How to Manage Your Small Business Through a Crisis

What is crisis management?

Crisis management is how a business or organization identifies events that threaten its operations, brand reputation or financial stability and deals with them.

The immediate objective of crisis management is to limit the impact of disruptive events while working to restore standard business functions as swiftly as possible. Over the longer term, effective crisis management safeguards stakeholder interests (particularly those of customers, employees and investors), preserves organizational stability and protects brand reputation from lasting harm.

How to manage a crisis in your business

To minimize the damage a crisis can do to your business, take the following four steps.

1. Prepare a crisis management plan.

Dimitry Petrov, founder and CEO of Stellar Strategic Communications, stresses that every company should have a crisis management plan ready to deploy at a moment’s notice.

The plan you formulate should be entrenched in the company’s philosophy and ideology so that the proposed remedy does not diverge from the company’s vision, add to the severity of the crisis and potentially affect the performance of your business post-crisis.

It’s important to have a team ready as well as a plan too, Petrov advises. He told us, “You should set up a crisis management team [CMT] composed of the most senior and experienced individuals within the organization. When a crisis strikes, they should be ready to act straight away, assuming full responsibility for the situation and taking decisive control.” [Related article: Business Decision-Making: Gut Instinct or Hard Data?]

2. Assess the situation and be straight with your staff.

Petrov told us that when you first become aware of a crisis, investigating its causes is key. He states that “a fact-based approach is essential to accurately assess the situation. [Firms should] avoid hasty, emotional decisions when crafting their initial key message or statement.”

You need to maintain your composure during a crisis. The first part of your plan should be to launch an internal investigation into the crisis’s cause. Once you’ve recognized and defined the problem, you are halfway to solving it. 

The next step is focusing on your staff before any other stakeholder group. Petrov recommends that firms should “resist the urge to immediately engage with external audiences. Adopting a “people first” approach is crucial, as your team is your most valuable asset. 

“Even if the media pressures you for a response, ensure that your employees are informed with the facts and the status before speaking externally. This approach fosters trust and transparency within the organization, which is essential during and after a crisis.” [Related article: 6 Effective Strategies for Communication in a Crisis]

3. Be honest with the public, the media, investors and other stakeholders.

While employees remain your first priority, transparent communication with media and public audiences cannot be delayed. Deliver comprehensive briefings that clearly explain the situation, current status and response measures. Communicate using straightforward, accessible language free from industry jargon in all external messaging to media, investors and stakeholders.

After acknowledging the problem, you must brief the public honestly and sympathize with the aggrieved parties by demonstrating superior customer service as you request their support.

Maintaining honesty is key here as concealing even the most minor factual evidence could be catastrophic. The truth will likely be revealed later on, worsening the situation and reducing customer and investor trust and confidence if the initial messaging is wrong or inaccurate.

4. Adapt, improvise and overcome.

While having an established framework is essential, expect to make real-time adjustments based on the unique circumstances of each crisis. During plan refinement, foster open dialogue among team members. Different perspectives and constructive disagreement strengthen your response strategy for evolving situations.

Be prepared to adapt and improvise when things are not going according to plan as well. Petrov advises, “Establish a clear decision-making process, with the CMT chairperson — typically a business leader — serving as the ultimate decision-maker. This ensures a swift and effective response, which may require deviations from standard business procedures.”

For smaller businesses and startups, Petrov suggests considering external support: “In some instances, it may be beneficial to collaborate with a third-party partner to handle crises or to prepare your organization for potential challenges. My recommendation is to identify and engage the right partner before a crisis arises.”

Petrov states that by following these four strategies, you’ll navigate your SMB through a crisis much more effectively. He told us that the key is to be proactive rather than reactive using your base plan as a foundation for any challenges you face.

10 types of crises businesses face

Now, let’s look at the 10 main types of crises a business might face together with specific advice on how you can manage them.

1. Crisis of malevolence

A crisis of malevolence occurs when external parties deliberately attempt to inflict damage on a business or organization. These bad actors may include cybercriminals, disgruntled former employees, individuals with personal grievances or even competing businesses. Such attacks can range from corporate espionage to deliberate product contamination.

Examples of crises of malevolence include:

• The placing of a “spy” within a business by a competitor to gain access to trade secrets.
• The disruption of business operations by a competitor, such as Uber’s mass booking and cancellation of rides on the Lyft app.
• The deliberate contamination of products, such as the lacing of Tylenol capsules with cyanide in 1982.

Data breaches can devastate a company’s reputation and frequently result in substantial legal penalties and financial settlements. Notable cases include T-Mobile’s $350 million settlement for a breach affecting over 76 million individuals and Capital One’s $190 million payment for compromising personal data of 100 million customers.

2. Data breach crisis

Data breaches often occur as the result of a cyberattack, which results in unauthorized access to and/or the loss of a business’s sensitive or confidential information. This can include your customer data and vital intellectual property. [Related article: What Is Intellectual Property Insurance?]

