A spotlight on Crisis Response – Egypt 2013
The current crisis in Egypt left many international companies struggling for an effective crisis response, despite it being the second such crisis in so many years.
Many companies were simply unprepared for the major disruption. Some companies, in their own words, simply believed that Egyptians had protest fatigue, and would not go back to Tahrir Square in similar numbers to 2011.
The demonstrations of late June 2013 in Cairo were the biggest the world has ever seen and left many companies lagging behind in terms of crisis response due to their unpreparedness.
Companies were rapidly faced with the need to understand a number of complex and complicated issues, where the core information was held at a local level, where the standard communication channels were severely challenged.
At the national level, the international community struggled to understand the sheer depth of anger of the Egyptian man in the street, directed against the Muslim Brotherhood, as a result of the appalling economic and volatile political situation. More importantly, international companies operating in Egypt struggled to work out what the knock-on effect might be for their businesses.
At the local level, international businesses were trying to decide whether or not to implement crisis response plans, if indeed they had any. Internally, there were worried phone calls, emails and texts trying to establish where people were, and what their plans were. Worried relatives placed additional strain on local resources when calling for updates on staff stationed in the protest zone.
Back in the UK, and elsewhere across the world, nervous parent companies and shareholders wondered what was going on and what was being done. A poorly coordinated response to a crisis can leave a company feeling bruised and vulnerable; and if the response does not include local staff, then it can create dangerous divisions that become apparent after the crisis.
The second revolution in Egypt is a classic example of the clichés that history repeats itself, and those who do not learn from the lessons of history are condemned to repeat its mistakes. But that does not invalidate their essential truth.
The Arab Spring and the upsurge in Sunni extremism in Syria and Iraq with its overspill into neighbouring countries has in the former case unsettled a region and unseated tyrants, and in the latter made the international business community increasingly nervous about either new investment, or whether or not to continue working in the region.
Egypt is a case study about the risk reward ratio, and plainly those who are better equipped and trained to deal with crises are better positioned to manage the situation to their best advantage than those who are unprepared.
During any crisis there is a tension; between allowing local personnel to handle the events in a way that it is best for the situation at hand, which generally means not placing any extra demand for resources in reporting unnecessarily to group level managers; whilst having access to the plans and information to have enough corporate oversight to ensure that the correct policies and procedures are being followed. Companies need to be able to offer the correct support as and when needed.
The first step should be to correctly assess and communicate the Risk rating of the environment in which we operate, followed by the mitigation measures necessary to reduce the operational risk to as low as reasonably practicable. This difference between the Country risk profile and the operational risk, is key to demonstrating good SRM processes.
When a regional security manager is in the heat of a developing crisis, it is perhaps not unreasonable to expect certain information to fall through the gaps, communicating both internally, to a fractured workforce with travel and communications difficulties and externally, outside of the immediate chain of command, it’s unlikely that a single email or phone call will reach all of the people all of the time.
A company’s core priority should be the safety of local personnel above communicating to a head office team many miles away. Fast-moving events mean external stakeholders are not always informed in a timely manner, with the facts often emerging after an event is over and moving into recovery.
Internally there is an immediate need to account for and notify staff of vital safety and procedural information, as well as considering the implications of any event on business continuity. Staff will likewise be looking to contribute and communicate with managers, looking for guidance on what to do and when to do it.
Country Alert State, Notifications, Evacuation Plans
ISARR provides the right information to the right people throughout the incident lifecycle, from pre-incident intelligence and planning through the notification and alert phase; to response and recovery, across the business and through all levels of management and operations.
At a strategic level; by considering in advance the potential threats and associated risks of working in any challenging environment, a business can start to map its potential responses to a given incident or event. This Security Risk Management (SRM) framework manifests itself as a suite of documents often originating at a Group level as a set of directives or guidelines, with implications throughout the business. Communicating and monitoring the application of these directives is key to effective SRM.
ISARR provides the capability to disseminate, train and test, business units on these new processes within a live clone of the client workspace. This allows a group-level understanding of the individual business unit’s readiness to deal with potential threats and local level managers can be sure that they understand what is expected of them under Group directives.
Operationally there is a need to act. ISARR becomes the central repository for all SRM information, enabling all stakeholders to refer quickly to one place and obtain the same, current verified information on; emergency plans, staff and dependants contact lists, detailed asset information and associated documents, including a comprehensive Country Alert State and Evacuation Management system that guides the organisation and key staff through the steps they need to take.
This single centralised source means that regional managers do not have to worry about pushing all of the information to external stakeholders, they can be sure that all stakeholders, with relevant permissions can access the system and see the information they need for their own part of the response. A single communication by email and sms can be sent to both internal staff and external stakeholders, with the ability for comments to be seen in a single timeline giving a ‘Commonly Recognised Information Picture’ (CRIP). The original incident can be updated periodically so that a current version of events is seen by all, top to bottom.
When the incident is over, this single stream of information, associated assets and context, can provide the basis for any root cause analysis and learning and improvement outcomes.
Reference Case Study