4 lessons from exercising COVID incidents and local lockdowns

We’ve just wrapped up a virtual simulation with a client’s senior management team, working through their process to handle a serious COVID incident affecting their operations and impacting a local community.

Lockdown road sign

It was a strong team which worked well together in crisis mode, and the session highlighted for me some of the challenges particular to COVID and local lockdowns that you might want to think about for your own crisis preparedness:

1. People first and foremost

A COVID incident has all kinds of impacts: operational, reputational, financial, legal and so on. While the bombshell of a COVID case will naturally send a team off working through the operational implications for their part of the business, it’s critical to remember that people need to come first in the early stages of this kind of incident (as with any incident).

This looks like:

  • providing proactive support for the individuals and families directly affected, taken ill or worse
  • visibly and consistently putting the safety of your people first in your internal and external communications
  • offering reassurance and ready answers to those who feel the secondary effects of an outbreak or a lockdown. Many of those can be worked through ahead of time: sick pay questions, contractor arrangements, social media guidance, clarity about timescales for self-isolation vs temporary office closures and so on

The reality is, the reputational and legal problems will be worse for an organisation that doesn’t – and doesn’t appear to be – prioritising safety, out of an abundance of caution.

2. Get really good at video calls

A number of our clients have been building out physical crisis “war-rooms” over the past few years, or shipping large-format wall charts to their teams around the world to use in a crisis. Structure and frameworks are great, but now – ahem, more than ever – it’s important those live in digital form, so a team can mobilise to use them wherever they are.

While you physically can be on extended video calls with your team during a crisis response, it doesn’t mean you should.

The last few months have got us all used to the basics of video meetings and the associated etiquette. But it’s worth exercising the next level of practical virtual crisis management you’ll need to have in place to manage a crisis where the key meetings and decisions are made that way.

What’s the right cadence for meeting online? How will you make and document decisions, assign actions and check they have been followed though? Who really needs to be on those calls, and how does the natural hierarchy of a ‘war room’ translate to a gallery of faces in a video meeting without being disruptive or inhibiting members of the team with important updates to contribute?

3. Keep internal and external comms in sync

A COVID situation may concern your external stakeholders and community but your staff and internal stakeholders will clearly have the greatest concerns. A lot of crisis plans and teams emphasise the external side of communication, but this is a situation where internal comms is central to getting the response right.

In a social media world, the boundary between what you say to staff and what you put into the public domain is increasingly porous. That’s particularly true of matters of safety and health, where the instinct to share or express worry, solidarity or concern is so powerful. So to keep in control of the situation, you need to keep internal and external communications tightly in sync, and not just rely on reminding your people of social media policies. Better to work on the assumption that internal communication will appear on a WhatsApp chat or a Facebook Group beyond your organisation within a few minutes of being posted. But if you prioritise external statements, staff will understandably feel aggrieved – the two have to be in sync.

Likewise, ensure you maintain consistency across your internal and external comms about the actions you’ve taken and any numbers of cases or employees asked to self-isolate, or it will quickly look like there’s something to hide.

4. Bring in legal and government/stakeholder relations early

As you work through the implications of an outbreak of coronavirus, the knock-on effects become more and more complex.

Having legal advice accessible to the crisis team early will help you establish your position, responsibilities and operational ‘wiggle room’ – since government guidance changes rapidly, and some may have legal force and penalties.

Be proactive about the potential community impact, too. COVID has a ripple effect as it impacts families, suppliers, local businesses, schools. Ultimately, you want to be on the side of the angels not the bogeyman who brought COVID into the community, and having your stakeholder or government relations colleagues at the table will help to ensure you’re keeping vocal political stakeholders and local leaders informed ahead of media about your actions as a responsible employer and corporate citizen.

Photo by Matt Seymour on Unsplash

How to get the best from virtual crisis simulation exercises

Woman using laptop on bed

The COVID-19 emergency is forcing many teams to quickly rethink how they conduct day-to-day operations and to implement processes to enable their people to work remotely as a means of halting the spread of the virus.

We’re finding that a number of our clients are opting for virtual deliveries of crisis simulations and training to reduce the risk of transporting teams to one location, and enable them to test how effectively they can mobilize their teams and manage a crisis response remotely. Because, pandemic or no pandemic, the chances are the first stages of a crisis will be managed remotely rather than conveniently around a conference table.

Mobilizing a remote team is getting easier

Plenty of teams work from home some or all of the time, and travel regularly for work. So it’s increasingly rare for designated crisis responders to find themselves in the same country – let alone the same room – when a crisis strikes. How well you can put your crisis plan into action over conference calls, collaborative online documents and team chat?

