Your crisis management playbook: What to do when the worst happens
- 13 September, 2017 20:00
Every CIO deals with systems outages, and more and more have endured with cyber attacks. But geopolitical threats, disasters and loss of life are inconceivable to many.
Dana Deasy, who in September will retire as CIO of the storied $99 billion financial services company JPMorgan Chase, has experienced all of those, and more.
But there’s a kicker: Most of those crises had little or nothing to do with technology itself. “If I go over my 30-year career, the vast majority of things I’ve been involved with and have had issues behind them have not been cyber-related,” Deasy said in a recent interview. “They’ve been a whole bunch of other interesting things—many of which you could have never predicted.”
[ Find out whether you have what it takes to be a next-generation CIO and how IT leaders transform their organizations for the digital era. | Get weekly insights by signing up for our CIO Leader newsletter. ]
The lessons Deasy has learned from those calamities are instructive for all IT and business leaders—particularly in a time when, no matter how confident they might be about their systems, operations and cybersecurity, they must expect to endure some form of crisis, at any given time.
The eye of the storm
In the 2017 State of the CIO study, 19 percent of IT leaders said managing IT crises was a considerable part of their job. Respondents were also asked which areas they would like to spend more time on in the next three to five years. Not surprisingly, only six percent cited IT crisis management.
But the crises they likely had in mind are commonplace. Think project failures, supplier issues, systems outages. These are all issues that CIOs should be prepared to deal with, Deasy said. Crises are something different.
“To me, a crisis is the thing that sometimes isn’t directly in your line of sight, but yet you find yourself in the middle of,” he said. “Disasters, of course, are the wild variable.”
Dan Roberts and I wrote about a number of business crises in our book, Confessions of a Successful CIO. But few, if any, executives—IT or otherwise—have faced the amount of adversity experienced by Deasy.
Deasy encountered his first crisis when he worked in the Space Systems division at Rockwell International (now part of Boeing). Seven days before the launch of a space shuttle, there was a telecommunications problem. Deasy, who was responsible for technology systems associated with the launch, had to notify mission control that the shuttle might not be able to take off on time. “I had to think, would I be the one responsible for having to say we can’t launch a space shuttle?” Deasy said. “That was a wake-up call.”
Then came one of the worst. On January 29, 1986, the Challenger—a space shuttle built and maintained by Rockwell—blew apart a little more than a minute into its tenth launch, killing all seven crew members aboard. Deasy had experienced his fair share of issues by then, but the scale of the tragedy played a significant role in his development as a leader.
“It’s very different when the role that technology may or may not have played in the problem is not clear,” Deasy said. “In those situations, we have to deal with a whole different set of problems.”
Later, at Tyco International, Deasy was part of the new leadership team brought in after top executives were convicted of larceny and fraud, and at a time when the company faced serious financial, operational and morale issues. Granted, this was a crisis of a different scale, but it was a crisis all the same. “At that time, it was about, how do I get people to work together on technology when they hadn’t worked together before?” Deasy said. “It was definitely a stress-filled time where you needed to help sort out the company in a hurry.”
Then there was BP. In April 2010, about halfway through his six-year tenure as CIO at the global oil giant, the Deepwater Horizon oil spill occurred. Deasy declined to comment specifically on that incident, but he said that the advice he provides below was influenced by that experience.
Reflecting on these and other crises he has experienced, Deasy focused on a simple truth: “There was no playbook for the day the oil spill occurred,” Deasy said. “There was no playbook for the day the Challenger happened.”
Spotting the warning signs
When people ask Deasy what keeps him up at night, he points to balance. CIOs are constantly moving from issue to issue—be it focusing on innovation, managing operations, mitigating risk, making critical decisions about staff, dealing with regulatory issues, and so on.
CIOs, he said, need to juggle all of those balls in the air, paying close attention to all factors to anticipate when problems might arise, and “looking around corners” to recognize new opportunities or threats. “I think any good CIO today has to have an early radar system that hopefully lets them know when one of those things is starting to become problematic, or to see signs where things are starting to break around you,” he said.
Deasy also said that tabletop simulations are helpful for preparing for crises, but only to a certain extent. “I always tell people, if you get overly confident that your desktop exercises are going to see you through a unique crisis, then you will be woefully unprepared to deal with it,” Deasy said.
5 steps for leading through crisis
When crises do occur, Deasy offered the following steps for CIOs:
1. Focus on the problem at hand. IT leaders must communicate with their C-suite colleagues and board members. “Absolute transparency,” Deasy recommends. “Here’s what we know, and here’s everything we don’t know.” But they must balance that with the importance of remediating the problem. Solve the problem first, then go after the root cause(s).
2. Lead from the front. A mentor of Deasy’s from Rockwell once told him, “When something goes terribly wrong, it’s how you show up at the beginning that sets the tone.” If leaders are scattered and constantly changing directions, the team will respond with similar disarray. But if CIOs remain poised and calm—despite maybe churning on the inside—“it’s amazing how quickly people will get focused,” Deasy said.
3. Understand your own limitations. “Be very clear to yourself and your team that you’re not the smartest person in the room,” Deasy suggests. Teams expect leaders to maintain their composure, but also to ask the right questions and bring the right people into the room. But they err when they think they have all the answers. “Sometimes people find themselves in the middle of a crisis and because they’re the senior person in the room, they feel that they need to carry all the expertise,” Deasy added.
4. Seek solutions from all players. Even if you have truly put the right people in the right roles, don’t limit them to those responsibilities when a crisis occurs. When leaders break down those silos, and respect the knowledge of their teams, they can find the right answers—sometimes from the least likely sources. “If you put constraints and people think they’re coming to a crisis and have to work their role, you have a huge miss,” Deasy said.
5. Balance people and priorities. Often times when a crisis occurs, everyone wants to work on it. But IT leaders must be careful to ensure that day-to-day operations continue through the crisis. At the same time, team members can burn out when dealing with a protracted crisis situation. “You have to be cognizant that the human mind and physical stamina only go so far,” Deasy said. “How do you ensure that, as people are getting ready to take a break, that you’re actually creating continuity” in cycling in other employees?
More on crisis management