Psychology / Psychological Type
Managing in a Crisis – Denial, Discovery, Diagnosis, Development
No leader in any organization wants to be in a crisis situation but this may nonetheless happen from time to time and it is therefore wise to think about how this might be handled when the situation arises. And “crisis” as we use it here is a relative term covering not only personal crises and relatively short term and/or minor ones, but also refers to a crisis that might affect multiple people and/or have a deep and lasting impact. Hence, in these circumstances it could be a loss of a major customer, a major financial problem or a significant accident affecting one or more people at work and the leader’s job is to handle this as a priority over all other objectives. For the purposes of this article we will also use a brief running example of a significant data breach. This is a fictional case study but simply serves to illustrate how a leader may deal with the crisis at each of the four stages.
Because a crisis is often an unexpected event we can’t always fully prepare for its occurrence and we may react to it in more emotional ways, at least initially. In fact, evidence shows that just like the Elizabeth Kübler-Ross reaction to grief model, which suggests that we have the 5 stages of Denial/Isolation, Anger, Bargaining, Depression and finally Acceptance, in crisis handling there are 4 stages. These are Denial, Discovery, Diagnosis and finally Development. Let’s look briefly at each of these phases:
It may be natural to deny that something is a crisis both individually and even collectively, especially when (as a leader) we want to convey that we are running “a steady ship” but the quicker we recognize that a situation is not “normal” and is being disruptive to people or the business, so much the better. What this means in practice is that leaders need to regularly check that they are not in denial when problems arise. When this is the case this often means being overly defensive about what is happening, not being “challenging” enough about the data received about the crisis situation that is progressively unfolding and being too optimistic that a solution will (eventually) arise. In many cases denial can go on for days and even weeks, making the crisis much worse than it might have been.
Example: It is reported that a large number of customer records including their addresses and credit card details have been hacked overnight. Denial here would be to look for only possible internal company access to this data and communicate nothing beyond the department experiencing the breach.
With luck, we may only be in the denial stage for the briefest of times and can quickly get to what is often the next stage, which is “discovery”. Discovery here is fundamentally about being open-minded in the event of a crisis of any size or duration and asking as many calmly insightful questions as possible so as to gather facts and other important information about why the crisis seems to have arisen. In the cold light of day, in an article such as this, this stage sounds obvious and every leader would expect to be able to do this well. However, the stress of the crisis situation means that this stage is often “jumped over” too quickly or completely, partly because the leader typically wants to quickly get to the “diagnosis” stage as soon as he or she can, but without enough information because not enough questions have been asked.
Example: Questions about the data breach are calmly asked at this stage without pointing fingers at any one individual or organization department including when did the breach occur?, how long did the hacker have access?, who discovered the breach?, how, what is the scale of the breach?, what is the potential impact in terms of who it could affect?, is the breach potential still there and if so what can we do to fix this (even temporarily)?, who do we need to inform about the breach? Etc.
Although it is a continuation of the discovery stage the “diagnosis” stage goes a step further and looks for the most reasonable or likely reasons why the crisis has arisen in the first place and then at what some of the potential solutions or ways forward may be. For a leader questions are still the best approach here but facts and opinions gathered from the discovery stage are more likely to be “threaded together” to form hypothesis and theories about the situation and what might be done about it in future action terms. Great care needs to be taken here not to jump to single solutions that may only deal with part of the crisis or to apportion blame (which is a significant temptation in the middle of the crisis). Instead the leader should maintain an open mind and keep looking for root causes of problems as much as possible.
Example: As a result of asking questions a theory might be developed which suggests that the breach occurred when data was being backed up to an external server on a given day and the lead system administrator was on sick leave (meaning that the normal protocols were not wholly followed. This hypothesis can then be tested for reasonableness and how well it explains the crisis but may only be a foundation for diagnosis about what might need to be changed in actions terms in the future or to mitigate current and future risk.
The fourth and last “discovery” stage is the one in which a leader is looking to develop a forward strategy or series of steps that will help to deal with the crisis, whatever it may be. At this point a leader is best served to evaluate which of the inputs (both facts and opinions) seem to have the greatest efficacy and make decisions about what is specifically done, in what time frame and by whom. The main danger at this stage is to make action-based decisions entirely in isolation of what has been gathered by way of information at the discovery and diagnosis stage and/or without taking account of people’s input. This may be appropriate in a small set of dramatic crisis situations (such as a major fire in a building for example) but in most crises, which extend for hours, days and weeks, the leader’s best paths forward generally tend to the those that have evolved collaboratively.
Example: Given that “how” the data breach occurred is now well-understood, at this stage the leader would be looking to describe the breach and the path to recover from the crisis in detail with the key players involved and particular action plans of a variety of kinds to help get things back on track or to “normalize” the situation and declare the crisis over. Part of these efforts is to learn from the experience, not only in terms of why this specific data breach occurred but what we might do differently next time that something similar occurs.