Although some have equipped a single ‘war room’ equipped with screens and white boards for displaying and capturing information during an incident, you need a contingency plan in case you’re unable to convene in the same physical location when the time comes, or to get the response moving before you’re able to co-locate.

How can you get the best from your virtual exercises? Here’s our top five tips:

1. Brief participants clearly ahead of the exercise to avoid confusion

You need to pre-brief participants to ensure they’re clear on everything required of them.

As part of the preparations for an annual full-scale exercise we deliver for a Canadian airport, the exercise facilitation team runs a detailed participant pre-briefing session using video conferencing software around one week out from the exercise covering:

  • session timings
  • contact details for conference calls and exercise participants/facilitators
  • the tools, templates and systems they will be expected to use to enact their response – this includes briefing the teams on how to use our Social Simulator platform
  • guidelines for the exercise (e.g. starting any calls with “Exercise, Exercise”) and details of how to get help during the exercise (e.g. email/phone details) 

2. Test remote mobilization with alerts and conference calls

Crises don’t all strike between the hours of 9 and 5, so remote exercises provide a valuable means for testing how quickly and smoothly crisis teams can convene and organize themselves, and whether messaging and alerting systems work in practise.

In a recent exercise we delivered for a global travel firm, we tested how quickly crisis teams in Europe and US were able to mobilize and coordinate across time zones. A call was put into one team member, who then mobilized teams on either side of the Atlantic using the company’s alert system, which included details of the secure conference line that all participants were required to dial into to conduct their first virtual team meeting.

3. Switch to collaboration software to draft and approve messaging promptly

Being in one room certainly makes it easier to discuss and draft messaging for review and approval by team leaders to ensure that they can be posted on public-facing channels promptly. How well can your team use collaborative live-editing tools like Office 365, Dropbox or Google Docs to prepare messaging together when they’re not able to look over a colleague’s shoulder?

Recent exercises we supported with Vancouver Airport and The City Of Redmond involved mobilizing virtual Joint Information Centers (JICs) to oversee the communication and public information response. Likewise, a Middle Eastern client used Google Docs to live translate messaging between English and Arabic so no time was lost getting messaging onto appropriate channels.

4. Use audio calls or video conferencing in place of physical team meetings and timeouts

Establishing a regular rhythm of meetings and timeouts is an essential way for crisis teams to ensure they:

  • Agree team priorities and check the status of priority actions
  • Verify latest known information to ensure a common operating picture is being used to inform decision-making and the development of communications materials
  • Identify areas for improvement and ‘course correct’ as appropriate
  • Assess the current team resource/responsibilities allocation and reallocate as needed
  • Handover to other teams 

In a virtual exercise, this rhythm needs to be maintained. We recently supported crisis training involving seven offices across India for an energy company, using an open Skype for Business call to bridge the teams and discuss approaches and give feedback while they worked through a scenario on our Crisis90 tool.

However, it’s important that exercises don’t become one drawn-out conference call. Once information has been shared and priority actions and deadlines agreed, allow team members to get to work and set a time for the next meeting/timeout.

Video conferencing software such as Google Hangouts, Zoom or Microsoft Teams bring people together but can prove quite distracting for larger teams and make team members feel self-conscious. A regularly scheduled audio conference call can work as well as anything, and provides an invaluable means for team activity to remain coordinated and for important information to be shared.

5. Debrief remote participants with an online survey alongside the conference call

After any exercise it’s important to debrief participants of their experiences of what worked well and to help highlight areas for improvement.

During a recent virtual exercise for a financial client, we circulated an online survey to capture feedback. We found that participants seemed more free to share more honest feedback than they might have if based in the same location in front of senior colleagues – helping unearth and address potentially significant issues.

Photo by Andrew Neel on Unsplash

Mobilizing for crisis: the benefits of longer exercises

departures board

Our typical exercises tend to run for 3 or 4 hours, often in a pair of adjoining boardrooms with good wifi, clear diaries and coffee on tap. The participants get to feel the shock and stress of dealing with something unexpected and fast-paced, and understand how well they work together as a team.

But of course, it’s nothing like a real crisis.

Recently, we’ve supported a client with a week-long incident response simulation which has been a sterner test. Though it’s been months in the planning and there was still handy wifi and catering, it’s proved to be a tougher test of a team’s preparedness than those short, sharp sessions can hope to be.

