The Modern Crisis Landscape

Directors from across industries explored an interactive boardroom crisis simulation focused on AI-driven disruption and its impact on operations, reputation, executive safety, and cybersecurity.

Facilitators Samta Kapoor and Joe Muscat from EY; Erick Turasz from Global Guardian; Kara Grimaldi and T.J. O'Sullivan from Joele Frank; and Jonathan Trull and May Mitchell from Qualys led small groups as they worked to address the scenario’s complexities and trade-offs.

KEY TAKEAWAYS

Crisis Communication and Leadership Tone

• Balance urgency with accuracy, ensuring messaging is both timely and appropriate for different stakeholders.
• Maintain an empathetic tone across all audiences, including customers, employees, and partners.
• Communicate through multiple channels such as press releases, video messages, and direct outreach to key stakeholders.
• Recognize that crises have a prolonged impact, requiring sustained CEO visibility and engagement rather than episodic responses.
• Establish a clearly defined core response team spanning communications, legal, cyber, and internal leadership functions.
• Define activation protocols in advance, including escalation triggers and when the board becomes engaged.
• Develop pre-drafted materials such as holding statements, employee communications, and CEO scripts to accelerate response time.
• Conduct regular simulations to test readiness, identify operational gaps, and improve coordination between management and the board.

Governance and Responsible AI Oversight

• Initiate early, ongoing discussions on responsible AI use as part of core governance practices.
• Focus on asking precise, forward-looking questions to understand AI-related exposures and risk management strategies.
• Build containment strategies that protect enterprise value and reduce reputational risk.
• Encourage directors to engage directly with AI tools to distinguish between hype and practical risk implications.

Security Leadership and Organizational Readiness

• Proactively engage with the Chief Security Officer before a crisis to align on risk posture and response expectations.
• Conduct comprehensive, continuous risk assessments covering cyber, physical security, and key personnel vulnerabilities.
• Clarify decision-making authority during crises, including who can authorize actions and deploy resources quickly.
• Address the risk of organizational paralysis by defining in advance the actions the company is prepared to take.

AI Risk, Cyber Resilience, and Scenario Planning

• Push management to articulate specific AI-related risks, including both operational use and adversarial attack scenarios.
• Integrate AI risks into the enterprise risk register with clear mitigation and response plans.
• Assess response speed to critical vulnerabilities, including zero-day scenarios, and ensure accountability at the CISO and management level.
• Conduct rigorous, high-pressure tabletop exercises that simulate imperfect conditions to test real-world resilience and decision-making.