The 4 Stages of a Crisis: What Every Security Leader Should Know

Organizations plan for many business outcomes, but they often overlook crisis preparedness. That may be a crucial mistake. According to PwC’s Global Crisis and Resilience Survey, 96% of organizations have experienced disruption by a crisis, and 76% said their most serious disruption had a medium-to-high impact on operations.

Whether it's a natural disaster, a major upheaval in political order like the Russian invasion of Ukraine, a sudden collapse of government, or even the COVID-19 pandemic, most crises follow a pattern. Where and when a crisis strikes may be unpredictable, but fully understanding how a crisis unfolds can help corporate and security leaders prepare more effectively for what comes next.

Most crises may be broken into four crisis stages, and understanding these stages is key to building effective security responses.

The Four Stages of a Crisis

While there are different ways to respond to a crisis and different crisis management frameworks, virtually all crises follow the same four crisis stages.

Pre-crisis

Some crises have very little warning, like active shooters, cyberattacks, or certain natural disasters. Others do provide some forewarning, like brewing hurricanes or major political rallies that have an elevated security presence. In either case, the pre-crisis stage is simply the time before a crisis occurs.

You can’t always predict a crisis, which is why the pre-stage period is all about preparedness and incident mitigation.

Your crisis management playbook should prioritize business continuity and give your organization and security team detailed templates to respond to a range of potential crises. A resilient playbook should entail:

• Risk assessment: To prepare for a crisis, you must conduct a comprehensive risk assessment. Start by understanding where your people are located and where they travel—and evaluate the likelihood of those individuals encountering a crisis. This includes assessing exposure to natural disasters, cyberattacks, pandemics, and geopolitical conflicts. A strong risk mitigation plan should incorporate regular threat intelligence reports that track evolving risks in those areas and identify emerging trends that may impact your workforce.
• Business impact: Analyze the potential consequences of a crisis on essential business functions. How will specific risks materially impact your business? Resilient organizations may outline procedures to ensure essential functions like data backup, alternative communications, and personnel relocation support business continuity.
• Strategy development: Based on your risk assessment and business impact analysis, you can develop strategies and contingency plans to both mitigate potential risks and prepare a response plan in the event of specific crisis events. Different crises may call for unique responses, but providing communication backup plans, establishing point people, and training executives and employees in crisis response best practices can support a robust plan.
• Plan testing and maintenance: Preparedness doesn’t happen on paper. Organizations and security leaders should conduct drills, tabletop exercises, and simulations to test plans and ensure they’re up to date. Review and update specific crisis plans based on changes in the business environment, technology, and the organizational structure.

Through proactive monitoring and practicing a response plan, you can better position assets to protect employees and leaders and respond to a crisis.

But even the most comprehensive plans must be accessible to be effective. Crisis playbooks should be distilled into 10 to 25 pages of actionable steps and clearly defined roles and responsibilities. Overly complex or bloated plans are often avoided by those who need to read them the most. By focusing on clarity and usability, organizations can ensure their teams can act decisively when time is critical.

Onset

The onset, or acute crisis stage, is the point where you can no longer prevent the crisis from happening. At this stage, your focus must be on managing the situation to mitigate the crisis’s impact. Usually the shortest crisis stage, the onset stage is often characterized by transportation and communication breakdowns, confusion, and panic.

In the onset of a crisis, resilient organizations must consider:

• Transportation: You can’t count on conventional means of travel, since air, road, rail, and sea transport all may suffer disruptions in a crisis. A dedicated crisis management team with predefined roles can support swift decision-making and coordinated responses in finding alternative evacuation routes.
• Communication: Cellular or internet connections may drop in a crisis, forcing you to rely on satellite phones or local landlines to coordinate.
• Local resources: If your travelers encounter a crisis while abroad, you must be able to leverage local resources and assets to get them to safety.

In this crisis stage, it’s crucial to activate a response plan that you’ve already created and honed through practice.

Response

Once the crisis plan is activated, your team enters the response phase—marked by decisive action to protect lives, stabilize the situation, and maintain critical operations. This stage may last from hours to months, depending on the nature and scope of the event.

At this point, crisis leaders must execute the plan with speed and coordination. The effectiveness of your response will depend on previously established relationships, signed agreements, and the readiness of your personnel and partners.

Key response priorities include:

• Personnel safety: Confirm the location and well-being of all employees and stakeholders. Trained team members should know how to shelter in place, evacuate, or escalate according to defined protocols.
• Asset mobilization: Deploy pre-positioned resources—such as vehicles, equipment, and secure facilities—to support recovery and protection efforts.
• Business continuity: Maintain or restore mission-critical operations using contingency systems like alternate communications platforms and secure data access. This may also involve relocating at-risk personnel under your duty of care.