For a start, we’ve been part of the biggest crisis exercise mobilization I’ve been part of, with over 130 specialists from over 25 countries covering all the response disciplines from engineering to finance, legal to communications being gathered, briefed and transported to a Middle Eastern location off the beaten track, to back up a local team. There’s been visas, innoculations, logistics, security, catering and accommodation to be considered, just as there would be in a real-world incident response. Some of the carefully-prepared crisis management processes that work in a European or American setting needed adapting. But also like in a real-world incident, there’s been a bit more time for the team to think and respond, work around obstacles, and to spend time getting familiar with each other’s roles and styles.

On our side of things, as usual we’ve had to get up to speed on the geography, political environment, media mix and social media culture. We adapted our roleplay to reflect local influencers and norms, and made the most of some of the new features on our platform. We’ve played out malicious fake news (in Arabic!) spreading from Instagram to Twitter while a human interest video story exploded on Facebook.

Excitingly, this is one of the first simulations we’ve run with a group some of whom have been building their digital skills on our Digital Action Plan programme of workshops and online learning. We’ve been sat both sides of the curtain: part of the exercise control team but also coaching communications responders to make the most of the opportunity to deploy the techniques of a modern media response, including self-produced video and simple infographic creation, as part of their crisis communications response.

Whereas a half-day exercise can feel like a sprint, with a flurry of articles, emails and social media posts whizzing around, these longer exercises are more like marathons. Just like a real-world crisis, both the exercise control and participant teams need to pace themselves, and think about how to handle early starts, shift handovers and rest breaks. From our point of view, there’s been scope to be a bit more flexible and feed off the operational decisions made.

Testing a crisis response on this scale isn’t cheap. But it feels like a worthwhile investment for larger organisations which realise that a solid plan is no good if you’re tripped up by logistics when you come to use it. It’s been lots of learning, and fun.

Photo by JESHOOTS.COM on Unsplash

Cyber incident trends: what can you do to prepare?

As you can imagine, the last couple of years have seen us get a lot more enquiries from clients looking to stress-test their crisis preparedness. Cyber incidents are especially tricky to handle, for a number of reasons:

  • The information vacuum is more acute and extended
    It can take a while – days, potentially – for the facts of the incident to be established, but the shock and concern amongst those potentially affected ramps up as quickly as any other incident-driven crisis.
  • Mobilizing the internal team is more complex
    Depending on the nature of the incident, there can be an especially wide range of internal colleagues to involve, from technical staff to HR, legal to regulator, investor relations to media relations.
  • Scenario-planning is trickier and understanding – let alone communicating – the risks involved is harder
    Explaining the nature of the vulnerability that has been exploited is a challenge, compounded by hypotheticals and best/worst case assumptions with few known facts.

Over the last year we’ve seen a number of emerging and growing trends in real-world cyber incidents which clients are starting to use in their own resilience planning:

Stronger regulatory muscle

Last year, we saw average fines levied by the UK regulator for data breaches double to £146,000, while in the US firms such as Anthem and Uber settled large cases in the tens of hundreds of millions of dollars. The reality is that regulators are getting tougher around the world, backed up by more clear-cut expectations enshrined in law – such as the requirement in Europe to notify the authorities within 72 hours of the discovery of a personal data breach. Prepare your templates in peacetime, and think ahead of time about when you’ll disclose.

State-sponsored attacks and 0days

Hacker groups such as The Lazarus Group, believed to be aligned to the North Korean state, have gone after cash targets such as payment systems and bank networks; whereas other state-sponsored attacks have had espionage as the mission, as Marriott found to its cost. The threats emerging from undisclosed vulnerabilities (‘zero days’) are some of the most difficult to guard against, and the geopolitical scale to these attacks obviously dwarfs the resources of all but the largest corporations. The best defence is likely to be in preparation and training users to be intelligent users of technology: ultimately, it was a spearphishing attack targeted at an employee that enabled malware to be installed which affected Chile’s national ATM network.

Risks exposed by mergers and acquisitions

As IT becomes the business, not just enables it, cyber due diligence becomes ever more important. Systems integration naturally introduces the complexity of more servers in more datacenters, with more suppliers and more users involved. While the task of auditing and securing those digital empires is one for IT, there’s a resilience task to make sure the teams managing them have oversight of what there is and who is supporting and maintaining them so vulnerabilities don’t simply emerge from oversights. In a nutshell: it might be a server you inherited, but when it’s breached for want of a software patch, customers will blame the brand they recognise.

Reliance on 3rd parties in the digital supply chain

British Airways revealed the loss of almost 400,000 customers’ payment information when third party code on their online booking portal was compromised. It highlighted the challenge of modern web sites, which aren’t simply pages of content, but are composed of layers of advertising tracking scripts, third party shopping carts, and libraries that make the rich web experience we expect these days. As with state-sponsored attacks, third party infrastructure is hard to secure definitively, so the resilience task has to be ensure that your monitoring and testing regime, and links to partners in the supply chain – are strong so that you can respond quickly if code is compromised.

