A Changing Information Environment
Over the past year, the USA has seen the results of longer-term shifts in the information environment, which has become highly disaggregated. Americans across the political spectrum are increasingly turning to alternative, personality-driven and independent media sources, heavily relying on podcasts, newsletters and social media as primary news outlets. This shift has provided Americans with a diverse range of narratives about current events from a variety of sources – while pitting online talk shows and podcasts primarily designed to entertain with a point of view against mainstream media outlets bound by editorial standards and journalistic rigour. Growing distrust in institutions, including the press, has exacerbated the rising influence of these channels, while, at the same time, their proliferation has increased the potential for misinformation. For crisis mitigation and management, this new information landscape presents both a significant challenge and, if understood and harnessed correctly, an opportunity to engage and persuade key stakeholders during periods of intense scrutiny.
Many Voices, One Message
There have never been more ways to own and tell a story – meaning crises can no longer be easily managed in isolation, let alone privately and quietly. Additionally, in today’s environment, anyone and everyone has a microphone via social media. Crises can emerge and escalate on any platform, at any time, so organisations must prepare for how to address the many voices and pressures these channels may amplify. A key aspect of modern crisis management is determining where and how to engage stakeholders effectively and ensuring that defences are ready to be deployed swiftly across all relevant channels.
Regulated Industries Under Fire
Highly regulated and/or government-funded industries are typically the most vulnerable to crises in the USA. For example, industries involving consumer health and safety, such as airlines, health insurers and others, have faced a host of controversies and crises over the past year. This has also been a trend within higher education, where political debates and protests have played out on campuses, and an unprecedented number of university presidents have been summoned to testify before Congress. With the changing US Administration and new federal directives related to diversity, equity and inclusion (DEI), coupled with newly empowered activist pressures, companies face a reigniting of complex, highly visible, and socially and politically fraught discussions from both internal and external audiences. In contending with these issues, the education sector in particular has to consider a unique set of stakeholders and expectations around freedom of speech and academic freedom, both of which complicate their crisis response.
Crisis Prevention is Crisis Preparation
To protect against future crises, it is crucial for organisations and institutions to learn from each crisis experience, being careful to incorporate lessons into future preparations. Further, they should be careful to think ahead about issues and scenarios playing out in other sectors that could impact them down the line, whether DEI, continued geopolitical unrest, immigration and visa issues, tariff and antitrust policy, and more. Planning ahead about what positions they want to take on complicated or sensitive topics and how they will want to communicate with their various stakeholders can help mitigate future crises.
M&A activity tends to fluctuate during corporate crises, with some companies leveraging the moment to acquire assets at lower valuations. There are numerous examples of this in recent US history, including during the dot-com bubble burst, the 2009 global financial crisis and the COVID-19 pandemic.
Integrating Legal Counsel Into Crisis Management
Every issue is different and will have its own set of legal and regulatory considerations in the USA. For example, in a cybersecurity incident, there are multiple sets of obligations at the state, federal, and even contractual level that dictate how an organisation must respond or disclose information. Understanding such laws, and how they apply to the situation at hand, is critical and necessitates deep collaboration with legal teams. Furthermore, a crisis incident in and of itself will often lead to litigation, regulatory scrutiny, or an enforcement action. This is why any organisation facing a crisis must have in-house and outside legal counsel as part of their core crisis team, not only to address compliance with the law itself, but also to consider and mitigate potential future liability risks.
There is no applicable information in this jurisdiction.
Integrating Government Affairs Into Crisis Management
Whether regulatory officials or elected representatives, the government at the federal, state and local level can often plays a significant role in crisis management and preparation, particularly for regulated industries that are inherently closely connected with governmental entities. The specific agencies involved will depend on the nature of the crisis, but every crisis response framework should include government affairs and these specific audiences as key stakeholders. Bringing in an experienced government relations team helps ensure all communications or other response protocols are filtered through the lens of this important constituency, protecting a company’s reputation among – and relationship with – these authorities.
Oversight by Public and Private Bodies
Some of the government agencies and regulatory bodies that oversee crisis management preparedness for companies and public bodies include the Federal Emergency Management Agency (FEMA), the Securities and Exchange Commission (SEC), the Cybersecurity and Infrastructure Security Agency (CISA), and the Federal Reserve & Office of the Comptroller of the Currency, which ensures that financial institutions maintain contingency and disaster recovery plans.
