```html
Crisis Readiness Assessment — Baker Crisis Group
KB
Baker Crisis Group
Crisis Operator Firm
Confidential
Assessment Not Started
Business Crisis Readiness Assessment
How exposed is your organisation?
This assessment evaluates your organisation's crisis exposure across all ten domains that a single catastrophic event could activate simultaneously. Ten questions. Five minutes. The findings are diagnostic — not a score. They are the beginning of a conversation about what your organisation cannot afford to discover during a crisis.
48
Hours that determine most crisis outcomes
10
Domains activated simultaneously in a major crisis
$80B+
Documented cost of one uncoordinated ten-domain crisis response
Human safety crises — workplace fatality, serious injury, violent incident, or life threat — activate every other domain simultaneously. They carry the greatest legal and reputational consequences and demand the fastest response and clearest command authority of any crisis type.
If a serious workplace injury or fatality occurred at your organisation today — does a documented, board-approved response protocol exist that defines who takes command, who notifies regulators, who communicates with affected families, and who manages media within the first hour?
A
Yes — Documented, Tested, Board Approved
A current protocol exists, has been exercised in the last 12 months, and all relevant people understand their role.
B
Partially — Protocol Exists But Untested
A written protocol exists but has not been exercised or recently reviewed. Key roles may be unclear under real pressure.
C
Limited — Informal Understanding Only
General awareness of what to do exists but no documented protocol. Response would depend on who is available and their judgment under pressure.
D
No — No Documented Protocol
No formal human safety crisis protocol. Response would be improvised under the worst possible conditions.
Critical exposure — absence of a human safety crisis protocol is a direct regulatory and governance failure with immediate legal consequences
Domain 2 of 10Legal & Regulatory
Regulatory Exposure & Legal Preparedness
Regulatory non-compliance discovered during a crisis — not before it — multiplies consequences exponentially. The organisations that know their exposure before an event can manage it. Those that discover it during one cannot contain what follows.
Does your board have a current, documented assessment of your organisation's top three regulatory exposure risks — including the specific penalty, operational restriction, and reputational cost of a breach of each?
A
Yes — Current and Board-Level
Regulatory risk assessment reviewed at board level in the last 12 months. Breach costs and response obligations are documented and tracked.
B
Partially — Known But Not Formally Documented
Legal and senior management understand key regulatory risks. Not formally presented to the board as a crisis exposure item in the last 12 months.
C
Limited — Sector Compliance Only
We know our primary regulatory obligations. We have not assessed the total crisis cost of simultaneous non-compliance across all relevant domains.
D
No — Not Formally Assessed
No formal regulatory crisis exposure assessment. We would be discovering our obligations during the crisis itself.
Critical exposure — undocumented regulatory risk at board level is a governance failure with compounding legal and financial consequences
Domain 3 of 10Financial
Financial Resilience & Crisis Capital
Financial pressure in a crisis does not arrive alone. It arrives simultaneously with legal costs, operational disruption, and revenue loss. The organisations that discover their financial vulnerability during a crisis pay the highest price — because reactive financial decisions under pressure are the most expensive kind.
If your organisation faced unplanned crisis-related costs of 15% of annual revenue over the next 90 days — legal fees, incident response, regulatory penalties, operational disruption — does your current financial position and insurance coverage absorb that without threatening operational continuity?
A
Yes — Absorbed with Minimal Impact
Reserve position, credit facilities, and insurance coverage would absorb this scenario. Crisis financial modelling has been reviewed at board level.
B
Possibly — With Significant Stress
We could likely absorb this but it would cause significant operational and strategic constraint. Insurance gaps may exist.
C
Unlikely — Would Threaten Continuity
This level of unplanned cost would threaten operational continuity or require emergency capital action. We have not modelled this scenario.
D
No — Existential Risk
This scenario would be existential. No reserve or insurance position adequate to absorb it. The exposure has not been modelled.
Critical exposure — underprepared financial position in a crisis accelerates and amplifies every other domain failure simultaneously
Domain 4 of 10Reputational & Media
Reputational Resilience & Crisis Communications
A reputational crisis can reach global scale within hours. The first 48 hours of communications determine whether a crisis is contained or catastrophic. Most organisations have never stress-tested their communications response under real pressure — and discover the gaps when it is already too late to close them.
If a significant negative story about your organisation broke publicly tonight — misconduct allegation, product failure, regulatory action, executive scandal — who would approve the first external statement, and how long would that realistically take?
A
Under Two Hours — Protocol Exists
Designated spokesperson, clear approval chain, holding statement templates, and legal review protocol are in place. Response capability is 24/7.
