There is evidence that modern management techniques can
make it more difficult to respond to a data security breach,
writes Jonathan Armstrong, partner at international law
firmEversheds.
Corporate crises of every shape are becoming more common. Maybe
10 years ago most senior business executives dealt with one or at
most two major "bet the company" events in their time at the top.
Contrast that with the life of some major business figures
today.
For example, Willie Walsh at British Airways seems to average
almost a crisis a month. We have had
Heathrow's Terminal 5, a plane crashing at Heathrow, the
aftermath of the Gate Gourmet dispute, increased fuel costs,
substances found on a plane to Moscow, the banning of liquids, lost
baggage, baggage handlers' industrial action, fog, the ban on
employees wearing crucifixes, check-in staff industrial action, the
attack on Glasgow airport, environmental protesters at Heathrow,
price fixing on fuel surcharges and the resultant class action
litigation.
This does not mean Walsh is at fault - many of these issues
started before his watch - but it does mean that today's business
leaders have to adapt to what would have been seven lifetime's
worth of crisis in the old world.
It is not just the rapidity of these crises that have changed,
but also the appetite and
ability of the media to recycle old stories. Companies and
government departments which have suffered one security breach
always have that mentioned as a previous conviction when a second
breach occurs. Breaches reported on the other side of the world
find their way onto our screens within seconds, and vice versa.
The pressure to react to a breach is greater while at the same
time we teach our leaders to be more consensual and to adapt a
coaching style of management. Often these skills are not the best
way of responding to a breach (or any kind of crisis).
Take the case of a major US corporation which suffered a
security breach. One of the senior management immediately rolled
their crisis plan into action and called all of the relevant people
into the boardroom for a crisis meeting. He went around the table
asking each member of the team what they thought the priorities
were and what they would want people to do if they were in his
shoes. He had remembered all he was taught on a "coaching the team"
away day.
As he went around the room, one of the team saw a TV news van
arrive in their car park. While the discussions continued in the
boardroom, the van's antenna went up and the crew were in reception
asking for comment. There were two main results. Firstly, the CEO
had to appear on the TV news to explain what had gone wrong without
a proper briefing from the crisis management team. Secondly, the
consensual manager was sacked by the CEO issuing the immortal
words: "You can't coach in a crisis."
Security breaches are "bet the company" incidents for many
organisations. They need proper planning in advance, a detailed
response plan and strong leadership. In times of crisis businesses
usually prefer a Churchill to a Chamberlain. The true modern
manager has to be able to adapt their style to suit the challenges
they face.
David Lacey: Crisis management is getting harder >>