Shifting perceptions of what constitutes “fair use” of data

Facebook found to its cost that you don’t necessarily need to lose your users’ data to get the blame (though they’ve done that too). Convoluted data-sharing regimes which flout the spirit of the moral contract users believe they have with you can be enough to spark regulatory enquiries, fines, class action suits and customer boycott campaigns. There’s signs of a shift in perceptions of what ‘fair’ looks like as firms start to get more creative/manipulative in their use of data and users react by choosing services and tools which enable them to encrypt, delete, or block unwanted snooping. Communication has an important role to play here in being clear and frank with people about the basis on which a digital service is being offered, and how their data is used. Transparency build trust, while the drip-drip of revelations about a business model which needlessly infringes privacy can destroy it.

A cyber incident can be managed and trust restored, but lose trust with customers about your fundamental way of operating, and the damage runs much deeper – into your very licence to operate.

Your cyber incident stakeholders

In the dozens of cyber incident scenarios we’ve helped client teams to wargame using our behind-closed-doors software and roleplay service, we’ve identified patterns in the key stakeholders involved – as well as those overlooked by teams grappling with an incident of unknown scale and severity. We’ve mapped out the key groups you’ll need to have lines of communication with during a cyber incident, to ensure not only that business operations are restored quickly, but that the long term outcomes for customer trust, share price and licence to operate are positive. Take a look at our infographic, and let us know what you think.

Staying sharp in the era of fake news and Insta influencers

Since we launched Social Simulator back in 2010, we’ve seen huge changes in the social media landscape and the way that news breaks and crises are managed online. In recent months we’ve been helping clients rehearse their readiness to handle fake news and malicious digital manipulation, blend media relations with customer care, monitor international social media reaction, and co-ordinate messaging across multiple agencies.

We’ve been iterating our platform constantly, and over the last few months we’ve been taking stock of feedback from clients and roleplayers. We’re taking a big step forward this month, launching version 2.0 of our Simulator as part of a roadmap aiming to keep us at the cutting edge.

Social Simulator 2.0 has three big ideas at its core:

Evolving to reflect the digital world today

  • More use of video, images and emojis: social media today is more colourful, animated and visual than ever – not least in a crisis. We’ve been incorporating gifs and videos in our roleplay for several years, and version 2.0 of our platform makes it easier for clients to use these in their own posts
  • New Instagram-style module: the new module brings image posting, comments and hashtag search to our platform to challenge clients to ensure their monitoring and content creation can handle this platform of 800m real-world users
  • LinkedIn- and Facebook-style module refresh: we’ve refreshed the look and feel of some of our core modules to keep current with changes to their real-world counterparts
  • Richer email-style messaging: we know how important email is to an effective simulation, so we’ve added draft messages and ‘flags’ on incoming emails to help teams work more naturally in the inbox

Adapting to the changing way that crises break and are handled

  • Engaging with communities: Facebook groups are a crucial source of intelligence and a vital channel for engagement in a lot of real-world incidents – and with Facebook Workplace, an internal communication platform too. We’ve made our platform more flexible so clients can build their confidence engaging with groups as well as managing their own pages
  • Customer care: often, it’s customer care staff who are the first line of defence in a crisis, and we’re helping teams get more sophisticated in their social media customer service engagement, with direct comment replies
  • Operational status: our exercises involve participants from across the client organisation, so we’ve streamlined our ‘status’ tracking tool to show simulated movements in stock price, transport status or in-house IT house systems, to keep the whole team engaged
  • Noise and manipulation: we’ve grown and enhanced our Autopilot tool, which uses themes from real-world social media reaction, misinformation and manipulation to add volume and noise to exercises, challenging clients to verify information and tune in on the key themes

Streamlining exercise delivery and roleplay

  • Reducing repetition: we’ve made dozens of behind-the-scenes improvements to the way clients and roleplayers log in, navigate the simulator, publish news coverage and export submissions. We’ve eliminated a lot of the repetition and added tools to speed up roleplay, such as auto-tweeting media articles when they’re published, and reviewing character activity from the roleplay dashboard
  • Improved speed and reliability: we’ve moved our simulator to new infrastructure, and rebuilt many of our dashboards and control panels, so roleplay is faster and more natural
  • Unified user interface: we’ve refreshed the look and feel of the simulator to support modern web browsers better – including on smartphones and tablets. Partner-branded exercise platforms are more elegant, and labelling is more consistent to help users get started more easily with less pre-exercise briefing

We’re never done keeping our platform at the leading edge, but we reckon with this release we’re ensuring we have the best-in-class technology for crisis simulation exercises. We’d love to show it to you.

