How often have you heard a colleague say, “There’s a crisis in the office,” only for you to find out it was just a temporary internet connectivity issue? In everyday business, small incidents can occur at any time and are unavoidable. And when such incidents occur, companies have to act swiftly to assess and respond to the situation. Failure to manage small incidents could turn them into crises.
The words ‘incident’ and ‘crisis’ are used interchangeably often, but they are as different as dusk and dawn.
How does an incident differ from a crisis?
The difference between an incident and a crisis is hard to understand. That is the reason why organizations must clearly define which events should be considered incidents or crises. It helps to solve them with clear resolution strategies.
What is an incident?
An incident is a situation that is on a small scale initially and could lead to a crisis that might result in loss or disruption of business. Incidents disturb the everyday operations and business processes – power failure, slow WiFi connectivity, a computer crash, a jammed printer, a website crash, and other such situations. Incidents are typically on a smaller scale and can be managed tactically with quick actions. These could be pre-prepared.
What is a crisis?
A crisis is a situation that is bigger and more serious compared to an incident. A crisis can pose higher uncertainty and disturb critical activities. It could arise from incidents that are left unresolved or not resolved properly. Crises are typically more massive and require severe and strategic intervention – a serious cyber-attack and data breach, theft of business assets, financial scams, or other such happenings that can put a company’s stability at risk. A crisis, most often, requires urgent and strategic action.
Incidents can turn into crises
As discussed above, incidents are mostly of a smaller magnitude compared to crises. They require quick responses. A sequence of incidents occurring one after the other, or one incident leading to the next, could turn into a crisis. Moreover, an incident that is not tackled properly could turn into a crisis.
Still getting mixed up between the two? Ask these three questions to get clarity:
1. Does the situation pose a considerable threat to the company?
2. Does it have a shock element?
3. Is the situation putting enormous pressure and urgency?
If the answer to the above questions is ‘yes’, it is a crisis. If the answer is ‘no’, it’s probably best to call it an incident.
But why is there a need to discuss the difference between incidents and crises? Because as discussed, these situations can affect businesses if they’re not prepared to tackle them. According to a study¹, many companies might think they’re ready and prepared to tackle incidents and crises, but in reality, they aren’t.
- 76% of board members think their companies would respond effectively to the crisis.
- Only 49% of them say their companies engage in monitoring activities to detect incidents and crises.
- Further, only 32% of them say their companies engage in crisis management training.
To be able to resolve the two well, it is first essential to identify their nature. This brings us to incident management and crisis management. To understand how companies can be prepared for an incident and crisis management plans, let’s delve into them more in-depth.
What is incident management?
Incident management is a way to tackle incidents that disturb the normal, day-to-day activities of a business. It includes identifying, assessing, and responding to a situation that has caused disturbance to business activity. Incident management allows firms to return operations to usual. Put simply, incident management is all about getting a handle on a situation.
But just because incidents are smaller in scale compared to crises does not mean businesses do not need to prepare for them. Incident management is achieved by designing a plan to tackle all possible incidents that could disrupt operations, halt processes, and cause damage or loss. Incident management plans focus on all kinds of disruptions.
Why does a business need an incident management plan?
Whether an organization is large or small, events happen, and incidents occur, disrupting the workflow. That’s where incident management plans help in the following ways:
- Gain a bird’s-eye perspective on possible incidents and hazards
- Plan, assess, manage and improve incident recovery processes
- Identify dangers and manage them with specifically targeted standard operating procedures
- Improve efficiency and productivity
- To notify the people affected by the incident
- To take critical steps to a quick recovery
What is crisis management?
As we discussed, a crisis is a critical situation, the effects of which could adversely impact the business’s reputation. A crisis, like an incident, can occur due to various reasons. Even an incident could lead to a crisis. Whatever the reason, when a crisis occurs, the crisis management team’s focus should be to curtain the impact and take appropriate steps to manage the crisis.
Why does a business need a crisis management plan?
Crises, if not managed well, can have adverse effects on businesses. Studies reveal some of the business aspects most affected by crises are: company reputation, employee morale, sales, productivity, leadership reputation, and customer loyalty, among others. A crisis management plan can save a business from these adverse effects in the following ways:
- Helps reduce the negative financial impact
- Increases the well-being of employees and stakeholders
- Helps organizations avoid legal implications
- Reduces downtime and resume work faster
- Helps avoid reputational damage to the organization
Key differences between incident management and crisis management
Here are some key points that differentiate incident management and crisis management.
| Incident Management | Crisis Management |
| Incident management entails taking quick, small actions to bring the situation back to normal. | Crisis management may entail strategic actions and bigger steps to bring the situation under control. |
| Incident management may involve immediate managers and team leaders and may not require the involvement of higher-level leadership. | Crisis management, being of a more critical nature, may require the intervention, inputs, and approval of higher-level leadership. |
| Incidents being of a smaller nature and less critical can be mostly managed within minutes, hours or days. | Being of a more critical nature, crisis management procedures could take days to weeks or months. |
| Incidents might affect only a few people/teams of an organization. Hence, incident management can be tackled within them. | Crises might affect the whole organization. Managing a crisis might require the involvement of more number of teams and departments compared to incident management. |
| Incident management teams have to: • Take response actions and incident operations • Keep their supervisors informed • Have to take care of their immediate stakeholders • Might require basic media communications | Crisis management teams have to: • Focus on the organization and take a strategic approach • Keep the leadership teams informed • Have to take care of the organization’s reputation/integrity • Requires strategic communications |
Incident management and crisis management – overlapping factors
However, it is important to understand the overlapping factors in incident and crisis management so as to provide relevant and targeted solutions when managing them. Some key points to consider:
- Both incident and crisis management plans should have clearly defined roles and responsibilities. It helps avoid mixing the two.
- Both should have their respective defined protocols to set the plans in motion.
- Both plans should mention the names of the people responsible along with their exact roles.
- Both plans of a company should be tested together. This would help identify the overlaps, confusions, gaps, and other requirements of the plans.
Incident management and crisis management – hand-in-hand
Incidents and events can happen in organizations even when there are a robust identification and control system in place. At times, incidents can escalate to a crisis, too. But when incident management and crisis management are tackled as different yet allowed the flexibility to overlap, organizations can achieve mutual goals successfully!
