Crisis management hits and misses: Leadership tips

Lack of preparation and planning
Some organisations still lack a tested crisis management plan. Others have plans that exist only on paper.

Key lesson: You cannot design a crisis plan during a crisis. Have someone do an independent stress test or audit of your crisis team and process to flag where your gaps are.

Helpful tip: A half day facilitated desktop exercise quickly exposes gaps and builds team confidence. Scenarios such cyber events, product/asset failures, compliance breaches and safety incidents will test your team. 

Delaying the response or denying the problem
Unclear crisis roles

Helpful tip: Someone must be clearly in charge from the outset.  Consider separating crisis team leadership from the Chair/CEO spokesperson role. CEOs are often better positioned externally, while a COO or senior executive leads crisis team operations.

Delaying the response or denying the problem
One of the most damaging mistakes is hesitation. Leaders may receive fragmented information, underestimate severity, or treat the issue as “business as usual” rather than a true crisis requiring escalation.

Helpful tip to avoid delay to avoid delay:
Use one-to-many communication tools (e.g. SMS alerts, secure messaging groups, incident platforms) to mobilise crisis teams immediately. Minutes matter.

Poor communication and lack of transparency
Silence or partial disclosure (the ‘vacuum approach’) almost always backfires. When stakeholders sense information is being withheld, rumours flourish.

Key lesson: If you don’t communicate, others will — and you may not like their version of events. 

Tone-deaf leadership responses
Insensitive language or defensive framing can overshadow the crisis itself.

Helpful tip: Have a second set of eyes review public scripts. Pre-draft empathy-first statements for foreseeable scenarios. 

Blame shifting and avoiding responsibility
Deflecting blame to individuals, contractors or customers signals a lack of integrity.

In Australia’s banking misconduct scandals, early responses often framed issues as “isolated incidents” or staff failures — a stance later rejected by the Hayne Royal Commission.

Key lesson: Stakeholders expect ownership, not excuses.

Overreacting and Escalating the Situation
The opposite of delay is panic. Heavy-handed actions, public threats, abrupt dismissals or aggressive rebuttals can inflame stakeholder reactions.

Some organisations have learned this the hard way when responding combatively to social media criticism, only to amplify backlash.

Key lesson: Calm, proportionate responses outperform emotional reactions. Test your messaging across all the groups in your stakeholder map – does it work well for all groups? 

Neglecting Key Stakeholders
Employees, regulators, suppliers and partners are often forgotten in the rush to manage media.

In several high-profile workplace safety incidents, employees learned critical information from news outlets before internal briefings, damaging morale and trust.

Key lesson: Employees are stakeholders and secondary communicators.
Helpful Tip: Maintain stakeholder maps and pre-draft internal communication templates. This will save you valuable time when the crisis hits

9. Failing to Adapt as the Crisis Evolves
Clinging to an initial narrative despite emerging evidence damages credibility. During prolonged cyber incidents, organisations that failed to update advice as new risks emerged appeared either uninformed or evasive. 
 

Key lesson: Flexibility signals competence, not weakness.

Not Learning from the Experience
Once the pressure lifts, many organisations move on without embedding lessons learned. Repeated compliance failures across sectors demonstrate what happens when post-crisis actions aren’t tracked or governed.

Key lesson: Employees are stakeholders and secondary communicators.
Key lesson: Crisis learning must be institutionalised. Helpful Tip: Track post-crisis actions through your risk systems and Audit or Risk Committee oversight.