A is for Authenticity

Before fake news, there was spin, and before that, there was ‘PR’. The bottom line is, why should anyone believe you, especially when you’re trying to dig your way out of trouble?

That’s a theme which came out in an exercise I’ve just wrapped up here in South Africa, which is one of five exercises our team is running around the world today for a variety of clients. This organisation uses a thoughtful and strategic crisis management methodology to get to the real nub of the situation, not just get caught up in reacting to anything and everything.

The team got a media statement out and adapted the messaging for social media. So far, so typical. But as the crisis deepened into a reputation-threatening scenario, with a range of government, public and commercial stakeholders questioning the firm’s commitment, and not just its competence, an interesting decision was made.

A tweet was prepared by the social media team on behalf of the organisation’s leader, talking in human terms and as a local resident about the impact of the incident, his own sadness about it and what he and his team were doing. It dovetailed nicely with corporate messaging but added something extra: the authentic voice of a person in the organisation. It was nice to see that “Authenticity” is one of four values on the wall of this particular client’s crisis suite.

In some situations, you might want your CEO or technical expert to be on camera in a high vis jacket supervising a response. Or perhaps it’s about the Ambassador tweeting a selfie in front of their team on the phones visibly busy providing support for travellers in crisis (like the British ambassador did during the Paris attacks of 2016). It’s rarely enough by itself, but alongside a clear corporate statement about what’s happened and what’s being done, it adds something human and emotional. It feeds the need we have on social media for empathy. The classic example is CEO Tony Fernandes’ tweet following the crash of one of Air Asia’s planes:


But it’s often easy to forget when trying to agree corporate messages – and few corporate leaders are ready to go public quickly enough showing emotion. In today’s exercise, a lawyer stripped the humanity out of the messaging when asked to review it (our platform lets us take a ringside seat to watch the back and forth over simulated email). Luckily, in today’s fictional scenario, Comms pushed back, just as they should, and won the argument.

In the debrief, the plucky social media manager won a round of applause for their creativity and courage, and quite right too.

#MeToo – the hashtag outing sexual harassment in corporate America

As sexual harassment scandals continue to engulf corporate America, how should your organisation be preparing? 

It’s unsurprising that we’re being asked by leaders from some of the world’s largest companies to help them run their teams through training workshops and simulations based on the #MeToo scenario impacting their business.

As shown by the recent case involving Nike – which has now fired over half of its executive team due to the ongoing fallout over allegations of “conduct inconsistent with Nike’s core values” – no company can afford to adopt a ‘wait and hope’ strategy. 

The best form of crisis management is crisis prevention

Don’t wait for the dreaded phone call from a reporter looking for comment, or for the #MeToo + @[your company] tweet to appear. As custodians of your company’s reputation and strategic interests, you need to be proactive in managing the issue and ‘doing the right thing’, even if it does only constitute a ‘potential problem’ at this stage.

Two key questions you need to be asking yourself now are:

  1. Are our existing policies, processes and training fit for purpose?
    How confident are you that, as a business, you are doing everything possible to prevent and discourage inappropriate behaviour? You need to make sure that everyone – from executives to line managers and front line staff – understands what constitutes harassment and unacceptable conduct. It may even be worth employing a neutral third party to audit your existing protocol, so that there is no doubt as to the ‘objectivity’ of the findings.
  2. Are we confident that we’ll know if there is a problem?
    Sounds simple enough, but if your staff can’t or don’t tell you, then you won’t be able to act. Externally, you need to have keyword search monitoring in place so that you’ll have early sight of any public mention of your business. Internally, you need to audit and review the reporting mechanisms you have in place and check that they give you every opportunity to know if there is an issue to deal with. Apps like STOPit and Callisto can provide an anonymous two-way communications channel to help provide you with a better understanding of the size and scale of the problem, so that it can be dealt with appropriately.

Never assume ‘it’ll be alright on the night’

You need to rehearse how you will respond should the worst happen. Well we would say that, right? But that doesn’t make it any less true. You wouldn’t try to act out a play without rehearsing the script beforehand, so don’t assume that you’ll ‘know what to do’ when a crisis hits – make sure that your processes and people are ready to go should they be needed.