Recovery

Once the immediate threat has passed and stakeholders begin returning to normal operations, the organization enters the recovery stage. This phase bridges the end of crisis response and the start of renewed readiness. While recovery and pre-crisis planning may share some elements—like refining emergency plans—the focus here is on rebuilding, healing, and learning.

Recovery activities may include:

• Physical and emotional recovery: Allowing time for individuals to process and recover from the crisis. This may involve restoring damaged infrastructure and providing access to counseling or mental health services.
• Reputation and communication management: Public relations teams may need to manage ongoing media coverage or stakeholder concerns, shifting from crisis containment to long-term reputation repair.
• After-action review: Security teams and leadership should assess the crisis response, identifying what worked, what didn’t, and what needs improvement.
• Future-proofing: Use insights from the event to update crisis response plans, adjust training protocols, and implement new protective measures. Communicate these changes clearly to all stakeholders.

Why Security Planning Should Reflect the Crisis Lifecycle

Security planning isn’t just about the moment of impact—every stage of the crisis lifecycle demands attention. Yet many companies over-rely on insurance and overlook the logistics of asset deployment, leaving them underprepared during the pre-crisis stage. This lack of preparation sets off a domino effect that can weaken response and recovery efforts.

When a crisis strikes, HR managers often scramble to review their insurance coverage and evaluate their duty of care providers—only to discover too late that most plans don’t account for large-scale crises like natural disasters or armed conflicts. Even more troubling, some duty of care providers lack pre-positioned assets and cannot respond in real time.

There’s a common misconception among security leaders and executives that insurance will cover every eventuality. That’s rarely the case—unless you've proactively asked the tough questions and tailored your policy in advance.

A comprehensive, rigorous approach to security planning reduces the risk of being caught off guard as panic sets in. To minimize a crisis’s impact across all stages, organizations should focus on three core fundamentals: preparation, communication, and execution.

Preparation

Companies must know where their people and assets are—and how to reach them in an emergency. Details like personal mobile numbers, home addresses, and travel itineraries are essential for strong pre-crisis preparedness.

Being organized also means understanding what your insurance covers and what your duty of care provider can realistically deliver. This clarity helps close security gaps before a crisis begins and supports more effective response efforts.

During recovery, organization enables a clear-eyed audit of what went right and what didn’t. Whether issues stemmed from missed risks, poor communication, or resource mismanagement, reviewing each stage is essential.

Too often, companies skip after-action reviews due to disorganization or lack of ownership. But a structured, accountable approach to evaluation leads to smarter updates—and stronger preparedness for the future.

Communication

Communication is the most important factor in a crisis. Having an effective communication plan is a function of good organization, but it’s crucial enough to merit its own focus. A well-organized plan has a clear point person designated to be in charge during a crisis, as well as delegates responsible for different components of a crisis response strategy. Each crisis response leader should understand the roles of others, have access to alternate communication tools like satellite phones, and ensure that employees, executives, contractors, and local partners are trained on who to contact and how to reach them if conventional channels fail.

Maintaining visibility on the location of individuals and knowing how to communicate with each is a vital throughline of the crisis lifecycle. Good communication is practiced and learned through rigorous testing of your crisis response plan.

Execution

Throughout the crisis stage lifecycle, expert execution is key. Some companies may have contingency plans, but they haven’t been updated or exercised with real rigor.

From practicing plans early to establishing a clear chain of command and reviewing performance afterward, strong execution is essential at every stage of a crisis.

Some ways to practice and prepare for execution include:

• Training seminars that introduce crisis response plans to employees.
• Live drills and training scenarios.
• Testing what-if scenarios with key stakeholders.
• Tabletop exercises to play through specific scenarios.
• Mock events to help employees understand how to act during a crisis.

Strategic Questions for Corporate Security Leaders

Corporate America must have the mindset that anything is possible. Companies with a large global footprint should have specific plans for each country in which they are operating, with focus on different types of crises. Companies with a smaller footprint but a frequently traveling workforce should have a global response plan because even one employee caught up in a risky situation is one too many.

As a security professional you should be asking yourself:

• Do you have a plan for each crisis stage?
• Can your duty of care providers or security partners act in real-time?
• Are security assets both positioned and accessible in a crisis?
• What will insurance cover, and what are the gaps in coverage?

Strategic Next Steps

The crisis stage lifecycle is not a theory to study crises; it’s a roadmap to guide security planning and support better crisis response. Crisis preparation is a continual process, and it’s important to regularly assess gaps in your current preparedness plans. Every moment is in the pre-crisis stage until it suddenly isn’t.

Connecting with a security provider that offers global end-to-end support, from pre-crisis mitigation and preparation to an immediate response time, can give your organization or executive protection program an extra degree of preparedness.

Standing by to Support

The Global Guardian team is standing by to support your security requirements. To learn more about our security services, complete the form below or call us at + 1 (703) 566-9463