The opinions of contributing entrepreneurs are their own. </p><div>
Key Takeaways
- You can turn disasters into successes if you approach them with innovation, care and honesty.
- First, you need to move from feeling guilty to understanding what the cause of the problem actually is. Then turn that insight into action.
- Finally, don’t try to recover from the crisis alone. You should also strive to build an antifragile organization that can emerge stronger after a major challenge.
On June 27, 2017, the NotPetya malware caused massive problems for Maersk, the world’s largest shipping company, handling 20% of global trade. After just a few minutes, 76 ports and 900 ships were frozen. The destruction was massive, as 4,000 servers, 45,000 PCs and 2,500 applications were severely damaged and required significant work to restore to their former glory. The estimated cost of the damage is estimated at approximately $300 million.
Maersk showed strong resilience and within a few weeks their share price rose and they renewed customer loyalty. Today, this story of resilience has grown into one Case study from Harvard Business School. It offers masterclass lessons on how to turn turbulence into a success story. All leaders can learn from this. If you tackle disasters with innovation, care and honesty, you can make it a success.
Related: My Business Was the Target of a Cyberattack, and Yours Could Be Too
Phase 1: The strategic post-mortem – from guilt to insight
Typically, many companies will panic and then look for a scapegoat when faced with a crisis. Maersk chose to realize that the cause of the problem was not just a virus. The leaders accepted that they were average when it came to the way they handled cybersecurity.
The company also accepted that what happened may have been due to an internal cultural problem that needed to be resolved. While malware was a cause of problems, they also understood that their culture played a role, as security was seen as something that IT had to deal with and not a core business.
They performed an autopsy of the business process and identified what was critical. The autopsy helps a company identify what is working, what is not working and which processes can be removed from internal business practices.
Today, the public generally understands that companies will face data complications at some point. They will respect a company that proactively wants to improve its defense systems.
Related: So You’ve Been Hacked. Here are the best practices for business leaders after the hack
Phase 2: The strategic pivot – transforming insight into action
This is the time when you turn defense into attack and develop core advantages. After what happened, Maersk took drastic measures. It expanded its security team from 28 to 150 people. The safety culture and the long-standing safety culture were made a shared responsibility within the company. Their CISO, Andy Powell, said, “Security becomes part of the everyday culture. Whatever you do, you think about security, you think about cyber.”
You can purposefully modernize the technology stack. After the crisis, you may have enough power to urge the company to invest in defense and improve defense. Maersk used multi-factor authentication systems, upgraded its operating system and created geographically redundant backups. They adopted systems like NIST, which can stop so-called “extinction events.” Such investments should not be presented as something that is optional and expensive, but as something that will yield great benefits in the long term.
Maersk managed to strengthen customer trust and communication by turning defeat into a competitive advantage. Rather than trying to soften it, they were very transparent and quickly informed customers about what was happening on the journey to recovery. Instead of telling customers, “we’ve let you down,” they adopted a “we’re being tested, and we’re in this together” attitude.
Phase 3: Operationalizing resilience – building the ‘antifragile’ organization
After a data disaster, your goal should not only be recovery, but also aim to build an ‘antifragile’ organization that can emerge stronger from the situation after a major challenge. An important step is to ensure that you fully internalize the lessons. When Maersk had to take action, it didn’t just solve the problem. Instead, it integrated a new security system into its future planning. Responsibility has been added to all teams.
Resilience should not just be something you pursue or use in a one-off project. You should conduct regular exercises within your teams to be prepared for a possible crisis. By doing the exercises, the mind and muscle memory of the staff will also be ready to spring into action if a disaster strikes.
Your backup plans and data should be tested regularly. Communication plans should be updated regularly, and response team action plans should be reviewed and updated regularly. Resilience and plans to achieve this must be continually refined as IT is a rapidly evolving field.
Related: 4 Steps to Follow to Get Through Any Crisis With Your Business Intact
Through its legendary handling of a crisis, Maersk proved that developing good technology is not only crucial for overcoming a disaster. It went from being a victim to emerging from the disaster as a stronger industry leader, thanks to good on-the-ground planning and strategic improvisation.
Instead of seeing a crisis as a problem, think: “how can we come out of this as a stronger brand and company and use it to increase customer loyalty?”