Most organizations have a crisis communications plan. Most of those plans won't work when they need to.
The gap between having a plan and having a plan that functions under pressure is larger than most communications teams recognize — until they're in the middle of a situation where the plan is failing. Building one that actually holds requires honest assessment of what crises look like in practice (not in theory), and a level of preparation that goes significantly beyond drafting a document.
How to build one that holds.
Start with the threat assessment, not the template
Most crisis communications plans begin with a communications response framework. The right place to start is a realistic threat assessment: what are the specific scenarios that could put this organization in a crisis?
That requires pulling in perspectives communications teams don't always have access to — legal, compliance, operations, finance, HR, technology. The scenarios that create communications crises are rarely communications problems in origin. They're operational failures, regulatory violations, personnel issues, financial misstatements, product failures, or cybersecurity incidents that require communications responses. Understanding the origin scenarios in detail shapes every downstream decision about how to prepare.
For each scenario, answer three questions:
- How would we find out this has happened?
- How quickly could it become public?
- What is the worst realistic version of how this story gets told?
Define the response team before the crisis
A plan that lists "the communications team" as the response team will fail. Effective crisis response requires a cross-functional team with defined roles, clear decision-making authority, and a designated spokesperson.
At minimum:
- A lead communications executive with authority to approve external statements.
- A legal representative with authority to advise on what can and cannot be said.
- A senior operational leader who understands the underlying situation.
- An HR representative for employee communications.
- An external PR advisor for situations that exceed internal capacity.
Each team member needs a defined role — not a general responsibility, but a specific function. Who is responsible for drafting external statements? Who approves them and within what timeline? Who is authorized to speak to media? Who manages employee communications? Who communicates with the board?
These questions should never be answered for the first time during a crisis.
The first 60 minutes
Crisis communications failures almost always happen in the first 60 minutes — not because the wrong things were said, but because nothing was said. The window between a crisis becoming public and the organization's first public response is the most dangerous window in any crisis. Every minute of silence is a minute someone else is defining the narrative.
The plan should specify, precisely, what happens in the first 60 minutes. Who is notified. In what order. By what method. Who has authority to post an initial holding statement before a full statement is prepared. What pre-approved language exists for the most likely scenarios.
A holding statement — "We are aware of reports regarding [situation] and are actively investigating. We will provide an update within [timeframe]" — is not a complete crisis response. But it establishes presence, demonstrates awareness, and creates a commitment to transparency that buys time. Having a holding-statement framework pre-approved across legal, communications, and senior leadership means it can be deployed in minutes rather than hours.
Pre-approved message architecture
One of the most significant causes of delayed crisis response is the approval process for external statements. At normal speed, getting a statement through legal, communications, and senior leadership might take a day or two. In a crisis, the story is moving in hours. The approval process becomes the bottleneck.
The solution: pre-approved message architecture for the most likely crisis scenarios. Not pre-written statements for every possible situation — pre-approved language frameworks, pre-approved principles for what the organization will and will not say, and pre-established escalation paths for statements that require senior approval.
For each identified crisis scenario, there should be:
- A pre-approved holding statement template.
- Key messages that reflect the organization's values and can be adapted to specific situations.
- A list of what questions the organization will and will not answer at different stages of a developing situation.
The dark site
A dark site is a pre-built website or webpage that sits dormant until a crisis requires it to be activated. It contains the organization's crisis response materials — statements, FAQs, relevant factual background, media contact information — and can be published within minutes of a crisis breaking.
Not every organization needs a dark site. But every organization that could face a consumer-facing crisis, a data breach, a product recall, or a situation requiring significant public transparency should have one. Building it before it's needed — and keeping it updated as the organization changes — means that in the worst moments, the infrastructure for transparent public communication is already in place.
Media training that simulates real pressure
Media training that consists of answering friendly questions in a comfortable room is not crisis media training. Spokespeople being prepared for crisis situations need to be pressure-tested against the questions they will actually face — hostile, persistent, legally sensitive, factually challenging.
That means working with a media trainer experienced in crisis scenarios, running drills that include unexpected questions, practicing bridging techniques under real pressure, and specifically rehearsing the responses to the three or four worst questions that could be asked in any given scenario.
It also means identifying in advance who is and is not an effective crisis spokesperson. Not every senior executive performs well under the kind of media pressure a significant crisis generates. Discovering this during the crisis is expensive. Discovering it in a training environment — and making substitutions — is not.
The plan is not the preparation
A completed crisis communications plan document is the minimum viable deliverable — not the finished product. The preparation that makes the plan functional includes:
- Quarterly tabletop exercises running scenarios.
- Annual full-scale crisis simulations involving the entire cross-functional team.
- Regular updates to the threat assessment as the organization changes.
- Ongoing media training for designated spokespeople.
Organizations that run their plans through regular exercises discover the gaps before a real crisis does. Organizations that file their plans and revisit them only when a crisis is happening discover the gaps in the worst possible context.
The goal of a crisis communications plan isn't to have a document. It's to have an organization that knows what to do, who does it, and how fast — before the situation that requires it arrives.
Agencies with deep crisis communications expertise — particularly those that have managed financial, regulatory, and reputational crises for large organizations — bring a level of scenario depth and media relationship knowledge that internal teams rarely replicate on their own. 5W AI Communications' crisis practice is recognized among the strongest in the US market.
Related Coverage
- The Corporate Crisis Citation Share Index 2026 — Which 25 corporate brands AI engines most associate with reputation crisis. J&J #1, Boeing #2, Enron #3, BP #4, Wells Fargo #5.
- The Crisis Sector Citation Share Index 2026 — Which 15 industries carry the heaviest crisis citation surface across AI engines. Banking #1, Pharma #2, Aerospace #3.
- Crisis PR & Crisis Communications — The EPR pillar.
- Crisis Communications: The 2026 Operator's Manual
- Why Speed Is No Longer the Crisis Communications Advantage
- Crisis Communications Case Studies: The Master Library
