A crisis can hit any organisation, large or small, and perhaps of all the executive team it's the CIO who is best placed to share best practice on dealing with disaster when it occurs. CIOs have to deal with crises on an almost daily basis, which are often unexpected and can have huge consequences in terms of business operations.
Here, four IT leaders share their best practice tips for crisis management.
Keep calm and prepare for everything
Travis Perkins CIO Neil Pearce says individual IT directors have their own tactics for crisis management. "Every CIO is a bit different," he says. "The thing that I learnt, particularly during my time with BP, was that you must keep calm."
Pearce joined oil giant BP as global applications delivery manager in 2009. "I wanted to benefit from a new type of career development," says Pearce, referring to the transition from retailer Tesco. "I learnt a great deal about leadership, particularly as my time at the company coincided with the Mexico Gulf crisis."
As much as you are communicating externally, Pearce says executives also need to talk internally too. "Managers will sometimes forget that the only information the people working for the company receive about a crisis is what they hear on the news or read in the paper," he says. "Executives must make sure that proper communication takes place and that it is updated regularly."
Pearce recognises CIOs are used to responding quickly to incidents. With some challenges, IT leaders will be able to use their pre-prepared responses. So if there's a disaster recovery failover because something has gone wrong in a datacentre, the CIO will have already tested the process.
Pearce says all executives can learn from this kind of structured approach. "You can tell when people are making things up when they go along," he says. "Successful crisis management is often about that high level of preparation."
2. Give people regular updates as quickly as possible
Brad Dowden, CIO at recruitment company Airswift, says standing back and giving people space to respond is not his style. "I'm a bit more proactive," he says, suggesting executives at all levels need to be kept informed, even if that means stepping on toes.
"The key is quick and transparent communication," says Dowden. "It's one thing to have good relationships with your stakeholders, but it's another thing entirely to be able to respond effectively to incidents. Don't let a problem fester for days."
Dowden advises other business leaders to get a grip on the facts as quickly as possible. It always makes sense to put some information out to the business explaining the issue. Explain the scale of challenge, demonstrate that you are working to overcome the problem and tell the rest of the business when you will be able to provide another update.
"You don't want people questioning your approach after the disaster because they felt as if you weren't being upfront," says Dowden. "Everyone is human -- and everyone knows it's unreasonable to have an answer to every possible question straightaway. As long as you always communicate what you know, then you're halfway towards resolving the challenges in an effective manner."
3. Create a resilience strategy to cope with key problem areas
Andrew Marks, former CIO and now the UK and Ireland managing director for energy in Accenture Technology Strategy, says IT leaders have the benefit of past experience. "We expect a crisis to occur, so we put in place strategies to decrease the likelihood of problems occurring, to reduce the impact if they do take place and to respond quickly when issues arises," he says.
The key concern, says Marks, is one that will be familiar to all CIOs -- balancing risk. "That's crucial," he says. "Take cyber-security, for example. With such reliance on the internet, should it be unavailable for even a short period of time, how would your business operate? Does that mean you must invest in a private network? No it doesn't, but it does mean that changing your approach to business continuity is essential."
Marks says CIOs always need to demonstrate how their organisation will be able to be back up ahead of the competition if a period of disruption is deemed inevitable. And he says this proactive approach provides a lesson in preparation that can be learnt by all executives looking to address crisis management.
"There are probably half a dozen key things that actually could go wrong," says Marks. "Don't plan to cover all elements simultaneously. Instead, create a resilience strategy for each. If you can't do that yourself, look to an expert. There are few unique scenarios and it is likely that a third party somewhere will have lived through even the most extreme, even if no one in your organisation has."
4. Understand how great crisis management is a two-way street
Omid Shiraji, interim CIO at Camden Council, says IT leaders have many best practice experiences in crisis management to share with their peers. He says CIOs deal with problems on an almost daily basis.
"We have experience of how to deal with incidents, how to take the necessary steps to resolve issues and how the right remedial steps can stop problems reoccurring," says Shiraji. It's not all positive, however -- and Shiraji says IT leaders still have a lot to learn. Marketing people can help.
"CIOs are great at crisis management but we're not so good at presenting the issues and tailoring the message," he says. "The information we provide is often technical. Users internally and externally can be left confused by jargon and they then don't understand the actions they need to take as a result of the crisis."
Shiraji says closer working relationships between IT and marketing could create a mutually beneficial arrangement. "PR and marketing experts can help you cut the jargon and present your message clearly," he says.