Crises are no longer rare disruptions. They are an inevitable part of doing business. Whether it’s a cyberattack, a reputational scandal, or an operational failure, companies must be prepared to respond decisively. And while a recent Economist Impact survey sponsored by FTI Consulting showed nearly 60% of boards were now actively involved in crisis management, too many still lack the essential frameworks to navigate these turbulent moments.

Alarmingly, only 30% of organisations have developed crisis communication playbooks, which means they are vulnerable to chaos and ill-timed delays when clear messaging is most needed. Even more concerning, 31% of general counsel respondents—the C-suite members most likely to be commander in charge of a crisis—admitted their organisations were least prepared to handle reputational crises, the risk they deemed most threatening.

Action stations

Boards cannot afford to be passive observers. Their role is to provide strategic oversight, ensuring that businesses are not only prepared for crises but also equipped to emerge stronger. This means embedding crisis management into broader risk oversight, regularly reviewing and refining crisis plans, and ensuring that lessons from past disruptions inform future responses. Some boards may benefit from designating a director or committee to oversee crisis preparedness, ensuring a structured approach to readiness.

A glaring weakness in many organisations is undoubtedly crisis communication. Without a well-rehearsed strategy, misinformation and confusion can spiral, exacerbating the crisis. Boards must push their companies to develop clear communication frameworks for both internal and external audiences, recognising that a company’s reputation can be damaged as much by how it communicates during a crisis as by the crisis itself.

Cybersecurity, in particular, has become a critical area of board oversight. With regulators and investors increasingly scrutinising companies’ cyber defences, boards must ensure their organisations are not only investing in prevention but also preparing for the inevitable breach.

Undo the breach

The UK government’s draft code of practice on cybersecurity governance underscores the need for directors to take responsibility, advocating for clear roles, regular testing of incident response plans and transparent reporting structures.

Directors must engage with their chief information security officers to understand the business impact of cyber risks without overstepping into operational management.

When a crisis strikes, the board’s role is to provide steady leadership. This means maintaining open communication with the executive team, ensuring that responses are measured and aligned with the company’s long-term interests.

Boards should challenge senior leaders when necessary, making sure they consider the full spectrum of stakeholders: employees, investors, regulators and customers. In cases where the CEO is unavailable or compromised, the board chair must be prepared to step in and communicate with key stakeholders, particularly investors.

Once the crisis subsides, boards must insist on a rigorous post-mortem. What worked? What failed? What needs to change? Too often, organisations move on without fully capturing lessons that could make them more resilient in the future.

Of course, there are pitfalls boards must avoid. Experience is valuable, but directors must recognise that past crises do not always provide a roadmap for future ones. Micromanaging the executive team is another risk; boards must balance oversight with trust, guiding rather than controlling. Similarly, while the CEO is often the public face of a crisis response, boards should leverage the expertise of the full executive team, rather than over-relying on a single figure.

Crisis preparedness is no longer a check-the-box exercise. It is an essential component of modern governance. Boards that take a proactive approach—insisting on robust planning, demanding clear communication strategies, and maintaining strategic oversight during crises—will not only help their organisations survive but also position them to thrive in an increasingly uncertain world.

Kate Brader is partner and head of crisis communications at FTI Consulting