Five key questions you should be finding answers to – through rehearsals – are:

  1. Which roles would need to sit on the crisis team in the event of a #MeToo situation rearing its head?
    Legal and Human Resources are a given but which other functions will be required to be stood up and which can be stood down? What key actions would be included on their immediate ‘to do’ list? This is an issue that may fall outside the parameters of the typical problems that most companies respond to at a senior level, and so will need to be staffed and actioned differently.
  2. How would claims made by a current or former employee be investigated? How long could this take?
    What legal/HR process needs to be followed and will this involve any third parties? If so, do you have existing relationships with the appropriate contacts at those organisations? Could this be done in hours or would it take days?
  3. Who would we need to communicate with and what channels would we use?
    Staff should be a given, but who else will you need to communicate with? Customers? Business partners? Investors?  Would internal social platforms like Yammer or Slack be appropriate or would a more personal email from a senior executive be better? Or even a town-hall-style meeting? Would you post a statement on your Twitter and Facebook accounts or adopt a reactive approach? Every situation will require a subtly different response, but you should at least be starting to think through these questions.
  4. What would we say whilst the allegations are being investigated? We see a lot of companies fall into the age-old trap of waiting for ‘definitive information’ to appear before they feel safe in communicating internally or externally. But crisis communications is about communicating on the basis of often incomplete information. Saying nothing is not an option, as it will either be assumed you are doing nothing or simply stonewalling, so one tip is to focus on what you can talk about. That’s why proactively managing issues is so important. Initially, you may not be able to say much more than ‘we are investigating the allegations…’ but, if you have been proactive in reviewing and revising your policies and training ahead of time, that is positive evidence of action that you can draw on when other facts may be thin on the ground. And remember that this issue involves people and carries an emotional charge, so ensure that the messages you develop sound like they were spoken by an empathetic human being, rather than a corporate robot. Which brings us neatly onto…
  5. What communications materials can we prepare now? In any crisis time is a critical factor. And one of the ‘repeat offenders’ we observe during the training sessions we deliver is in the time it takes to draft messaging and get it approved internally. Developing a bank of pre-approved (and empathetic!) key messages and ‘proof points’ ahead of time should help avoid lengthy approval bottlenecks, and will help make you an active participant in the ensuing debate, rather than a passive onlooker.

Follow Chris Malpass on Twitter @Chrissocialsim

10 reactions to crisis simulations in 2017

It’s the eve before Christmas leave, and the emails are starting to go quiet. Looking back over all of our files last night, we’ve facilitated some exciting projects during 2017. But all in all, there have been some memorable moments across the board when it comes to observing participant reactions during a crisis simulation. Here, I share just a few that have caught my attention over the past twelve months.

I gift you (in Gifs):

10 reactions to crisis simulations in 2017:

1. When the simulation is a surprise and everyone realises it’s not just a meeting…


2. Trying to remember the theory taught in the masterclass two hours before the simulation


3. And suddenly you’re on the TV! 


4. When that internal email appears online in the news.. 


5. And then the share price starts dropping


6. Before a fake account starts tweeting rogue information at your customers 


7. And the response tweet is one character too long to post to Twitter 


8. Then letting out a big sigh when the exercise is over


9. Before looking around the room and realising how talented everyone in the team is


10. Knowing that you’re all the better for practicing… even if it felt too real for comfort


May next year bring many more exciting opportunities for us to train the world’s best crisis communications professionals.

Merry Christmas and Happy New Year!

It’s not a sprint, but it is a race

There is something about a breaking crisis that’s thrilling. Perhaps it’s the mystery of the unknown which keeps us intrigued, thirsty for more details. Or maybe the initial state of shock keeps us hungry for answers and information. Whatever it is, when an issue breaks it’s consuming for everyone – particularly those responsible for responding.

Working in crisis communications, I have seen a number of organisations practice their ability to respond to an issue. Like any test, it’s apparent during a crisis simulation who has done their homework. The organisations who have prepared response plans – and have studied how to mobilise them, perform the best. Those who don’t begin to come undone shortly after the action kicks off.


Because preparation and planning are key to successfully managing a crisis.

The people who staff a crisis response are the ones who drive it forward. Studies show the average person will change jobs between 12-15 times in their career*. Therefore, statistically it’s unlikely the people mobilised on day one of a response will still be working in the same positions if the issue runs long-term. It’s almost inevitable that the staff working on a crisis response will change, but the delivery expectations of the response will not. This is why staffing and record management are important elements of the crisis resilience planning process. Centralised record keeping, role based emails, and regular inventories on the staffing of a response is crucial to its ability to perform effectively in the long-term. It is unrealistic to have a person working seven days a week, 24-hours a day in a role they specialise in for a response. What happens when they need to sleep? Who takes over the workload of their substantive position? How will the job be done if they choose to leave? Is it in the plan? It needs to be. The success of the response, and the organisation, depends on it.