Some industry and private sector organisations that serve in the same capacity across various industries include the Business Continuity Institute (US Chapter), the American National Standards Institute’s National Emergency Management Standards and the Financial Stability Oversight Council.
Publicly traded companies in the USA are required by the SEC to disclose material risk factors in their public filings, including in annual reports or through a Form 10-K, meaning they must identify and explain to investors the most significant events, risks or financial factors that could potentially affect their business, operations and financial condition. As it relates to cybersecurity, for example, the SEC mandates that publicly traded companies must disclose “material” cybersecurity incidents on Form 8-K within four business days of discovering them, providing details on the nature, scope and potential impact of the incident.
Requirements vary industry-to-industry and crisis-to-crisis. Any organisation, particularly publicly traded companies or those in highly regulated industries, should work with legal experts and disclosure counsel to understand and prepare for the required disclosures or evaluations to which they may be subject.
There is no applicable information in this jurisdiction.
There is no applicable information in this jurisdiction.
There is no applicable information in this jurisdiction.
The Crisis Playbook
Effective crisis management plans typically consist of two essential elements. The first is an overall crisis response protocol, which outlines a set of core principles, team member roles and responsibilities, and a clear structure for evaluating, escalating and responding to potential crises the organisation may face. The second is a set of sample scenarios – often the top five or six most likely to occur or most problematic/impactful issues – and specific guidelines for how to address them.
This type of framework is the foundation for effective crisis management efforts and is the central document around which the crisis team organises and, if necessary, executes in real time.
Key Components of a Crisis Strategy
The crisis management plan should also take into consideration how stakeholders are managed during a crisis, including:
Crisis Response Infrastructure
It is common and considered best practice to establish designated crisis committees or working groups, along with protocols and the necessary operational mechanisms to enable the committee to be notified, convene and implement those protocols in the event of a crisis.
From a communications perspective, this typically includes a rapid response system that identifies who needs to sign off on any internal or external communications, and an expedited process for obtaining said approvals that eliminates unnecessary delay. It is important to include representatives across relevant business functions and stakeholder groups in the working group. The right group of representatives will depend on the type of crisis but typically includes legal, PR and investor relations and may also include human resources, government relations, IT/data-security and others. Similarly, it is important to determine the core spokespeople and channels that will support each stakeholder group in delivering consistent messages, but tailored to specific audiences. Maintaining up-to-date contact lists of clients, shareholders, media and regulators also streamlines both communications efforts and crisis assessment, which could inform how the crisis response takes shape in real time. Lastly, many organisations will designate an Operations Room for severe crises that allows the core crisis team to work together in a focused and protected centralised location.
Considering an Outside View
Most companies will have some form of a crisis committee at the management level. At the board level, the responsibility for risk assessment and response typically lies with the audit committee, although some boards are establishing dedicated reputational risk committees.
At the management level, the crisis working group should contain both internal representatives of the organisation and independent perspectives from, for example, external legal and communications counsel – and it is recommended that leaders engage external resources early in the committee building process to ensure the group is well-rounded.
Representing Diversity of Thought
Because every crisis is different, an ideal crisis group will also have members from various parts of the organisation who have the expertise to handle the many different forms a crisis may take. Still, depending on the crisis, the group may need to add additional skills, voices or subject-matter experts to better navigate specific situations, and processes should be built that allow them to do so. Additional representatives from operations, compliance, security, human resources, government relations, finance, facilities management, information technology or investor relations should be identified in the event they are needed. Lastly, a physical location or alternative channels for electronic communications should be considered ahead of time.
Bringing a Team Together
Ultimately, the most important feature of a crisis committee is a willingness to work together; a group that is willing and able to take advantage of the many perspectives and skills at the table will be best equipped to adapt to whatever unpredictable challenges a crisis may bring. Additionally, ensuring the group can work smoothly together requires training. Crisis teams should build muscle memory by acting out crisis scenarios and/or conducting regular lessons and exercises.
Define Flexible Roles for a Unified Crisis Response Team
A strong crisis response team should consist of a diverse group of management members, senior leaders from the legal and communications teams and external legal and communications advisors. The roles of each member of the committee should be made clear so as to eliminate any confusion over responsibilities when a crisis strikes. However, that does not mean any member should operate independently. It is imperative that the group takes a holistic mindset and that every function, especially legal and communications, is completely integrated. Further, there should be no siloes between those who define the strategy and those who execute the plans, even if the team members responsible for execution are not part of the core crisis committee. Regular communication, simulation training and a cohesive overall approach ensure that all aspects of the crisis are addressed efficiently and effectively.
