Leadership Lessons for Responding to a Crisis
Most workdays move along predictably. A few unexpected challenges may arise, but we rarely find ourselves in a true crisis. When a significant disruption does occur, whether it’s a cyberattack, a key employee suddenly resigning, or a supply chain breakdown, it calls for more than routine problem-solving. It demands steady leadership, swift coordination, and clear communication.
Cyber events offer a particularly instructive example. They can strike businesses large and small, regardless of industry or preparation. Despite layers of security, a determined attacker may still find a way in. And when systems go down, email stops working, and sensitive data is at risk, the organization must respond decisively. But the principles that guide a successful response to a cyber event apply to nearly any business crisis. So, what do you do?
Ask for Help Immediately
In any crisis, don’t try to go it alone. There is no benefit in delay or in hoping the situation resolves itself. When a cyberattack is suspected, the first step is to notify your cyber insurance provider or legal counsel to access the right forensic and technical experts. Similarly, if a major client is lost or a public relations issue arises, it is essential to reach out to specialists, whether in legal, HR, financial, or communications, immediately. Leadership in crisis means knowing when to call in reinforcements.
Assemble the Right Team
Crises are not the time for silos. Success hinges on gathering the right people from across the organization. In a cyber incident, that might mean IT, HR, legal, operations, and communications working closely together. In a different type of crisis, such as a safety issue or major service failure, the necessary team may look different, but the approach is the same. Identify internal experts, assign clear roles, and maintain close coordination to ensure effective collaboration.
Communicate, Communicate, Communicate
Effective communication during a crisis requires frequent, honest, and measured responses. Stakeholders, employees, customers, vendors, and board members need to know what is happening, what is being done, and what to expect next. In the case of a cyberattack, regular updates reassure people that the issue is being addressed. The same applies to any situation that causes business disruption. Silence can cause speculation, whereas consistent communication builds confidence.
Prioritize Ruthlessly
A long to-do list is standard in a crisis, but not everything can be tackled at once. Leaders must step back, assess the situation, and determine what needs to be addressed first, second, and third. In the event of a cyber incident, restoring systems that enable communication may be the top priority. In other crises, securing emergency funding, protecting employees, or preserving customer trust may take precedence. Narrow the focus to a few core actions each day to avoid being overwhelmed and to maintain momentum.
A crisis, whatever form it takes, is a test of leadership. Whether it's a cyberattack, a legal issue, or a sudden market shift, the same core principles apply: seek help early, bring together the right people, communicate consistently, and stay focused on what matters most. These are the practices that carry businesses through uncertainty and position them to recover stronger than before.