Organisations who continue to manage issues stemming from a crisis that happened some time ago are a testament to the importance of thorough planning. Whilst preparedness is key to handling a crisis, recovery is the overall measure of success. The handling of follow on issues or the aftermath of the initial crisis can, at times, be the largest hurdle of all. BP’s Deepwater Horizon incident in 2010 is a prime example of this, as the company continues to communicate its response and restoration efforts in the Gulf of Mexico, 6 years later. British telecom TalkTalk is another example of a long running corporate crisis, after the company was hit with a £400,000 fine in October this year for the 2015 data breach that exposed the details of 150,000 customers. To recover and restore brand reputation, the company has worked at communicating new pricing plans and rolling out services such as a voice biometric ID system to positively reframe the conversation online today. Successfully recovering from a crisis is important because ultimately a company’s reputation has a direct impact on its bottom line. Effectively recovering from a crisis requires having a plan that sets out key objectives and actions, detailing how the company will recover over time. As is clear from TalkTalk and BP cases, a planned communications response is key to managing a crisis in the long term.

Big issues rarely go away in a number of weeks. Effective planning provides companies with a sense of direction when all eyes are upon them. A good crisis response is one that involves a well-organised team who are prepared, practiced and ready to go the distance. A crisis response is not a sprint, but it is a race. No organisation can afford to be left at the start line or run out momentum part way though. Competitors will push to advance on setbacks, and every move can be replayed, analysed and scrutinised by onlookers. Investing in crisis resilience sets an organisation on track for a strong finish.  

*Data taken from a Linked in survey


#boycottbyron: reputation management once social takes hold

Social media is instantaneous. It connects us and keeps us informed in real time. It’s a sea of networks that feed off each other for information. It has the ability to create a viral sensation quickly – sometimes too fast. In an age where social media is interwoven into the fabric of everyday life, a plan for online reputation management is paramount.

Last week saw UK burger outlet, Byron Burgers, at the centre of a viral social media incident. In a nutshell, a number of people were found to be illegally working at Byron Burgers in a raid by the Home Office and were subsequently deported.  The story trended on Twitter and was covered by various  mainstream media outlets. The incident was high profile and widely discussed but, was it a crisis?

The topic started trending on the Wednesday when the story broke and was still trending the next day:

Screen Shot 2016-07-28 at 09.56.49

Like many breaking stories, I found out about this issue after it started trending on Twitter on the Wednesday afternoon. I looked at the montage of Tweets published at the time and pieced together that the story consisted of a workplace raid but the reasoning was vague. I Googled for news coverage which at that stage, returned very little. On the Thursday however, the topic had been covered by major media titles which amplified attention to the situation, and contributed to the story still to be trending on Twitter.

Hashtag #boycottbyron takes off

Users started a call to boycott the brand following the raids:Screen Shot 2016-07-28 at 15.38.14

The blame game

It’s been reported the employees involved in the incident thought they were attending a training meeting before the Home Office conducted the raid. This led people to question the company’s involvement:

Screen Shot 2016-07-28 at 09.34.40

Screen Shot 2016-07-28 at 09.36.24

Screen Shot 2016-07-28 at 09.35.40


The reporting of people working illegally at Byron Burgers reignited elements of the Brexit debate:

Screen Shot 2016-07-28 at 09.39.46

Screen Shot 2016-07-28 at 09.35.50

Screen Shot 2016-07-28 at 09.40.56

Screen Shot 2016-07-28 at 09.37.27

The backlash 

Following the story breaking, protest groups released bugs in two Byron Burger stores causing them to temporarily close. A store in the city was also closed on Monday afternoon citing a ‘technical issue’ as a public rally of approximately 200 people took place outside the shop.

Screen Shot 2016-08-02 at 10.59.37


Others seized the chance to capitalise on the story presented:

Screen Shot 2016-07-28 at 09.40.35

And of course, some tried to put a comic spin on the issue:

Screen Shot 2016-07-28 at 09.40.10

How did Byron Burgers handle the issue?

Initially they released a statement the following day:

Screen Shot 2016-07-28 at 15.30.46

After the release of bugs in stores and a public rally, Byron Burgers pinned another statement to their Twitter page:Screen Shot 2016-08-02 at 11.59.37

The initial statement was short and succinct, detailing the company’s knowledge and cooperation with the Home Office. It also took the opportunity to refer further questions about the incident directly to the Home Office. Whilst the issue was topical, the corporate channel didn’t publish any business as usual posts, but did reply to regular customer enquiries. Although other customers used replies as an opportunity to discuss the immigration issue, the corporate channel didn’t reengage with posts involving the incident.