Effective Communication: The Cornerstone of Crisis Management
During a crisis, the team should meet regularly to identify new developments, correct inaccuracies, tailor messaging and plan for potential developments or new scenarios. Creating feedback loops is paramount, as continuous interaction and collaboration help maintain a unified and informed response, enabling the team to adapt swiftly to evolving circumstances and maintain a consistent and accurate narrative. To that point, communication among the crisis team and management should not be limited to moments of crisis. Tabletop exercises, red teaming or internal and external qualitative analyses should be done at least quarterly to help the group stay vigilant and prepared.
Maximising Success Through External Expertise
There are many external experts that can be invaluable to crisis prevention and management. For example, cybersecurity firms like Mandiant and Kroll are often brought in to help investigate and mitigate data breaches and cyber-attacks. Of course, there are also the more traditional experts like legal counsel and communications firms whose insights are required to effectively handle a crisis from a legal, regulatory and stakeholder perspective. Any advisors should be able to bring on specialists in specific issue areas such as digital reputation management, dark web monitoring or personnel security, which can prove critical in the event of these specific situations.
No One-Size-Fits-All Approach to Success
“Success” in the face of a crisis is not easily measured and looks different for every company. Still, some factors we might look at to evaluate a crisis response – and improve future planning – include the following.
Taking the time to assess these measures and identify missteps or oversights helps bolster crisis strategies for the future and safeguard any successes in the long term.
The Importance of a Strong Response Framework
How quickly a company can identify a crisis and its implications depends on how prepared they are. An organisation that has taken the time to build a strong foundation for monitoring, assessing and escalating emerging or crises issues will be able to respond to and mitigate them more rapidly than one that first has to define roles, identify resource gaps and create a strategy.
Many companies will develop an internal framework by which to identify and assess a crisis. Typically, this contains a group of questions or a checklist that aim to uncover:
The first step in any crisis situation would be to use these questions to understand the reach and impact of the situation. Once that has been decided, there should be yet another standard framework that dictates the escalation process and immediate next steps in terms of whom to involve, how to convene these resources and what to prioritise.
Building and Training on Crisis Plans
The most well-prepared companies have pre-set business continuity, cyber-incident and crisis communications response plans in place. These plans will outline guiding principles, clear step-by-step action plans and proposed messaging/materials that can then easily be implemented when a crisis strikes. So long as these plans are properly developed and trained on, they give crisis groups a head start and help guide them through the key decision-making processes required during a crisis.
Common elements of a crisis plan include:
Understanding Risk
Assessing risk starts with a vulnerability analysis, or an internal and external look at the issues that could impact an organisation’s constituents, reputation and/or normal course of business. Relevant risk factors include common crises such as natural disasters, cyber-issues or product outages or recalls, as well as any potential threats a management team has identified as part of its regular diligence. Regulatory changes or industry trends can also signal possible risk, as can perception studies that might reveal vulnerabilities to be aware of among an organisation’s stakeholders. Lastly, more organisations are realising that any number of reputational risks can impact their bottom line, licence to operate, ability to attract or retain talent or their competitive position.
Expect the Unexpected
At the same time, things that may seem outside the realm of possibility, but that would have highly problematic consequences, should also be considered. Monitoring crises impacting other organisations or playing out in other parts of the world should be part of this effort, even if they are not directly tied to the industry or business. Scenario planning should be conducted for events that are one, two or even three standard deviations from a “common” crisis to pressure test a company’s existing protocols and procedures.
Still, it is equally important for companies to remember that not everything is a crisis. Understanding what is not a crisis is as crucial as knowing what is, and is key to mitigating risk appropriately.
Simulations Create Smooth Real-Time Response
Companies should and often do use simulations, conducted across business levels and functions, to prepare for crises. These can take different forms, but should always be informed by risk analysis, tailored to specific areas of interest or need and designed to facilitate collaboration. Likewise, example scenarios will be case-by-case, but might include cyber and customer data issues, M&A leaks, public shareholder issues and shareholder activism issues, union and labour-related issues, DEI issues or any crisis that has come up within the business sector in the past.