B
Two to Eight Hours
We know who to involve but convening people and building a response would take several hours. No pre-prepared crisis communications protocol.
C
Eight to Twenty-Four Hours
Communications and legal are not structured for rapid crisis response. Reaching all required approvals would take most of a business day.
D
No Defined Process
No crisis communications protocol. The narrative would be defined by others before we responded.
Critical exposure — delayed crisis communications is the single most consistently documented cost multiplier in reputational crises
Domain 5 of 10Operational
Supply Chain & Operational Continuity
Operational crises cascade faster than any other domain. A single point of failure halts revenue while simultaneously activating legal, financial, and reputational exposure. Most organisations do not know where their critical single points of failure are — until one fails under real pressure.
If your three most critical suppliers or operational dependencies failed simultaneously tomorrow — does a documented continuity plan exist that could maintain core operations and honour existing revenue commitments for 30 days?
A
Yes — Documented, Tested, Current
Continuity plans exist for all critical dependencies, alternatives are pre-qualified, and the plan has been tested within the last 12 months.
B
Partially — Plans Exist But Incomplete or Untested
Key dependencies have been identified. Continuity plans are incomplete or untested. We could manage for a limited period.
C
Limited — Dependencies Not Formally Mapped
Critical operational dependencies have not been formally mapped. A major disruption would require reactive decisions without a framework.
D
No Plan
No documented operational continuity plan. A major disruption would halt operations with no structured response available.
Critical exposure — unmapped operational dependencies are among the most common triggers of uncontrolled multi-domain crisis cascade
Domain 6 of 10Cyber & Information
Data Security & Coordinated Breach Response
Cyber breaches activate every other domain simultaneously. The technical breach is rarely the primary cost. The uncoordinated response — legal, regulatory, customer, and communications domains each operating independently without a single point of authority — is where the damage compounds far beyond what prepared response would produce.
If your organisation experienced a significant data breach today — who would be coordinating the response across legal, communications, regulatory, and technical domains simultaneously within the first two hours, and does that person have the authority to act across all of them?
A
Named Commander with Full Cross-Domain Authority
A named incident commander coordinates all domains simultaneously. Available 24/7. Protocol has been exercised within the last 12 months.
B
Technical Response Defined — Cross-Domain Unclear
A cyber incident response plan exists for the technical domain. Coordination across legal, regulatory, and communications is less clearly defined.
C
Fragmented — Each Team Responds Independently
Each team would manage their domain independently. No single person has explicit cross-domain coordination authority or accountability.
D
No Coordinated Response Plan
No defined coordinated breach response. We would be assembling a response team while the crisis escalated across all domains.
Critical exposure — fragmented cyber response is the defining failure mode in the most costly breach events on record
Domain 7 of 10Workforce & People
Key Person Risk & Leadership Continuity
The sudden loss, incapacitation, or public compromise of a key person creates a governance vacuum precisely when clear leadership is most critical. Industrial action, whistleblower events, and executive misconduct carry the same destabilising effect on an organisation already under multi-domain pressure.
If your CEO or most operationally critical executive became unable to perform their role tomorrow — due to health, legal proceedings, or a crisis directly involving them — is there a documented succession and command authority protocol the board could activate within 24 hours?
A
Yes — Documented Crisis Succession Protocol
Board-approved succession plan covering both planned and unplanned crisis scenarios. Reviewed within the last 12 months.
B
Partially — Understood But Not Formally Documented
The board understands informally who would step up. Not documented as a formal crisis governance protocol.
C
Limited — Planned Succession Only
Planned succession is covered. No protocol for crisis scenarios where the incumbent is personally involved in the crisis event itself.
D
No Plan
No formal succession or crisis command authority plan. Leadership continuity would be improvised under the worst possible conditions.
Critical governance gap — leadership vacuum in a crisis compounds and accelerates every other domain simultaneously
Domain 8 of 10Family & Personal
Executive Personal Crisis & Organisational Risk
A serious personal crisis affecting a key executive — false allegation, marital breakdown, health crisis, family emergency — does not stay personal. It affects leadership capacity and decision-making at precisely the moment clear leadership is most needed. Most organisations have no protocol for managing this intersection.
Does your organisation have a confidential protocol for supporting a key executive through a serious personal crisis — ensuring their wellbeing, protecting the organisation from secondary effects, and maintaining operational continuity — without requiring the executive to manage both simultaneously?
A
Yes — Confidential Protocol Exists
A defined approach protects both the individual and the organisation. Board and HR are aligned on how this is managed.
B
Partially — EAP and HR Process Only
EAP and standard HR processes exist. No specific protocol for senior executives whose personal crisis creates direct organisational risk.