In many attacks, hackers succeed by installing ransomware on an information technology (IT) network. They threaten to wipe company data if you don’t pay them money. Although many data breaches are the result of external hackers, disgruntled employees or contractors may also be behind an attack.

Data breaches can severely damage a business’s reputation and often lead to legal and financial prosecution. Examples include T-Mobile’s $350 million settlement for a data breach involving more than 76 million people and Capital One’s $190 million payout for exposing personal information of 100 million customers.

To reduce the risk of a data breach, companies should run a cybersecurity risk assessment to determine potential areas of weakness in their network defenses against different types of cyberattacks. Audits should be run periodically to determine that safety protocols are being followed and that your cybersecurity plan is updated regularly to address emerging threats.

3. Financial crises

Businesses can suffer financial crises when they don’t have enough money to meet their operational costs. This can lead to insolvency, suppliers refusing to advance credit they need to trade and a loss of confidence in a company’s ability to provide service to customers.

Headline examples of financial crises include the crash of Lehman Brothers in the Great Recession of 2008, problems airlines suffered during the COVID-19 pandemic because of the lack of passengers and the debt that led to General Motors’ 2009 bankruptcy and restructuring.

Thankfully, financial crises affecting SMBs rarely hit the headlines. However, they are real and urgent situations that demand action. Companies can reduce their fixed costs like payroll and rent, ask suppliers for extended payment terms and borrow money to cover cash flow shortfalls. Another option is to look for investors that specialize in dealing with distressed companies.

4. Labor crisis

A labor crisis occurs when a fallout occurs between a business and its employees. This can often result in mass resignations, strikes and working to rule (when employees perform their duties as dictated in their contract only, refusing any additional tasks or overtime). If a labor crisis goes on for a prolonged period of time, it can disrupt business operations and damage the company’s reputation.

Most small businesses aren’t unionized so they don’t have the mechanisms that larger businesses have to resolve issues like collective bargaining. If you feel like relations between you and your staff are problematic, the key is for both sides to engage in open and honest dialogue. Start from a place of good faith and be willing to compromise on certain issues to reach a wider agreement. When the situation is resolved, investigate why it flared up in the first place and put in procedures to stop it from happening again.

5. Natural disaster crisis

Businesses can be severely disrupted by natural disasters like earthquakes, hurricanes, floods and wildfires. As well as endangering the health and safety of employees, they can knock out utilities, disrupt supply chains and cause damage to physical infrastructure like buildings, roads and communication networks.

Preparing and recovering from these types of incidents is challenging because they often occur with no warning and the level of damage inflicted by one event can be different from another. To protect your staff and customers, you should establish a system that allows you to find out about an imminent disaster as quickly as possible and put in place evacuation procedures to keep people safe. 

For business continuity and disaster preparedness purposes, consider the types of incidents that are most likely to occur and build recovery strategies around that. 

6. Organizational crises

Leadership misconduct, internal power struggles and critical strategic missteps represent organizational crises that can jeopardize a company’s survival. These situations can devastate employee morale, disrupt profitable operations and undermine confidence among both staff and customers.

Within SMBs, organizational crises commonly stem from ownership transitions, partnership disputes, rapid expansion that overwhelms existing systems and personnel, unsuccessful product launches and loss of key personnel.

To manage these issues, SMBs need to:

• Communicate with their staff and customers
• Create a positive company culture
• Be more transparent and inclusive in decision-making

You may need to invest in new systems and staff to make growth across the business more manageable to prevent burnout and maintain quality. In situations like these, leaders can also benefit from working with outside advisors or mentors to help them make decisions and stop similar crises from occurring again in the future.

7. Product recall crisis

During a recall, companies withdraw products from distribution due to health risks, manufacturing defects or safety concerns. The direct financial impact from recalls can be substantial. Additionally, businesses face potential lawsuits if consumers suffer harm from the product, while their brand reputation may suffer lasting damage.

Food products frequently face recalls due to contamination or production quality failures. In recent years, numerous electric scooters and hoverboards were recalled after battery fires occurred in consumers’ homes, highlighting safety risks in emerging product categories.

Successfully managing a product recall requires rapid response and transparent customer communication. Provide affected consumers with full refunds or replacement products to preserve trust. Simultaneously, launch a comprehensive investigation into the failure’s cause and implement corrective measures to prevent future incidents.

8. Reputation crisis

Reputational crises occur when companies are subject to negative publicity like scandals or actions that seem to go against their stated values. For companies targeting Gen Zers and millennials, who place importance on company ethics and behavior, a reputational crisis can damage the value of their brand, erode customer trust and hurt revenues. 

Examples of this type of crisis include the 2010 BP Deepwater Horizon oil spill which undid much of the company’s work to portray themselves as environmentally progressive. Facebook’s reputation also took a hit over the Cambridge Analytica scandal when private data was used without their users’ consent.