Corporations: Integral Threads in the Fabric of Society
Additionally, today’s businesses are not isolated from broader social issues; they are expected to actively engage with and influence them. Therefore, it is crucial that they consider social and political scenarios in any simulation, such as how the business might respond if it were revealed that they are engaging with a divisive public figure and how they would handle hot-button social and political issues like DEI, climate change or political donations.
Employees are an Extension of the Crisis Team
Many organisations have started to leverage e-learning tools to extend crisis training or risk assessment protocols to the whole of the organisation. Typically, HR or compliance departments will mandate that these trainings be taken during onboarding or at a yearly cadence. This aligns with best practice, which is to ensure that all employees at all levels are aware of how to identify risk, how to assess it, the potential ramifications of their actions as they relate to potential crises, common policies that govern behaviour at work and interaction on public channels, and how to escalate situations that may arise in their course of work.
Empowering Employees Through Policy
Codes of conduct and policies on press, social media, cultural sensitivity, cybersecurity and more are all directly tied to how well equipped employees are to prevent and prepare for crises. Like with other traditional training courses, these policies and procedures can be mandated at an organisational level to ensure all employees are acting in a way that is commensurate with the overall crisis preparedness plan.
Sample Legal Challenges or Crisis Situations to Watch
The definition of a crisis will change from one organisation to the next, as will the relevant legal challenges. Some common issues that could stem from or result in litigation could include:
There are a number of different enforcement authorities and regulatory bodies at the federal and state level that represent potential legal liability to companies and management.
Considering State-Level Enforcement
In a legal and mass claims context, one trend in this market is an increased use of delegated authority by state attorneys general to private plaintiffs’ attorneys. As a result, there are more opportunities for state-level enforcement actions against companies.
Companies co-operate with authorities frequently, and as needed based on jurisdictional and industry requirements. Heavily regulated industries, for example, frequently work in close consultation and co-operation with the appropriate regulatory bodies before, during and following a crisis.
Legal Counsel’s Role in Reputation and Crisis
Whether internal or external, an experienced attorney can help evaluate liability, limit exposure and mitigate damage by crafting a robust legal strategy from the outset. Sometimes, this action alone can be sufficient to prevent a situation from escalating. In other cases, a full-blown crisis may not be avoidable. In that event, the legal team and communications advisors must be aligned. A legal strategy that takes into account how its actions will be perceived by key stakeholders and the public will provide the company with the best opportunity to identify and navigate the legal and reputational challenges a crisis might present.
Lawyers as Communicators: Why This Consideration Matters
Legal representatives should be part of the central crisis management team and work with senior leaders and communications advisors to help steer the company through every stage of the crisis. Lawyers are skilled communicators, and by partnering with communications teams, lawyers can help inform more balanced and educated reporting while also ensuring any public statements are compliant and do not generate additional legal risk. This should be one of the key criteria a legal team or outside counsel is evaluated on, in addition to their ability to respond rapidly to ever-changing crisis situations and their experience working in close partnership with the many other members of the crisis team on high-pressure situations.
There is no applicable information in this jurisdiction.
There is no applicable information in this jurisdiction.
Some insurance companies do offer policies for various types of crises. One of the most common is cybersecurity insurance.
Essential Steps for Reputation Recovery
Measuring the impact of a crisis on reputation is an important first step to rebuilding and protecting that image moving forward. A few ways to understand a crisis’s impact include undertaking field surveys or focus groups with key audiences, monitoring and analysing social media conversations or holding post-crisis interviews with stakeholders and media. The learnings from these exercises can then inform the development and execution of a targeted recovery plan.
See 2.5 Transparency Requirements and 2.6 Sectoral Requirements.
Co-Ordination is Non-Negotiable
Communication strategies are not one-size-fits-all; they must be tailored to the company, its usual methods of stakeholder engagement and the specific situation at hand, particularly its severity. However, co-ordination is non-negotiable, as it is essential for ensuring consistency. Legal and communications teams should own this co-ordination, working together to ensure that all messaging is appropriate for sharing and consistent across channels.
Take a Holistic Approach, Even Across Multiple Channels
In some cases, a single co-ordinated channel, such as a dedicated webpage for information about a product recall, may be the most effective means of disseminating a company's messages. In other situations, such as a settlement with a government enforcement agency, more targeted communications efforts may be required.
Each scenario will vary, but if a company has a clear understanding of who its stakeholders are, how it typically communicates with them and what their individual needs are in real-time, this will better enable it to execute a co-ordinated game plan effectively. Companies that fare poorly in crises are often those that adopt a siloed approach to communications, fail to put on a united front across different teams and/or say different things to various stakeholder groups.
