Corporations must reckon these days with the need to act during a crisis at social media’s often breakneck accelerated pace, as evidenced when The Walt Disney Co.’s ABC Inc. took only hours to cancel Roseanne Barr’s television show after a racist tweet by the controversial actress and comedian.
Clients must also abide by regulators’ new demands that the public be notified within 72 hours about data breaches. What used to take days of executive decision-making now gets crunched into minutes. To prepare for such fast-moving crisis management, companies and law firms are engaging in what’s known as “tabletops,” a day- or days-long planning and drilling sessions.
During these gatherings, various crisis scenarios are acted out so top executives and their myriad advisers may test in realtime their reactions and certain crisis management systems.
“When a crisis hits there is so much happening all at one time,” said J. Gordon Cooney Jr., a partner and leader of the firm’s global litigation practice at Morgan, Lewis & Bockius. The firm is one of many pitching their expertise in tabletops, a tool initially developed for the oil and gas industry to help companies preparing response to environmentally threatening accidents.
Tabletops then transitioned to data breach planning, as well as a wider range of potential corporate crises. Morgan Lewis has assembled a team of crisis management lawyers with capabilities related to environmental litigation, employment, cybersecurity, products liability, and government and securities enforcement.
There are two primary reasons that large firms seek to highlight their expertise through tabletops: Cultivating potential future revenue sources and, perhaps more significantly, a chance to spend a day helping a few key executives think and imagine responding to worst-case corporate scenarios.
“It brings you in very close proximity to the decision makers in a company and working with them collaboratively,” Cooney said. “From a relationship standpoint, that is incredibly important. Hopefully the clients we are working with won’t ever have to face these crises. But, if you have done the crises management planning, the work that will flow in your direction in the event that there is a crisis is significant.”
Bolstering relationships within the C-suite and enhancing current client relations sometimes obviates the need for immediate compensation from participating in tabletops.
“There’s a value in clients seeing how their lawyers think through potential problems, how they interact with the organization. It helps lawyers who show some dexterity in these drills,” said Reginald Brown, who frequently takes part in tabletops as a member of the strategic response group at Wilmer Cutler Pickering Hale and Dorr, where he serves as chairman of the firm’s financial institutions group and leader of its congressional investigations practice. “It’s positioning for actual scenarios. Sometimes you get paid and sometimes you don’t.”
It’s not as if lawyers don’t serve a purpose in the planning sessions.
“Lawyers are naturally the right people to lead these exercises because they can spot issues that may get overlooked, like insider trading risks during an undisclosed cyber event, and mandatory breach notification obligations, which are likely to affect the overall communications strategy,” said Davis Polk & Wardwell partner Avi Gesser, who handles cybersecurity issues.
State, federal and overseas governments have recently signaled that they want companies to respond quickly in the event of a data breach and some regulators have even encouraged them explicitly to engage in tabletop exercises, said Robert Braun, a Los Angeles-based partner at Jeffer Mangels Butler & Mitchell, who has a cybersecurity practice and has written about tabletop drills.
The European Union included in its General Data Protection Regulation, which became effective May 25, a requirement for notification within 72 hours after becoming aware of the breach. The New York Department of Financial Services and the National Association of Insurance Commissioners have both recently adopted 72-hour breach notification requirements.
“Companies are realizing more and more that they can’t sit on issues. The cover-up is worse than the crime, they have to move more quickly,” Braun said. “If you move quickly you have a better chance of controlling the narrative. They’ve realized this is a good tool and it’s not just for cybersecurity.”
With speed becoming more important to client service in the crisis communications arena, so are the drills.
“Clearly the marketplace is demanding answers more quickly,” said Morgan Lewis’ Cooney. “The great challenge is navigating the tension of the need for speed and the need for accuracy.”
He identifies two categories of potential harm in a corporate crises—harm to others and harm to the company’s reputation. Reputational harm “can happen very quickly if there isn’t advance thought,” Cooney said.
Morgan Lewis has labeled in its marketing materials a “crisis management team,” which includes partners who have advised companies facing crisis scenarios. But Cooney emphasized that “not one size fits all. Different companies have different issues.”
Sometimes, a highly publicized negative event involves a single customer who was treated badly. Under those circumstances, the cost of settling fast is minimal compared to the gain. But other times the potential claimants are much greater in number—such as in the event of a data breach. “You have to make sure that there is no further harm. And you have to be more careful about explaining what happened and why it happened,” Cooney said.
For law firms, too much billboarding about their past experience helping clients with crisis management matters might cause problems, since few corporate clients want widespread knowledge of a crisis they avoided or sidestepped becoming public.
“It’s a challenging space for marketing,” said Wilmer’s Brown. “It requires a lot of sensitivity.”
The best advertising, he said, is “word of mouth from GCs and the C-suites,” or exactly the type of recommendations lawyers can get by being in close proximity with key executives during tabletop drills.