This module will take you through The Nature of Crisis and Disasters.
- Characteristics of Crises
- Case History: Buncefield Explosion (2005)
The information in this document is part of the Deltar
‘Level 4 Management Award in Advanced Risk and Crisis Management’
If you are dealing with the management of crisis and associated non-normal situations, you should by now have a fairly good understanding of how a security management system works, and how it can be utilised in various ways to identify potential threats, create effective risk control protocols and also create a response capability (‘contingency planning’) in the event that something goes wrong.
Whilst this three-stage management framework creates a structure within which normal security management functions can be designed and delivered (and this is an excellent method for starting off with a blank piece of paper and ending up with a fairly well-developed outline of whatever security management system you might need), they only go so far. There are times when the nature of the problem is either so great, or so unknown to us, that normal security management procedures just breakdown. Welcome to the world of Crisis Management!
Crisis Management is the study of how you deal with situations for which it is almost impossible to plan, and which at the same time create a real risk to the continued existence of your organisation. Examples that immediately spring to mind are the attacks on the World Trade centre in 9/11 (2001), Hurricane Katrina and the impact that had on New Orleans (2005), the tsunami and earthquake in Fukushima, Japan (2011). However, whilst these are incidents that grabbed the headlines across the world, it is equally possible to find examples of corporate and business disasters that required a crisis response from business security managers.
The recent terrorist attacks in Algeria (February 2013) is an example where a relatively stable (though potentially high risk) country suddenly became the scene of a major terrorist attack.
The volcanic ash from Iceland that brought air-travel across northern Europe to a halt in 2011 is another example of an incident that would normally be in the ‘Low Likelihood / High Impact’ corner of a risk matrix coming to life and having major, and potentially catastrophic, impacts.
This Module will give introduce you to the various sorts of crises that you are likely to be facing, the effects they have on your operation, and the sort of management skills that you will need to be able to respond quickly and effectively to those situations. One of the immediate impacts of a crisis is that it demands that the security team provides leadership and support to the decision-makers in your organisation, as well as maintaining your normal operational roles.
Characteristics of Crises
The word ‘crisis’ has undoubtedly become over-used in our modern world, and is often used to describe situations which although they may be serious and potentially dangerous, are not really true crisis situations.
Most definitions of ‘Crisis’ are based on three criteria:
- High Level of Threat
- Time Urgency
The high level of threat is not only concerned with the nature of the problem you are facing – whether it is terrorism, natural disaster or technological breakdown (imagine how you would be able to manage a situation if the mobile phone network was suddenly not operating), but also with the potential damage that it could cause your organisation and its operations.
In this sense, crisis management is not only about physical survival, but also reputation management and brand management. It is likely that the front page of the newspaper you are reading this morning will have at least one story about an organisation that is under threat because of weaknesses in its own management systems that have led to a genuine crisis situation which threatens its reputation and future operability. Although crises tend to be large-scale and dramatic, and it might seem that every crisis is unique, it is also true that they often share a number of characteristics, and as a start, we can divide crises into two groups, those that are caused by something outside our control, and those which are caused by weaknesses within our own operations.
We usually think of ‘management’ in terms of controlling something, but the truth is that in the modern day, the world is so complex and inter-connected that there are many aspects of our lives – perhaps most of them – over which we have little control. We can’t control the internet, or the mobile phone system, or ATM’s where we draw money from the bank. We can’t control weather systems or climate change, or solar flares or flooding. It is for this reason that to a large extent the things that cause potential crises are events over which we have no influence, and so it is important that we are able to identify what they are, and how we can best prepare ourselves to respond to them in the event that they do take place. Although such incidences are rare, they are still predictable, and it is one of the responsibilities of the security manager to identify potential crises, consider how they could impact on their operations, and prepare as well as possible to respond in an effective manner in the event that they are triggered.
Although we often consider a crisis as something that happens very suddenly, and which is outside our control, it is also true that there are many times when a crisis develops over time, and can be labelled a ‘creeping crisis’. The pattern of development is often the same – there are minor incidents which are signs that a potential crisis is occurring, which are then ignored, and then a slightly bigger problem occurs and the organisation decides to do something about it, but then the problem goes away again, and so the organisation concentrates on something else – and then there is a major crisis, and they have no choice but to do something about it.
Actually, there is very little difference between the organisational response to such warning and our own personal behaviour in real life. It is probably not much different than when we have a tooth ache – we ignore it until it becomes so painful that we have to make an appointment with the dentist – and then if the pain goes away, we might well cancel the dentist appointment. Or there might be a leak in your pipes, but we do nothing until that turns into a major flood. In much the same way, when we analyse corporate crises, it is almost always the case that rather than being a sudden event over which they had no control, the crisis, at least in retrospect, can be seen as a being the final stage in a process that involved a series of warning incidents that became increasingly serious, and which were consistently ignored.
Case History: Buncefield Explosion (2005)
Whatever the development process of a crisis might be, the fact is that once it is triggered, it causes a serious threat to the continued existence of an organisation. A good example of how a crisis can be triggered by events that are outside of your control is the Buncefield explosion on 11th December 2005. One of the main fuel storage centres for Heathrow airport, the explosion of the fuel storage tanks were reported to be the largest explosion in Europe since the end of the Second World War (1945). It had a measurement of 2.4 on the Richter scale (equivalent to a small earthquake), and could be heard as far away as Belgium, France and Netherlands.
The impact of the explosion was immediate, but from a crisis management perspective it is a good example of how many different areas of operation were affected by the incident. The explosion itself, and the fear of further explosions, led to the major evacuation of 2,000 people from surrounding villages. The smoke from the fires meant that a number of major roads had to be closed, including the M1, and a number of flights had to be rerouted as they were coming into Heathrow airport. There were health issues, as people were affected by smoke inhalation, and there was also fears concerning the level of toxic chemicals in the air, as well as the run off of toxic chemicals into the water supply, due to the water being used by the fire brigade to control the fires.
Local businesses were also affected, as there was a cordon that was put around the area, affecting their ability to get to their own offices, and of course there were many businesses that were situated close to the explosion that were completely destroyed.
The official report into Buncefield identified around ninety businesses that were seriously affected, with costs of up to £550 million (p. 25). Although Buncefield was a massive event, it was a typical example of any crisis in that it affected a wide range of people, and demanded a multi-agency approach in responding to it, that meant that many different organisations had to work together to develop and deliver a post-event recovery plan. Its effects were also felt for a long time after the actual explosion, and some organisations affected it by it never really recovered. These are issues that are common to any crisis, however big or small, and which will be studied in the following sections.