While no two situations are the same, in crisis situations companies should plan to engage employees early and as often as possible, not only so that they are hearing from the organisation first, rather than reading about the company’s issues in the news, but also to make them ambassadors for the brand by helping them understand and articulate the organisation’s position. And if the right communications channels do not exist, the organisation should invent them.
Overall, the lines between internal and external communications continue to blur. Today, the external is internal and the internal is external – meaning none of the communications happening within either sphere should be considered in a vacuum.
The Hub and Spoke Model: How and Why to Use It
The hub and spoke model is one approach to engage multiple stakeholders in a consistent manner. This means establishing one central, decision-making group – the hub – to define communications plans and messaging, and then using smaller groups or individuals – the spokes – to execute the plan across relevant stakeholder groups. The spokes will have a deep understanding of the unique channels each stakeholder uses and how to adapt the approach to the audience’s needs, while the hub helps ensure messaging is consistent and accurate across every platform.
Direct Communication Minimises Negative Impacts
Investors and shareholders are a key stakeholder group to engage regularly during a crisis. Keeping investors informed of the situation at hand and the company’s plans to address it may be legally required (if material), and can also bolster investor confidence and minimise the negative business impacts of a crisis, particularly to the extent investors need guidance on the potential financial and regulatory impact of the crisis. To that end, companies should consider disclosure options, bespoke investor newsletters or posting statements to their investor relations webpage – or a microsite if one does not exist – to ensure shareholders are receiving consistent and accurate information directly from the company.
Trust is a Two-Way Street
To maintain customer trust during a crisis, companies should establish and utilise feedback loops. Without real-time feedback on how messages are being received or how the situation is evolving, it becomes challenging to address emerging concerns directly and worse, it may give the impression that the company is being evasive. From this perspective, leveraging social media platforms during a crisis is important both to take the temperature on consumer sentiment as well as to distribute messages to large consumer audiences. However, thinking beyond pre-established protocols and platforms in a crisis and allowing for flexibility in engaging customers is key, such as by publishing open letters from the CEO directly to customers, or deploying a specific consumer spokesperson on broadcast channels to address customer concerns.
Do Not Let a Company’s Response Become Its Own Crisis
Employees are an increasingly vocal source of support and criticism who tend to base their judgement more on the company’s response to a crisis than the nature of the crisis itself. With that in mind, it is wise for companies to prioritise communications to this group, ie, act quickly and be sure to reference the company’s mission, vision and values in employee communications. Assuring employees that the organisation is living the values its culture is built upon helps to maintain their confidence and morale.
The Unique Role Employees Play in a Crisis
It is also important for companies to remember that employees play a unique role in crisis communications themselves. When telling employees about the resolution, companies should make sure they understand the company’s decision-making as well as any limits on what they can or cannot say publicly. This is especially important for employees who deal with outside parties, and who may have the matter brought up in the course of their work. Companies should be careful to explain any constraints on what they can say about the matter, while still fostering a sense of teamwork and authenticity.
Do Not Make Unnecessary Changes
The most effective channels are the ones that are typically used. If a company breaks protocol in the course of trying to reach its stakeholders, this can often confuse or worsen the problem. Still, some circumstances like data breaches may require new or specific channels of communication that are outside the traditional scope. The key for companies is to be aware of any legal, regulatory or other requirements like this ahead of time and to build those into the response framework, so all communications are consistent, compliant and compelling.
The Aftermath: Learning From Crises
There are several ways to extract lessons from crises both in the immediate aftermath and on a continued basis. A post-mortem internally, where leaders provide a qualitative review of the situation, and externally, where an expert reviews and assess protocols and plans, should reveal successes and missteps. Then ongoing tabletops where leaders simulate crisis situations can help uncover operational inefficiencies or gaps that may not have been relevant during the most recent crisis but that could come up in the future. The lessons from these types of exercises will become the foundation for a new and improved crisis management plan and should all be actioned into clear improvements to processes and protocols. Crisis management is a cycle: companies should prepare, respond, recover, assess, and then prepare again. Only by learning and iterating is it possible for companies to stay ahead.
