform crisis into opportunity. Have you experienced transformation after organizational crisis? What trauma-informed approaches have you found effective? #CrisisRecovery #ChangeManagement #OrganizationalResilience

"It’s very difficult to build anything if there is no perceived stakeholder need. Especially if everything seems to be running effectively. I was initially asked when I joined the firm to build the perfect risk management framework and all that it entails, from the ground up. And as you know, that would have required a fair bit of theoretical documentation, and then test and learn as we build. My street sense quickly told me that building a theoretical framework and then implementing it into the operations possibly would not have the same effect and would quickly become something for the bookshelf. We’re more rapidly in an environment where if you invest in something, you want to see a quick return. So it was about being a lot more targeted. I built aspects of the framework as the management team perceived a need or a gap. This is just an internal use of risk-informed decision-making. Where is the risk, where do we meet that? Here is a practical example: Early on when I joined the firm, we experienced a few negative PR events. Nothing more than most companies do from time to time, but we didn’t handle them well. And that was the general reflection within management. There was also an increasing awareness and acceptance that the cyber threat is ever present. We can all talk to that. And within the law industry, we are very very conscious of that. So I approached the CEO and suggested a complete overhaul of our business resilience framework including crisis response, our disaster response, cyber and data loss responses should be prioritized. My call to action was that if we accept risk events will happen, we need to be able to respond and recover with muscle memory at the time. It’s about how we recover, how we scenario, and our playbooks there. This required us to make decisions with incomplete and imperfect information and under pressure. Most of you will be aware, that’s something that lawyers are not that good at. So it’s around that muscle memory. With that response, and that need, I was advanced the funding immediately and have been supported all the way through that journey.” - Lee Sullivan, Chief Risk Officer, MinterEllison Very engaging Gartner webinar with loads of insights on the value of scenarios, response playbooks, and feedback loops in building the muscle memory of business resilience. If you missed it, check it out here: https://lnkd.in/gm3HDyTz #riskmangement #crisisresponse #businessresilience #executiveleadership

