Career Boosting Newsletter

Sign up now to receive your free subscription to the Cutting Edge PR e-News newsletter, packed with cutting-edge news and information specifically for PR people. You can unsubscribe at any time.

* = required

Current Newsletter

To view the current issue of Cutting Edge PR e-News, click here.

Free Articles

A great resource for learning more about key areas of public relations practice, which will help your career path. You can read about the following topics:
PR plans
PR and the internet
PR ethics
Employee communication
Change communication
Employee recognition
Crisis communication
PR management
Media relations
Event management
Corporate reputation
Core PR skills
Marketing communication
Communication measurement
Speeches and presentation
Investor relations
Visual communication

Browse free articles


"Kim, just wanted to say thanks for a fantastically informative site."

Paula Hanson


Read our testimonials

How vulnerable to a crisis are you?

Most organizational crises are predictable and preventable. About 75% of crises have been smoldering for some time – their causes are apparent, but no action has been taken to prevent them or reduce their impact. Only about half of organizations around the world have a crisis plan in place, and only about 30-50% of organizations that are hit by a crisis manage to survive.

Too often self-caused

A survey by Burson-Marsteller/Penn Schoen Berland in 2011 attributed the causes largely to indifference and cost. However, analysis by international issue and crisis expert Tony Jaques found the real causes were more likely to relate directly to poor management:

  • Poor maintenance practices
  • Human error
  • Bad planning
  • Material failure
  • Unethical or dishonest behavior
  • Unresponsive culture
  • Leadership failure
  • Poor judgment
  • Insufficient training, eg maintenance workers, designers or accountants

Jaques' conclusions were supported by analysis by the Institute of Crisis Management, which found around ¾ of all US crises in 2015 were caused by internal mismanagement/ incompetence, or other reasons that amount to the same thing:

  • 31% Mismanagement
  • 13% White collar crime
  • 8% Consumer activism
  • 6% Environmental damage
  • 6% Whistleblowers
  • 6% Executive dismissal 2
  • 5% Discrimination
  • 5% Cybercrime
  • 5% Labor disputes
  • 4% Hostile takeover
  • 3% Class action lawsuits
  • 3% Defects and recalls
  • 2% Casualty accidents
  • 3% Other


You can conduct a vulnerability analysis for your organization to better protect it against a crisis occurring. The number of crises has not necessarily increased in recent years, but the internet and social media have certainly made the business environment more volatile and therefore organizations more vulnerable.

I have been doing this recently for my organization. We are identifying the possible types of crises we could encounter and working through the steps to predict and prevent them from occurring.

You can start the crisis vulnerability analysis by defining a crisis, so you know how a crisis is different, for example, from a pseudo-crisis caused by sensationalized discussion in social media.

A crisis is any issue, problem or disruption triggering negative stakeholder reactions that can threaten the organization’s viability.

Notice that a crisis is about communicating with stakeholders, and is not an operational emergency, which is internally focused.

Types of crises

For instance, a list could be divided into groups of causes, such as:

  1. Economic, eg lack of funding, a major drop in share price or changes in government policy
  2. Informational, eg a loss of proprietary or confidential information
  3. Physical, eg breakdown or damage to vital equipment or resources
  4. Human resources, eg loss of key executives, management decision/indecision, worker sabotage
  5. Reputational, eg employee fraud, management ethics
  6. Psychopathic acts, eg product tampering, terrorism
  7. National disasters, fire, cyclones
  8. Cybercrime, hacking, online identity theft, etc.

Key points

  • It is essential in capable crisis planning to document the way the plan supports of the mission and goals of the organization.
  • By knowing how the organization creates and executes its strategic business plan, the crisis communication response plan can be developed in an honest, open. and informed way.
  • This is most important for effective stakeholder relationship management in a crisis.
  • Stakeholder relationships are the key to most crisis outcomes.

A crisis simulation being conducted in preparation for a national census.

Conducting a vulnerability analysis

Start by conducting a brainstorm with relevant staff to identify the types of crises that could happen to your organization. This may produce a proliferation of scenarios, which can be intimidating and difficult to analyze to identify patterns. However, you can bring order to the list by putting the crises into types or categories.


Once you have grouped possible crises, you can prepare a matrix to assess the most probable types of crises and their likely impact.


Step 1. Start by creating a matrix to rank common crises in terms of probability of occurrence and impact if they hit (see sample matrix above). Use the above list of common crises as a guide.

Step 2. Arrange meetings with key management across the organization. Depending on the size of your organization, these could include: C-Suite (President/CEO, CFO, COO, CIO), general counsel, corporate communication, senior divisional and regional managers, safety and risk management, human resources and investor relations.

In your meetings, ask questions such as:

  • What corporate and operational matters concern you most?
  • What kinds of sudden and smoldering crises could happen in the coming year? (review the list of common crises)
  • Do we have in place: (1) an operational crisis plan, (2) crisis communication plan and (3) business continuity plan? If not, why not? If so, have simulations been conducted? Are the plans integrated?
  • Who would be the organizational spokesperson on the most likely types of crises that could emerge, and what kind of training, if any, have they had?
  • How likely are internal issues to become public crises? What needs to be done to solve them?
  • Who are the organization?s most important stakeholders?
  • How effective is our communication (1) internally and (2) with our external stakeholders?

It is vital to get honest and open feedback from the organizational leaders you meet with about potential crises. Often, an external consultant is best to conduct the vulnerability assessment and impact analysis because managers are more likely to share their true concerns with a consultant than they are with a colleague from within the organization.

Step 3.Based on the information you gather, use the vulnerability matrix to prioritize each potential crisis in terms of its probability of occurrence, potential impact, duration and financial impact.

Step 4. After ranking the most likely crises and their potential impact on your vulnerability matrix, list your potential crises to determine the issues (1) most likely to happen, and (2) most likely to cause major financial damage. Then develop a business and financial impact analysis by estimating the short, medium, and long-term costs for potential:

  • Losses in sales, customers, profitability
  • Litigation
  • Market share loss to competition and erosion of brand/reputation
  • Union actions
  • Regulators? investigations/ legal fees/ fines/settlement costs 6
  • Value of executive time dealing with such crises, and opportunity cost – what they could have been doing otherwise.

Coordinate with other departments to help develop cost estimates for the potential crises, including matters specific to your business sector.

Step 5. Use the impact analysis to brief senior management and make recommendations for developing operational crisis management and crisis communication plans, including crisis recovery plans. The briefing may include a summary of each potential crisis, the estimated impact, alternative strategies to deal with them, and recommendations to prevent or minimize the damage to the organization.


Hard experience shows it is much easier and cheaper to prepare for and prevent crises than it is to repair and apologize after they happen. By carefully reviewing the probability of certain kinds of crises and preparing for them to happen in some form at some stage, senior management can protect the organization from serious operational damage or even failure to continue as a going concern.

The problem is that crises seldom occur to the individual organization, and in my experience senior managers don?t want to seriously think about such matters due to the cost of preparing against their occurrence and the labor time to do this effectively. Discussion on this in further articles.

Click here to go to the Free Articles Index