Policies Demonstrate a Commitment to Change
As the company begins to move forward, it is crucial for board members, management and external advisors to engage in blame-free discussions about what worked well and what could be improved or changed or newly implemented for future crises. Additionally, they should review feedback from employees and the public, as well as their existing policies, marketing content, partnerships and other regular business engagements through the lens of the crisis to get a fuller picture. These insights should be used not only to update procedures and playbooks for future crises, but also to create new or revised policies that demonstrate a commitment to learning and change. Doing so can achieve two significant outcomes: positioning the company better for future challenges and strengthening relationships in the aftermath of the crisis.
Turn to the Experts
While adhering to industry standards and best practices, such as ISO certification, is important, it is also crucial for companies to work with experts who are up to date on evolving policies and practices. Collaborating with dedicated crisis management consultants who have a keen understanding of the latest trends and industry standards will give a company the best chance of being effective in crisis prevention and preparedness. Additionally, companies should consider ongoing training for their crisis team or entire employee base to ensure they remain current with best practices as they evolve. This proactive approach not only helps in preventing future crises but also ensures that the organisation is always prepared to respond effectively.
909 Third Avenue, 32nd Floor
New York, NY 10022
USA
+1 212 687 8080
inquiries-us@fgsglobal.com www.fgsglobal.comIntroduction
In 2025 in the United States, the only certainty is uncertainty – and the need to manage it.
At their core, crises are defined by (i) the total impact they could have on an organisation’s reputation, credibility, shareholder value, future ability to operate, and financial performance, and (ii) whether they necessitate a rapid, but effective, response.
While not every crisis can be avoided, the good news is nearly all can be anticipated and prepared for with a comprehensive and sober look at the business, its footprint, and the landscape, expectations, and risk framework within which the organisation operates.
This section outlines some of the leading US trends that will impact crisis management in the current dynamic and unpredictable environment. The focus here is on stakeholder engagement and reputation defence, as opposed to organisational management or business continuity, and on how best to prepare for and manage an uncertain future.
Leading US Crisis Management Trends and Developments
Several key trends are influencing what companies must consider as they operate a business, engage with key audiences, and manage issues and crises in 2025.
A shifted and divided information landscape
Effective crisis management today is even more complicated due to unprecedented media fragmentation and a dwindling reliance on what used to be commonly shared sources of information. In October 2024, a Gallup poll revealed that more Americans have “no trust” in the media (36%) than have a “great deal” or “fair amount” of trust (32%). Instead, according to Pew Research Center, over half of American adults get some news from social media, a trend that continues to rise. With traditional media outlets losing not only trust but also readership and viewership, companies and organisations must now be vigilant about ensuring (or, where necessary, creating) accurate sources of truth that reach all their key stakeholder audiences – either by actively monitoring for and correcting misinformation or incomplete information on widely viewed platforms, or by building and maintaining their own platforms and communications channels. This also may require engaging with outlets not previously considered of importance to the organisation.
Further, following the latest US presidential election, organisations with litigation, investigative or regulatory matters before the federal government need new approaches to reach and influence the new administration. Simply placing stories in the mainstream news media will no longer suffice. Many in the President’s evolving and often unorthodox circle of advisors, along with a growing share of any given organisations’ stakeholders, do not get their news from The Wall Street Journal, Good Morning America or even Fox News. As demonstrated in the most recent election, they consume from an entirely different set of information funnels, including podcasts run by former professional wrestlers and right-wing social media platforms. In this fast-evolving environment, a company that wants to persuade the new administration to terminate a government enforcement action or argue for or against a mission-critical policy change must seed its themes in the new “newsfluencer” ecosystem.
An unpredictable new administration
Prior experience with a Trump Administration unfortunately offers limited assurance of what to count on in the Trump 2.0 era, other than ongoing political divisiveness. While the President’s key priorities have been repeated throughout the 2024 campaign and early days of the administration, the details of the government’s legal and policy moves, or how they will be prioritised or executed, are uncertain. Maximalist rhetoric from the White House and its allies can make it hard to differentiate bona fide proposals and initiatives from opening negotiation positions.
For example, near-term competition policy, including government challenges to M&A deals and other allegedly anti-competitive conduct, is yet to be defined. While no dramatic departure from the Biden Administration’s robust challenges to M&A activity and antitrust enforcement is expected, the Trump Administration is expected to be more transactional and less predictable, including with respect to the sectors of focus or what business countermeasures might effectively mitigate scrutiny. Similar questions surround where exactly the chips may fall on issues like trade and tariffs, tech regulation, tax policy, labour relations and government contracting. Navigating this terrain – and avoiding the associated reputational land mines – will require careful thought, risk analysis, and preparatory scenario planning, along with early relationship development and coalition building.