𝐈𝐧 𝐚 𝐡𝐞𝐚𝐥𝐭𝐡 𝐜𝐫𝐢𝐬𝐢𝐬, 𝐛𝐞 𝐢𝐭 𝐚 𝐩𝐚𝐧𝐝𝐞𝐦𝐢𝐜, 𝐚 𝐧𝐚𝐭𝐮𝐫𝐚𝐥 𝐝𝐢𝐬𝐚𝐬𝐭𝐞𝐫, 𝐨𝐫 𝐚 𝐜𝐲𝐛𝐞𝐫𝐚𝐭𝐭𝐚𝐜𝐤, 𝐡𝐞𝐬𝐢𝐭𝐚𝐭𝐢𝐨𝐧 𝐜𝐨𝐬𝐭𝐬 𝐥𝐢𝐯𝐞𝐬. Many hospital and health system plans are meticulously designed, yet they contain a critical vulnerability that can paralyze the entire response. 𝐓𝐡𝐞 𝐟𝐥𝐚𝐰? A plan that depends entirely on a handful of leaders at the top. When a crisis hits, what if your Incident Commander is unreachable? What if the chain of command breaks? The plan becomes a document, not an action plan. The result is delayed triage, stalled resource allocation, and ultimately, jeopardized patient care. 𝐓𝐡𝐞 𝐞𝐯𝐢𝐝𝐞𝐧𝐜𝐞 𝐢𝐬 𝐜𝐥𝐞𝐚𝐫: A 2023 𝑱𝒐𝒉𝒏𝒔 𝑯𝒐𝒑𝒌𝒊𝒏𝒔 𝑴𝒆𝒅𝒊𝒄𝒊𝒏𝒆 𝒔𝒕𝒖𝒅𝒚 found that hospitals with decentralized decision-making protocols reduced critical response activation time by over 50% during drill simulations. The 𝑾𝑯𝑶’𝒔 𝑯𝒆𝒂𝒍𝒕𝒉 𝑬𝒎𝒆𝒓𝒈𝒆𝒏𝒄𝒚 𝑭𝒓𝒂𝒎𝒆𝒘𝒐𝒓𝒌 consistently emphasizes "forward-leaning leadership" and pre-delegated authority as pillars of effective response. The solution is not another binder. It is building a culture of pre-authorized action. Here is how to engineer resilience into your health crisis plan: 𝐄𝐦𝐩𝐨𝐰𝐞𝐫 𝐂𝐥𝐢𝐧𝐢𝐜𝐚𝐥𝐥𝐲-𝐒𝐦𝐚𝐫𝐭 𝐃𝐞𝐜𝐢𝐬𝐢𝐨𝐧-𝐌𝐚𝐤𝐞𝐫𝐬 Equip charge nurses, department heads, and on-site physicians with clear, pre-approved protocols to initiate immediate actions like bed diversion, supply redistribution, or lockdown procedures without waiting for executive approval. 𝐈𝐦𝐩𝐥𝐞𝐦𝐞𝐧𝐭 𝐓𝐢𝐞𝐫𝐞𝐝 𝐀𝐜𝐭𝐢𝐯𝐚𝐭𝐢𝐨𝐧 𝐏𝐫𝐨𝐭𝐨𝐜𝐨𝐥𝐬 Not every crisis requires the C-suite. Define what specific events trigger which levels of response, empowering frontline teams to handle localized incidents while reserving system-wide alerts for major threats. 𝐓𝐫𝐚𝐢𝐧 𝐟𝐨𝐫 𝐑𝐞𝐚𝐥𝐢𝐬𝐦, 𝐍𝐨𝐭 𝐂𝐨𝐦𝐩𝐥𝐢𝐚𝐧𝐜𝐞 Move beyond tabletop exercises. Conduct unannounced, high-fidelity simulations that stress-test communication systems and force empowered staff to make critical decisions under pressure. 𝐓𝐡𝐢𝐬 𝐛𝐮𝐢𝐥𝐝𝐬 𝐭𝐡𝐞 "𝐦𝐮𝐬𝐜𝐥𝐞 𝐦𝐞𝐦𝐨𝐫𝐲" 𝐟𝐨𝐫 𝐚 𝐫𝐞𝐚𝐥 𝐞𝐯𝐞𝐧𝐭. A resilient health system is one where every tier of leadership is prepared to act decisively within their scope, ensuring continuity of care when it matters most. 𝑨𝒕 𝑹𝒊𝒄𝒌𝒔𝒉𝒂𝒘 𝑯𝒆𝒂𝒍𝒕𝒉, 𝒓𝒆𝒔𝒊𝒍𝒊𝒆𝒏𝒄𝒆 𝒊𝒔 𝒎𝒐𝒓𝒆 𝒂𝒃𝒐𝒖𝒕 𝒔𝒂𝒇𝒆𝒈𝒖𝒂𝒓𝒅𝒊𝒏𝒈 𝒑𝒂𝒕𝒊𝒆𝒏𝒕𝒔 𝒂𝒏𝒅 𝒔𝒖𝒔𝒕𝒂𝒊𝒏𝒊𝒏𝒈 𝒐𝒓𝒈𝒂𝒏𝒊𝒛𝒂𝒕𝒊𝒐𝒏𝒔. 𝑰𝒇 𝒚𝒐𝒖’𝒓𝒆 𝒔𝒕𝒓𝒆𝒏𝒈𝒕𝒉𝒆𝒏𝒊𝒏𝒈 𝒑𝒓𝒆𝒑𝒂𝒓𝒆𝒅𝒏𝒆𝒔𝒔, 𝒘𝒆’𝒅 𝒃𝒆 𝒈𝒍𝒂𝒅 𝒕𝒐 𝒔𝒉𝒂𝒓𝒆 𝒊𝒏𝒔𝒊𝒈𝒉𝒕𝒔 𝒂𝒏𝒅 𝒍𝒆𝒂𝒓𝒏 𝒇𝒓𝒐𝒎 𝒚𝒐𝒖𝒓 𝒆𝒙𝒑𝒆𝒓𝒊𝒆𝒏𝒄𝒆. #HealthCrisis #CrisisLeadership #EmergencyPreparedness #PatientSafety #HospitalAdministration #PublicHealth