The wisest organizations have crisis plans in place at all times, but organizations that are truly prepared practice those plans through regular drills and simulations.
Remember fire drills from grade school? In reality, the likeliness of a school fire is only a little over two percent, according to the National Fire Protection Agency, but we still practiced them. Compare that to the probability of an organization experiencing a data breach, which is nearly 30 percent, according to a Ponemon Institute and IBM Security global survey. Organizations are 15 times more likely to have a data breach versus a fire but few run simulations to prepare.
By running regular crisis drills, you’re not only better prepared, but you also minimize chaos and stress for when a real disaster strikes. Your team is more likely to remain calm and focus on the needed steps to effectively mitigate the situation rather than running around with their hands in the air.
Creating a crisis drill
When creating drills and simulations, you must first develop your crisis plan. Have a process clearly mapped out that includes the steps that should be taken. You also need a pre-assigned incident response team who will be tasked with coordinating efforts. Determine your primary spokesperson and make sure your organization’s mission and story are clearly defined. These are areas you can do now that will work with every crisis scenario.
After you have your plan, you should then consider the likely crisis scenarios you may encounter. You can never predict everything, but you should absolutely be aware of what similar organizations have dealt with that you can learn from. What crises are on the rise and ones you may more likely encounter, such as data breaches? What crises are making local or national headlines?
By understanding your organization’s risks, you can then create a list of likely scenarios.
Run drills regularly
The frequency and severity of crises have increased over the last several decades, so it’s likely you’ll run into more than one emergency. With that in mind, crisis drills should be held regularly to ensure teams remain prepared.
Ideally, you should schedule drills once a year at a minimum, but given the swiftness in how crises escalate due to social media and citizen journalists, some organizations are opting for quarterly drills. Even some regulators are actively encouraging organizations to conduct regular and frequent drills, or tabletops, as they refer to them. The U.S. Treasury even created a crisis drill template for both financial institutions and fintechs to leverage for cyberattack simulations.
Make it fun and engaging
While crises are never a pleasant experience, crisis drills should be fun. It’s a great way to build stronger teams and build relationships across departments while also giving staff the confidence needed for a real crisis situation but in a low-risk environment.
It also allows your team to test out responses and processes without the fear of destroying the organization’s brand. When concluded, consider rewarding the team, like an outing or having a local brewery swing by afterwards with a pop-up bar.