Protectionism and economic nationalism
One theme that is predicted to resonate throughout the new administration is a prioritisation of American economic interests against perceived threats from foreign adversaries and influences. Protection and growth of American jobs, domestic manufacturing and exports, and US energy and mineral production, as well as the guarding of national territorial, economic and data security, have been announced as priorities. This is likely to influence policy and enforcement related to such areas as international trade, foreign direct investment and ownership, M&A and joint ventures with foreign partners, and immigrant labour matters.
To avoid negative attention or other consequences on these fronts, organisations will need to fully assess their supply and distribution chains as part of any reputational risk assessment. They will need to examine and tread carefully regarding any existing or planned relationships with states that may be deemed a national security threat like China, or even with historically friendly nations in Latin America or Europe who have or may come under government scrutiny for allegedly impeding American interests on trade, immigration or other topics. And they will need to contingency plan for potential economic retaliation from countries and markets threatened or adversely impacted by US policy.
A surge in complex litigation and investigations
Everyone is under investigation, it seems, and litigation is rampant in this market. There continues to be a rise in government investigations across every corner of the regulatory landscape and a notable increase in complex commercial disputes. Companies are preparing for this litigation and investigative onslaught by expanding legal budgets – including to finance communications and reputation-defence activities surrounding and supporting legal events. They understand these matters require specialised communications advisors who are well-versed in the underlying law and procedure, and they often are arming themselves with this expertise well before a crisis hits.
In one emerging trend, lawsuit financing by private equity firms and other asset managers, and even by law firms themselves, is transforming the market, pumping billions of dollars into litigation activity and driving up the volume. This further fuels growth in litigation, as more parties have access to capital that allows them to file patent, antitrust and other competitor versus competitor lawsuits. Another implication is litigation financing to fund mass torts against companies or even entire industries, as well as responsive legislative and advocacy efforts to restrict such financing. The upshot is more money coursing through the legal system, enabling more lawsuits to be brought and maintained to and through trial and increasing the odds that any given organisation can become caught up in high-stakes, high-profile and longer-term litigation.
Backlash against diversity, equity and inclusion (DEI)
Following the US Supreme Court’s decision to end affirmative action in higher education, and in response to demands by activist shareholders, there has been a wave of actual or threatened litigation, investigations and enforcement, along with other pressure campaigns, taking aim against diversity, equity and inclusion (DEI) initiatives in the workplace and elsewhere. And that was before the Trump Administration moved to declare DEI effectively illegal across all of American society. Several companies and other organisations have settled lawsuits or made changes to their DEI policies and programmes, including dropping, narrowing or rebranding them, to reduce litigation exposure and reputational risk related to “reverse discrimination” charges from the administration or activists.
It is expected that these challenges to DEI programmes will continue, with many companies, educational institutions and non-profits left uncertain about next steps and whether their programmes comply with the law. It is no overstatement to say the controversy over DEI is transforming US business culture and practice. How organisations respond to the competing views and demands of employees, customers, investors, government officials, activists and the general public, while attempting to implement (or modify) their stated values and commitments regarding diversity and inclusion, is a complex challenge that will continue to have a huge impact on legal vulnerability as well as reputational standing and trust among stakeholders.
Cybersecurity and AI-driven risk
Today, every company is a data company. Businesses’ and organisations’ executives and boards remain increasingly concerned about the continually evolving nature of cybersecurity risk and the threat of “digital crises” in general. When a cybersecurity incident occurs, the method of attack, threat actor and ultimate scope are entirely unpredictable, making cybersecurity a particularly costly and inconvenient threat facing enterprises of all kinds. Moreover, between tightening national and international requirements for disclosure of cyber-incidents and increasing interest from mainstream media outlets, particularly in those incidents that affect large, well-known companies and brands, navigating cyber crises continues to be a complex, high-stakes event. Preparing for and anticipating the risk of a potential cybersecurity incident is thus critical to maintaining not only business continuity, but also trust and credibility among a company’s most important audiences.
