Ready for the Next Corporate Disaster?

Recent history has given human resources a primer on how to make a bad situation worse as well as how to recover quickly when disaster strikes.

In 1979, the nuclear power plant on Three Mile Island near Middletown, Pennsylvania, came close to exploding. The event started when a control valve became stuck open, allowing dangerous coolant to escape while a light on the system’s control panel indicated the valve as closed.

As a result, the operators didn’t correctly diagnose the problem for several hours. Metropolitan Edison, the company managing the plant, therefore gave out incomplete and inaccurate information to Pennsylvania’s governor, who informed the surrounding citizens that the area was generally safe.

In fact, a significant amount of radioactive gases and radioactive iodine had leaked to the environment, making it very much unsafe. When the truth emerged, the incident changed people’s attitudes toward nuclear power for decades.

In 1982, a number of bottles of Tylenol were laced with cyanide, causing several deaths in the Chicago area. When investigators determined the cause, Johnson & Johnson, the makers of Tylenol, immediately recalled about 31 million bottles with a retail value of $100 million.

The company also offered to exchange all Tylenol capsules already purchased by the public with solid tablets. Tylenol’s market share dropped from 35 percent to 8 percent almost overnight. Yet within a couple of years, because of J&J’s quick and thorough action and follow-up communications, Tylenol became the most popular over-the-counter analgesic in the United States.

Then, in 1994, computer maker Intel’s Pentium system had a floating-point flaw. But Intel claimed it wasn’t serious and would not affect most users. Eventually, because of public pressure, Intel offered to replace processors only to those users who could prove that they were affected.

On Jan. 17, 1995, Intel announced a pre-tax charge of $475 million against earnings, seemingly the total cost associated with the flawed processor replacements.

Finally, in July of this year, Katherine Archuleta, director of the U.S. Office of Personnel Management, was forced to resign. This was driven by the fact that starting in late 2014 more than 25 million employee records were hacked, with the problem still unsolved. Archuleta had been director of OPM since November 2013. This was another case where management’s response to a disaster was ineffective.

These examples point to a lesson: When faced with a major problem with public implications, management must respond quickly and openly. Delays only allow the situation to worsen and public relations to suffer. 

How would you react, for instance, if hackers gained access to your employee database? This has happened to some corporations. It most likely will happen again. I presume your system has built-in defenses. Have you engaged an outside group of experts to try to break in? Do you have a disaster recovery plan in place if someone does get through? Have you tested it by engaging an outside firm to attempt to hack your system?

If you only run in-house checks, you are fooling yourself. You don’t know  malicious outsiders’ motivations, which can help them find ways past your firewalls that your systems experts would not have thought workable.

How would you handle the accidental death of one or more employees? This could occur by accident or by malicious acts of outsiders. What are you prepared to do if an employee is killed by an internal accident? It could be as simple as falling down a flight of stairs. It could be coming home from a company party where alcohol was served.

How about planned attacks? In your wildest imagination, what type of person or persons would want to do your company and your people harm? The most obvious one would be an ex-employee. There have been well-publicized cases within the past year where angry people with real or imagined grievances have attacked executives as well as rank-and-file personnel.

You have a legal department and outside counsel to protect you from lawsuits. What do you have to protect your organization from physical and criminal acts?

 The world has become a very dangerous place. Be prepared. Be honest if it happens. Be correct with what you say, and respond as rapidly as possible.