In the aftermath of the US Capitol attacks, critics dissected the security response – a failure to predict leading to a sluggish, reactive response. And that’s often how we review incidents of civil unrest, through the prism of security operations. But we might be missing something crucial by this limited focus – namely the role of crisis management in securing key assets.
It was mere months ago that a bomb threat gripped Australian schools. But already, educational institutions and other organisations might be forgetting the lessons.
While those threats turned out to be hoaxes, the risk remains real. How to prepare your organisation?
2020 was no doubt a year for the crisis record books. So, what can crisis leaders expect in the year ahead? Not Nostradamus-level prognostication, here, but the safe bet is on the acceleration of severe weather events.
Remote work has taken off since the start of the pandemic, and so has the cyber threat. Already in March, online attacks had shot up six times their February levels. As we now know, that surge would only accelerate – to dire consequences for businesses already struggling to respond to COVID-19.
What can organisations do to respond to the crisis threat? These crisis planning practices will help.
Just last month, there were five named storms in the Atlantic all at once – a rarity last seen in the early 1970s. Nor is the Atlantic the only hotspot for storm activity. The interim Royal Commission investigation into last season’s bushfires also forecasted increasingly “erratic” storms hitting Australia.
For crisis leaders battered by COVID-19 yet still in the path of surging storms, it’s not only time to dust off your severe weather preparedness plans but also to get acquainted with the Incident Command System (ICS).
Most businesses entered the coronavirus crisis with a false sense of confidence in how prepared they were to handle a major crisis. Sure, they might have learned better. But how long will those lessons stick? A good way to tell is by figuring out whether and how often your clients are exercising their crisis response plans and scenarios.
We’ve said it before. Producing the assets that are relevant to the context of your organisation will only strengthen a business case for the business continuity planning resources needed to maintain acceptable levels of risk – once you’ve measured them.
But what would those resources look like? We argue, practical business continuity technology should be part of the mix. Why? Well, during moments of disruption, every minute matters. And manual processes are ill fitted to help you meet recovery time objectives (RTOs). Read on to find out why.
Ensuring compliance with regulatory requirements is critical to your client’s business. But crisis and business continuity planning – often mandated by law – shouldn’t be a box-ticking exercise. Unfortunately, too many of your clients fall into the trap. What risks do they face treating crisis preparedness as a compliance-first practice?
First things first: regulatory mandates following crises are ubiquitous – that’s been the case far before the onset of the COVID-19 crisis. In the U.S., for instance, employers with more than ten workers must have written emergency action plans that specify what workers and others at the workplace should do in the event of an emergency.
With a surge of coronavirus cases around the world, new reports of workplace closures due to fear of exposure are emerging outside of coronavirus-epicenter, China, and outbreak hotspots like Hong Kong, South Korea, and Italy.
For those of us that had forgotten, the outbreak and spread of the coronavirus (COVID-19) to multiple continents should remind us that the risk of a critical global health incident must be factored into crisis and business continuity planning – and not just for companies with exposed supply chains.
The risk of the novel coronavirus to global supply chains is significant, experts say. And it’s easy to see why. For one, there is no historical precedent for the potential impact of the coronavirus on increasingly complex, global supply chains.
As of mid-February, over 64,000 cases of the novel coronavirus (COVID-19) have been reported, with wartime measures increasingly becoming the norm throughout mainland China. The reach of the coronavirus, however, is global. The World Health Organization (WHO) has already declared a public health emergency of international concern.
Nowadays, firms can expect some form of value-destroying corporate crisis at least twice a decade. And even those numbers might be too optimistic. In fact, a 2018 Forrester survey found that a full 100 percent of companies experienced a critical event in the last two years. Many dealt with multiple.
Ensuring compliance with regulatory requirements is critical to your business. But crisis and business continuity planning – often mandated by law – shouldn’t be a box-ticking exercise. Unfortunately, too many firms fall into the trap. What risks do those companies face treating crisis preparedness as a compliance-first practice?
Eighty-four percent of organisations have a crisis management plan in place according to Deloitte’s global crisis survey, “Stronger, fitter, better.” Unfortunately, they don’t test those plans regularly.
When crises strike, leaders convene crisis management teams comprised of internal experts. You know, senior managers with the requisite professional and technical expertise to deal with the critical event at hand.
Since the early 1990s, colleges and universities in the U.S. receiving federal funding have been mandated by law to disclose information about crime on and near their campuses. In fact, it’s the pre-condition to participating in programs associated with Title IV of the Higher Education Act, which covers federal grants, loans, and work-study programs.
Take a look at the figures. Eighteen percent of all violent crimes occur in the workplace. Victim deaths are especially high in retail.
Everywhere you turn, disruptive critical events are in the news – so too, the companies they affect. Just look at the Forrester report, Take A Unified Approach To Critical Event Management: the study finds that 100 percent – yes, you read that right – of companies surveyed had experienced a critical event in the last two years. That’s not even the full extent of it. Many of those companies actually dealt with multiple incidents during that time frame: the average was four, discrete critical events in a two-year period.