Supercharging this area is the growing introduction of generative AI, which complicates the picture, but can ultimately present an opportunity to better manage a highly complex landscape. The use of generative AI by threat actors to produce sophisticated, realistic audio/visual deepfake content poses a new and distinct level of risk, and the tactic has already been deployed in attacks against several major businesses. The increasing scale of attacks and the emergence of new threat actors are making it increasingly difficult to predict future behaviour. On the other hand, companies and their information security teams are also harnessing the benefits of AI-enabled threat detection and response to better protect their organisations and data. These processes can include AI tools to measure public sentiment regarding an attack and leveraging these insights to inform the organisation’s communications response to a cybersecurity crisis.
Managing Crises and Reputational Risk in Today’s Environment
As has been seen, reputational and operational risks are everywhere, emerging from disruptive and ever-shifting politics, public policy and economic conditions, as well as growing anxiety around contentious issues like geopolitics, immigration, war, and diversity and inclusion. We are living in a polarised society where trust has eroded in government, media and other social institutions that previously have been among the most respected and influential – even revered. Companies are increasingly being called on to speak to – or even to lead on – issues and events that may or may not directly impact them or their operations, but could affect their stakeholders, whether they want to or not. This is all in addition to the traditional operational incidents; health, safety, environmental, customer relations or labour issues; litigation; government investigations; regulatory actions; or business conflicts that have the potential to knock an organisation off course.
Crises come in all shapes and sizes and can stem from any one or a combination of these factors.
Whether public or private, companies and other organisations are entrenched in the fabric of society. Each of their decisions and actions will affect the people who invest in, buy from, work for, are served by, or essentially license their operations – in other words, nearly everyone. When an incident happens or an issue arises, all of these stakeholders look to the organisation for the “right” response. They want prompt reassurance that the organisation recognises the issue, is truthful, is competently managing it, and will solve the problem. They also want to know that the brand they patronise shares their values. The conclusions that stakeholders draw from an organisation’s response to a crisis will directly impact the organisation’s reputation, oftentimes even more so than the nature or details of the crisis itself.
In this time of uncertainty and polarisation, the best defences are preparation and co-ordination. Some types of crises are foreseeable, based on the nature of an organisation’s operations and where and how they operate, even if the likelihood may be low or the timing unclear. Others are a true surprise – or a “black swan” event. The key for organisations is not to try to predict the future with specificity, but to prepare by considering in a systematic way all relevant factors, variables and potential scenarios. It is also important for companies and organisations to recognise when a matter appears to be a crisis but, in fact, is not a crisis. In this instance it is important not to “pour fuel on one’s own fire” and over-respond when a situation feels dire, ultimately, and inadvertently, causing more harm than good.
Given the numerous evolving factors that must be considered when determining a crisis response strategy, it is important for organisations to prepare detailed communications plans for responding to crises, and then to test and update the plans as needed. The importance of this kind of advance work cannot be stressed enough – developing the internal infrastructure and external relationships that may be needed in a crisis, creating the plans and protocols to deploy if one hits, running simulations at all levels of the organisation to practice and build that necessary muscle memory, and clearly communicating relevant values and policies before a crisis begins so they are well-known to stakeholders in advance and not being explained amid negative attention. A live crisis response should not start with a blank sheet of paper.
Whatever the nature of the crisis, effective management requires a careful balance between protecting the organisation from legal exposure and preserving the organisation’s reputation through transparency, co-operation, remediation, and an authentic reiteration of core values. Because these objectives sometimes can conflict, legal and communications advisors are often – and with good reason – at the centre of a crisis response and must act in close co-ordination. While senior leaders and subject-matter experts are always indispensable, the legal-communications partnership must remain the keystone of crisis management, supporting and connecting all other components of the effort and largely determining whether the response will be successful.
Thus, the ideal for crisis preparation or response is a tightly aligned legal and communications strategy led by a team of experts from each area who know how to execute together. This is the key to advancing legal objectives and preserving reputation in tandem, while avoiding new risk.
Some best practices for an effective legal-communications crisis management partnership include the following.
There is no silver bullet to stopping a crisis quickly or with no damage, and crises often arise from surprising sources or unfold in unexpected ways. But with careful, thorough preparation and a disciplined, integrated legal-communications partnership approach, an organisation can cut down on the angles of uncertainty and mitigate the impact an issue or incident will have on reputation, stakeholder relationships, and continuing operations, all while protecting the organisation’s legal position.
909 Third Avenue, 32nd Floor
New York, NY 10022
USA
+1 212 687 8080
inquiries-us@fgsglobal.com www.fgsglobal.com