For Byron Burgers, I believe this was, and still is, a crisis; one which may continue to rumble on for some time to come. It is also a crisis which appears to have been inflated and amplified by the wider overarching and interlinked issues of Brexit/immigration.

Byron Burgers will need to act and act quickly if it is to minimise harm to its reputation. After all reputation management is vital, as a perceived loss in reputation can lead to a decline in revenue and in turn, a bruised bottom line.

[email protected]



Not your average day in the office... filming stock footage for a counter-terrorism simulation.
Not your average day in the office… filming stock footage for a counter-terrorism simulation.

I’m Kate, and as the newest member of the Social Simulator team, I thought I’d take this opportunity to introduce myself and share my experience with you all. I have joined the team after moving to London from Australia. The motivation to move to the UK was sparked by my involvement in the Queensland Government’s emergency response to Panama Tropical Race 4, an exotic banana disease, after it was first detected in a major production area in early 2015. My communications role in the response was fast pace, versatile and challenged every element of my professional training. The experience inspired me to move abroad and pursue a role specialising in crisis communication. So here I am – pursuing that opportunity at the Social Simulator!

To give you a bit of background, I received the Bachelors of Journalism and Arts (Criminology) from The University of Queensland in Brisbane, Australia. At the time of study, I aspired to be a journalist, working as a reporter across radio and television during my final year of university. Although I liked the adrenaline rush of covering breaking stories and having a professional excuse to be nosey, overtime I decided the media world wasn’t my professional calling. Instead I realised all of the aspects I liked about journalism were integral elements of public relations. So, I leapt to the other side and started working in government corporate communications.

During my time with the Queensland Government I worked across a number of portfolios covering the accounts of economic and business development, agriculture, and biosecurity. Over various account manager positions, I developed communication strategies, provided media advice and worked on a number of government-lead crisis responses. My work with the Queensland Government was certainly varied and provided me with a raft of knowledge and experience that will serve me well across my career.

I believe each professional opportunity provides complementary learning experiences. To date the golden piece of PR advice I’ve received from a former manager is that you can’t control what the press writes – you have limited control over the individual actions of others. However, organisations can control what is officially released, such as; key messages, spokespeople and timings.  This advice is particularly relevant to successfully communicating in a crisis. In the busyness and heat of it all, take the time to stop, plan and invest resources into best delivering what you can control. Better still, contact us to test your company’s current crisis response capabilities to ensure your team is rehearsed and better prepared for whatever lies ahead!

What lessons will I learn from my time at the Social Simulator? I’ll endeavour to update you of them in due course here, on Twitter and via LinkedIn, so be sure to follow and connect with me.




Why information is power for crisis communicators

Crisis communication is essentially about informing key stakeholders – customers, staff, investors, journalists etc, about what you are doing to resolve a potentially damaging situation. After all, there is no point in doing the right things if you don’t tell anyone about it.

The integrity of the information you share is crucial, as it is this that determines the levels of credibility and authority that stakeholders attach to what you say. However, the information shared externally is only as credible as the information verified and shared internally across teams and functions.

In order to share credible and accurate information, you first need to have an effective process in place for capturing information and sharing it with relevant teams and individuals within an organisation.

As soon as a crisis comms team is mobilised, one (or sometimes more than one) team member should be allocated the role of:

  • logging latest verified information
  • keeping a log of resulting/completed actions
  • updating a simple Situation Report (SitRep) template, including details of latest verified information, latest approved messaging, priority issues, and any priority actions awaiting completion
  • sharing the SitReps with other crisis response functions at regular intervals.

Similarly, if a senior executive requests an ad hoc appraisal of the comms response to share with the Crisis Management Team or members of the Board, then a SitRep can provide a useful ‘at a glance’ basis for a detailed briefing by a comms team representative.

In a situation extending over a period of days, weeks and/or geographical locations, then online (soft) templates should be maintained in addition to hard copies. Tools such as Google Docs or SharePoint can help ensure that an information/action archive can be accessed by other teams in separate regions, or be referenced and mined as part of the post-crisis evaluation process.

The Information Manager role is critical to ensuring the smooth running of any crisis team, yet is frequently overlooked. Crisis communications is about telling the audiences that matter most to you what you are doing to manage the situation. Without credible information, it becomes extremely difficult – if not impossible – to communicate effectively.

That’s why information is the true source of power for crisis communicators.


Photo credit: diylol.com