The types of reputation crises most likely to impact SMBs are community disputes and negative press or consumer reviews. In the case of a dispute, companies should prioritize building relationships with local community leaders and political representatives. With negative feedback, staff should respond professionally to it and look for opportunities to address criticism positively in local publications and on social media. Handled in the right way, reputational crises can become an opportunity to demonstrate accountability and improve customer relations.

9. Technological crisis

Technological crises occur when companies experience cyberattacks, system outages or software malfunctions that can paralyze operations for extended periods.

Examples of technological crises include:

• A faulty CrowdStrike security software update in July 2024 that crashed 8.5 million Windows devices globally.
• Facebook, Instagram and WhatsApp went down for several hours in 2021, affecting users worldwide.
• In 2012, the computers at the Royal Bank of Scotland received a software upgrade which caused its batch processing system to fail. This stopped people from accessing their accounts, withdrawing money or being able to make payments.

Sometimes, an outage is out of a business’s control but they can take actions to mitigate their effect. They can secure their systems, regularly sweep for viruses and keep their software up to date. Having a cybersecurity disaster recovery plan can also speed up the time it takes to get back to normal. Consider purchasing cyber insurance to offset financial losses from technology failures. [Related article: Understanding Data Breach vs. Cyber Liability Insurance]

10. Workplace violence

Two million Americans are victims of “nonfatal” violence at work, leading to around 1,000 homicides, according to the Department of Justice. This intimidation and harassment can come from coworkers or members of the public. Violence doesn’t always have to be physical either ─ many times it can be verbal abuse. Exposure to violence in the workplace negatively impacts the safety, morale and productivity of your employees.

This is a difficult issue for employers to deal with but it’s vital to tackle it right away. That’s because if it continues, there is an escalating probability that you could face litigation and damage to your reputation.

Start by carrying out risk assessments to determine the level of danger your employees are exposed to and then put in place the necessary safety measures for their protection. You can also train employees on warning signs and what to do when they’re presented with a potentially violent situation. For employees that have experienced violence, you need a clear reporting system so that they can inform management as well as access to support.

6 examples of businesses responding to crises

Major corporations are not immune to the negative publicity that a crisis can create, but when a company acts quickly, keeps communication open and accepts accountability, the impact is often mitigated. Consider the following examples of how major companies handled crises and learn from their successes and mistakes. 

1. Ticketmaster

For “The Eras Tour,” Taylor Swift appointed Ticketmaster to manage the sale of tickets for her concert tour. More than 3.5 million fans preregistered for tickets on the site. At the same time, bots flooded the site and crowded out fans who couldn’t go on to book a seat. Tickets seized by the bots later went on sale on other websites at inflated prices. Even fans who got tickets were unhappy with what they considered high processing fees charged by Ticketmaster.

2. Toyota

Toyota suffered exorbitant financial damage between 2009 and 2011 following the release of vehicles with sticky accelerators that claimed the lives of innocent people. The company was slow to react and recall its faulty vehicles, incurring losses and damage to the brand’s reputation.

3. PepsiCo

PepsiCo faced a “syringe crisis” in 1992, with claims that cans of Diet Pepsi contained syringes contaminating the contents inside. Pepsi fixed the situation quickly, arresting the individual at fault and publicly apologizing for its mistake. As such, there was minimal effect on the Pepsi brand. 

4. Exxon

In 1989, an Exxon-operated oil tanker struck off the coast of Alaska and dumped millions of gallons of crude oil into the sea. In addition to receiving bad press, Exxon worsened the situation by not acknowledging its fault and being slow to address the situation publicly. The unwillingness to cooperate, combined with a slow communication channel, damaged the company’s reputation, leading it to be labeled as an environmentally unfriendly enterprise.

5. Anthem Blue Cross Blue Shield

In 2015, Anthem Blue Cross Blue Shield reported that it had discovered a security breach that compromised its customers’ information, including member names, health identification numbers, birth dates, addresses and income data. This incident affected more than 78 million people, but it could have been worse. Anthem Blue Cross Blue Shield acted quickly and was transparent about what happened as well as offered the affected customers immediate options for identity repair assistance, credit monitoring and identity theft insurance. 

6. Abbott Nutrition

After contamination concerns in early 2022, Abbott recalled some of its products, including baby formula. The company shut down its manufacturing plants to improve the facility. Months later, parents could not get baby formula because of production and supply chain issues. The Abbott Nutrition plant addressed its issues and reopened in June 2022. 

The upshot? Take action as soon as possible to rectify any crisis affecting your business. It may be in everyone’s best interest for your company to remain in business, even if it takes some time to fix the issues.

Nabeel Ahmad and Kimberlee Leonard contributed to this article. Source interviews were conducted for a previous version of this article.