By now, most know at least the outlines of the story. In October 2018, Lion Air Flight 670 crashed into the Java Sea on a domestic route from Jakarta to Pangkal Pinang in Indonesia. All 189 passengers and crew on board were killed. Weeks later, engine failure forced a Norwegian Air Shuttle flight to make an emergency landing in Iran. And more recently, on March 10, 2019, Ethiopian Airlines Flight 302 crashed just minutes after takeoff from Addis Ababa, Ethiopia on its way to Nairobi, Kenya. As in the case of the Lion Air crash, all 150-plus passengers and crew on board perished. The common factor between the seemingly isolated incidents? The aircraft in all three flights belonged to a relatively new line of planes: the Boeing 737 Max 8.
Over the last few years, companies have taken major steps to get their crisis preparedness house(s) in order. For instance, the 2016 Institute of Crisis Management (ICM) Annual Crisis Report found that only half of all global organizations had crisis management plans in place. Fast forward to this year, when Deloitte released the findings of its global survey of 500 crisis management executives. That study, “Stronger, fitter, better: Crisis management for the resilient enterprise,” showed that no less than 84 percent of companies had crisis management plans in place. Not the same sample set, to be sure, but still a major jump in crisis management preparedness. But though companies seem to have cottoned on completely to the crisis threat, they’re not out of the woods quite yet. That’s because the reality of crisis is completely different than the ersatz version you’ll find in crisis plans and simulations.
When compliance aims drive your crisis planning, they do so to your detriment. I know, sounds a little counter-intuitive, especially when regulators mandate that businesses prepare emergency plans for the workplace.
It’s December, and the new year approaches. But before we usher in 2019, let’s take a look back on the year in corporate crisis.
For retailers, the holiday season means big bucks. Last year's, the most robust in a decade, saw sales top $690 billion in the U.S. alone. Add in European sales, and that figure jumps up to one trillion dollars.
California is ablaze. Northern California’s Camp Fire has already become the deadliest in the state’s history. The Woolsey fire, rampaging through heavily-populated Los Angeles and Ventura counties, is comparable in size to the city of Denver. For crisis leaders, it’s past time to dust of those corporate crisis plans and get serious about severe weather preparedness.
How much did corporate reputations slump during the financial crisis? A lot, at least according to industry actors at the time. For instance, when polled in 2009, 85 percent of executives agreed that the public’s trust in business had diminished.
GDPR has officially been on the books for a few months now. So what do the new regulations mean for the world of finance?
Cyber-criminals are unrelenting
The numbers in last month’s Facebook data breach were big. All told, 30 million accounts were potentially affected, with hackers stealing personal information from 14 million Facebook users. But, as big as those numbers are, the data breach is actually part of an even larger story: it’s a stark reminder, if ever we needed it, that cyber-criminals are waging a never-ending battle.
When it comes to data breaches, no sector is more vulnerable than retail – that includes finance, insurance, and hospitality. In the U.S. alone, 75 percent of retailers have experienced some form of data breach since opening. A whopping 50 percent of retailers experienced a breach just last year. And that’s up from 19 percent the year before – a staggering year-on-year increase.
So far this year, the U.S. has already been hit by six storms, excluding the recent Hurricane Florence, that were each severe enough to inflict at least $1 billion in damages. Together, these storms caused more than thirty deaths.
Hurricane Florence—which recently struck the Southeast U.S. leading to severe flooding in the Carolinas—caused an estimated $20 billion in damages, possibly higher given that estimates on the monetary cost are still being estimated, and led to more than forty deaths.
Team-driven operational planning is the key to most successful incident response efforts, even severe weather emergency response. For instance, the people on your school’s severe weather emergency response team will be the ones helping you craft, implement, and refine your plan. Here’re some tips to help you choose wisely:
Selling goods on the market? Then you know the product recall threat can’t be understated. Defective products are already a leading cause of liability loss, according to insurance giant, Allianz. And the overall toll of consumer goods incidents to (just) the U.S. economy: $1 trillion plus per year. You can’t make this stuff up.
Businesses aren’t playing around, waiting for crisis. At least, not any more. As the crisis threat grows in kind and intensity, organizations in all major industries have taken notice. Now, some 80 percent of business leaders believe that their organizations are only a year away from a potential crisis.
Building or updating your school emergency lockdown plan? Smart move. As you probably know, during the first half of the year, the US averaged over one active school shooting incident per week. What’s more, the number of bomb threats also seems to be rising. The need for school emergency lockdown planning has never been greater.
As students of all ages head back to school this fall, one topic on administrators’ minds will be school safety, and that means preparing for the possibility of an active shooter on campus.
And preparation is becoming more important. There were 30 percent more school shootings in the U.S. during the 2017-2018 school year than in 2016-2017, and the number of guns found on campus soared by 267 percent, according to a new report from the nonprofit Educator’s School Safety Network (ESSN). The report also says that during a crisis, teachers and school administrators are often the first first responders, and if they’re not prepared, everyone is more vulnerable.
So how can schools respond effectively to an active shooter incident? We offer three key ways.
One of the great unknowns, severe weather happens everywhere, at any time, causing untold devastation often with little to no advanced warning.
In some contexts, like when you’re making a Rotisserie chicken, the impulse to “set it, and forget it” makes sense. It’s been market tested, after all. In other domains, like crisis preparedness, the “set it, and forget it” instinct only leads to long-term ruin. So why then do so many teams fall prey?
They’ve done it. Your company has finally made that investment in crisis management planning. You’re one of the point people tasked with creating a crisis management plan.