Benchmark 1

Cyber breach is the type of crisis that companies are the most concerned about, according to a study conducted by law firm Morrison & Foerster and Ethisphere, a company that works to define and promote best practices.

Two-thirds (67 percent) of respondents to the Crisis Management Benchmarking Report said that their company’s crisis management plan addresses cyber breaches. Workplace violence or sexual harassment events were the second-most mentioned crisis events, with 56.5 percent of respondents indicating that their crisis management plan took those incidents into account.

The study notes that the appearance of cyber and sexual harassment at the top of the list stems from the fact that “both types of incidents are highly visible and front of mind for corporate executives.” Because of that high public profile, those threats pose the greatest risk to a company’s reputation.

Other topics that registered somewhat smaller degrees of concern were environmental damage (44.8 percent), government investigations (44.2 percent), intellectual property theft (40.9 percent) and terrorism (36.4 percent). However, almost one in five respondents (19.5 percent) said that their company had no crisis management plan at all.

But even though most companies have some sort of crisis management plan in place, their level of confidence in those plans isn’t as high as it could be. Only 34.1 percent of respondents said that they feel “very confident” about how useful their plan would be in the event of an actual crisis. A little over half (56 percent) said that they were “somewhat confident” about their plan being able to handle a real-life crisis, and 9.9 percent said that they were “minimally confident.”

For respondents overall, that number is considerably lower, with 19.6 percent saying they benchmark their plans more often than annually, and 50 percent saying they did a yearly review. And while all of the “very confident” organizations said they benchmark their plans in some way, 9.6 percent of the overall sample said they forego the practice.The study found that the most confident companies tended to benchmark their crisis management plans against industry best practices more frequently than their less confident peers did. A majority of “very confident” organizations (61.3 percent) said they benchmarked their plans annually, with 25.8 percent saying they did so even more frequently.

Another area in which more confident companies outrank the pack is in the importance they place on having a formal and documented crisis management team. More than nine in ten (93 percent) of very confident companies said they had such a team, as opposed to 67.2 percent of survey respondents as a whole.

More confident companies were also more likely to conduct crisis response drills, with 64.3 percent of them saying they conduct drills on key risk areas at least once per year. Only 41 percent of all respondents made the same claim.

The Crisis Management Benchmarking Report was drawn from 248 responses from senior executive in ethics, compliance, legal, communications and risk functions from both public and private companies and non-profits in areas including the U.S., Western Europe, Canada and Australia/New Zealand/Oceania. Complete results can be seen here.