C
Limited — Handled Case by Case
Executive personal situations are managed as they arise without a defined protocol. No structured response framework.
D
No — Not Considered as an Organisational Risk
Executive personal crisis as an organisational risk requiring a protocol has not been considered.
Significant exposure — executive personal crisis without organisational support creates compounding leadership and reputational risk
Domain 9 of 10Government & Institutional
Government Relations & Institutional Crisis
Government investigations, regulatory inquiries, parliamentary hearings, and coordinated stakeholder opposition can destabilise an organisation for years. Reactive engagement with government or institutional crisis — without a defined protocol — consistently produces worse outcomes at significantly higher cost than prepared response.
If your organisation became the subject of a government investigation, parliamentary inquiry, or coordinated regulatory action — does a response protocol exist that defines who leads the engagement, how the board is briefed, and how operational continuity is maintained throughout?
A
Yes — Protocol Exists and Has Been Reviewed
Government relations and regulatory investigation protocols are documented. Legal, board, and executive roles are clearly defined and current.
B
Partially — Legal Process Known, Wider Protocol Unclear
We understand how to manage the legal dimension. Coordination across communications, operations, and board governance during a sustained inquiry is less defined.
C
Limited — Would Rely on Legal Counsel Only
We would engage legal counsel and manage each development reactively. No pre-positioned protocol for sustained multi-domain government engagement.
D
No Protocol
No protocol for government or institutional crisis engagement. We would respond to each development without a defined framework.
Significant exposure — reactive engagement with government or institutional crisis consistently produces higher cost and longer duration outcomes
Domain 10 of 10Strategic & Governance
The War Room Question
The most dangerous moment in a crisis is when everyone is doing their job and nothing is getting better. Every specialist owns their piece. Nobody owns all of it. The absence of a single point of command authority — one person accountable for coordinating every domain simultaneously — is the defining failure mode in every major documented crisis event.
If a crisis event activated all ten domains simultaneously in your organisation today — who is the single person with the authority, the mandate, and the capability to coordinate the complete response across human safety, legal, financial, reputational, operational, cyber, workforce, personal, government, and strategic domains at the same time?
A
Named, Prepared, Available Now
A specific person is named, has been prepared for this role, and has board-level authority to coordinate all domains simultaneously.
B
Likely the CEO — No Defined Multi-Domain Protocol
The CEO would lead. No defined multi-domain coordination protocol exists. The CEO would also be managing the ongoing business simultaneously.
C
Unclear — Would Be Determined During the Crisis
Command authority would be established reactively. Different people might lead different domains without overall coordination.
D
Nobody — This Gap Has Not Been Addressed
No one has been identified or prepared to hold the complete picture across all ten domains simultaneously. This gap is unaddressed.
This is the gap. Every major documented multi-domain crisis occurred with this position unfilled. It is the most expensive gap in business.
Assessment Complete — Confidential Findings
Your Organisation's Ten-Domain Exposure Report
—
Exposure Index
Ten-Domain Exposure MapAll Domains Assessed
Benchmark — The Cost of the Gap
Key Findings
Baker Crisis Group — The Coordination Gap
"In a crisis — the specialists see their piece. Nobody sees all of it. That gap is where organisations lose everything they did not have to lose."
Every major documented crisis occurred in organisations with capable specialists across every domain. The gap was not expertise. It was coordination. Nobody held the complete picture simultaneously. Nobody ran the war room. Baker Crisis Group was built to close that gap — before a crisis occurs, and in the first 48 hours when every decision matters and every mistake is permanent.
The conversation worth having before a crisis forces it.
Baker Crisis Group offers a full Crisis Readiness Assessment for organisations that want to understand their complete multi-domain exposure and build a coordinated response framework before something serious occurs. It is not a cyber assessment. It is not a legal risk review. It is a complete analysis of what a single catastrophic event would activate simultaneously across your organisation — and what needs to be in place to manage it.
Email
kbaker@kevinbakerinc.com
WhatsApp
Direct message — immediate response
Engagement
By referral and private engagement
My experience in crisis operations is how you will sleep at night. — Kevin Baker, Crisis Operator. Baker Crisis Group. We don't advise on crises. We resolve them.
Request Full Crisis Readiness Assessment
Based on your results, a full ten-domain assessment with Baker Crisis Group will identify your complete multi-domain exposure and build a coordinated response framework. Leave your details and we will contact you within 24 hours.
✓
Request Received
Thank you. We will contact you within 24 hours to discuss your Crisis Readiness Assessment. Check your email for confirmation.