1000 Holcomb Woods Parkway | Suite 130 | Roswell, GA 30076 | 770-643-1114 | Fax: 1-800-418-9088
www.firestorm.com
Firestorm Insights December 2015
Critical Decision Support – The Year in Review
Page Intentionally Left Blank
Page | 3
Critical Decision Support – The Year in Review
December 2015
This brief is based on the webinar “Critical Decision Support – The Year in Review” presented by Harry Rhulen, Firestorm CEO and Co-Founder.
Communication Breakdown (It’s always the same)
Last time we discussed lessons learned from bad things happening… Today, we focus on the Year in Review and Critical Decision Support. So what do you do?
Where do you start?
PREDICT.PLAN.PERFORM.® – When a problem surfaces, most jump right to ‘PERFORM,’ skipping
the first two steps. By doing so, you run the risk that you have not fully analyzed the
vulnerabilities and exposures created by that problem.
Page | 4
Crises Are More Common Than You Think
A recent survey by Dawson Associates looking at New York State businesses found that 64% of these
businesses had called 911 during the
year. Of these, several had called
multiple times, with two calling over 100
times each.
Imagine if your business had to call 911
twice a week. The reasons for the calls?
52% were medically-related; 24% were
for crime and violence; 17% were for
fires and 7% were for hazardous
materials.
Lesson One
Crises are more common than you think
Many times people think about natural disasters wild fires, hurricanes, floods, earthquakes, tornados
and more. These certainly count, if they strike your business. We experienced our share of these events
again this year. People and businesses were surprised again by these events. The Red Cross states there
are over 70,000 disasters annually in America. The majority are fires. There are thousands of workplace
accidents annually.
Disasters can impact your business even if they do not
directly strike you. The most common failure in a
disaster is supply chain failure. Who are your critical
suppliers? Are they prepared? How do you know? Are
you sure? What metrics did you use when you reviewed
their plans? When was your company’s last
vulnerability/threat analysis?
Lesson Two
Most companies are not ready
The same Dawson survey found 85% of the companies
did have a plan and 90% of those with a plan updated it
at least annually.
Firestorm has found that these plans, at best, tell people
‘what to do,’ but not ‘how to do it.’ Any confusion in a
crisis proves deadly. 30% of the companies surveyed had
Page | 5
never held a drill or exercise and 26% held just one basic drill a year. While 50% did a threat assessment,
only 35% did a Business Impact Assessment (BIA) to identify financial and operational impacts.
Emergency supplies were not considered until too late. Do you have an independent third party test
your plans?
Violence is Ever Present
Lesson Three
Violence is ever present and growing
OSHA states that there are over 2 million episodes of workplace violence annually in America. Just
watch the news tonight to see the latest story.
Parents, students and teachers see shootings in schools as an ever present reality. Daily, there are
dozens of stories of guns in schools that bring this new reality home.
Homegrown terrorism remains a top concern with the lone-believer striking in the name of a cause.
Do you have a program to identify behaviors of concern before they escalate into violence?
Page | 6
Lesson Four
Civil unrest is alive and well
Racism is a reality and an issue across
America. Whether Ferguson, Baltimore
or your town, we see racism being the
spark to bring groups into the streets.
‘Black lives matter’ is heard as a call to
action.
The presidents of two universities were
forced to resign over their responses to
racism. Civil unrest begins as a response
to acts of discrimination. The response
grows into violence, economic disruption
and more disorder. All sides of the
underlying issues use the resulting violence as proof for their actions and beliefs.
Ignoring the underlying causes or using them as reasons for violence assures racism will continue to
impact our lives. Remember ‘Occupy Wall Street’? It looks tame now. Do you have a plan for civil
unrest?
Lesson Five
Employee actions can destroy a brand
This year we have seen a franchise brand, Subway, tarnished by a spokesperson’s scandal and
criminal actions. Volkswagen engineers rigged computers to improve emissions results.
Firestorm responds several times a week to crises nationally. We find that employees make
decisions that management would never expect. There is minimal management oversight.
Page | 7
Unfortunately, these employees did exactly the wrong thing at the wrong time and in the wrong
way. We hear “no one would ever do ________ (insert statement here).”
Unfortunately, yes they would and have done so. Many companies will be defined by these
actions for years to come, if they can even survive. The new ISO standard for quality now
includes risk. Have you conducted a business crisis-risk audit?
Lesson Six
Speed is quality
We live in an instant world. Digital communications and smart phones make everyone a photo journalist
with the ability to reach millions instantly. Whatever is happening to your company, someone is sharing
the story and pictures. Your every action, response and words have the ability to become a part of the
public conversation immediately. You take years to build your business, and can see it destroyed in 140
characters.
Historically, we used to have binders to store business continuity plans. Then and today, they gather
dust on a shelf. They are not available as employees evacuate a building. Plans on networks become
unavailable at critical moments. Today, if your plans are not on your employees’ smart phones, you
don’t have actionable plans. When was the last time you trained your employees on your plans?
Lesson Seven
Cyber Risk impacts everyone – even if you don’t know it
A cyber breach is a business problem, not an IT problem. Criminals attack organizations daily.
Tens of millions of us see our personal information stolen by criminals. These criminals are both individuals and hostile governments. The FBI states that all businesses have been breached.
It is so common that most consumers don’t take response actions when informed that their data has been stolen.
Ted Kopple’s new book identifies a cyber-attack bringing down the grid. His interviews with numerous Homeland Security leaders indicate that the risk is real and expected. Have you identified what your company will do without energy for weeks?
Page | 8
Cyber risk is not an IT issue, it is a business
issue. Lesson Eight Insurance remains a part of the solution
New coverages like cyber breach response, crisis management, sexual molestation, deadly weapons and brand and reputation coverages have emerged to assist companies at risk.
These policies provide critical decision support and response capabilities in the face of expanding exposures. Not all policies are the same. Insurance is not a one size fits all solution.
A recent review of a company’s cyber insurance policy identified that it would not cover the very exposures identified by the test exercise that was conducted. Do you include insurance triggers in your test exercises to see how or even if your insurance responds?
Lesson Nine
Crises are predictable – Design a Predictive Intelligence
Network
Your geographic location is a
factor in many of the natural
disasters you face. There are clear
indicators of behaviors of concern
that provide warning signs before
the violence occurs.
Creating a predictive intelligence
network identifies communications regarding
potential violence. Today, 80% of the time, if a
person has violent intent, someone else
knows; 67% of the time, two or more people
know. When people know they talk. Today,
people talk on social media. Many product
problems leading to recalls are first seen on
social media.
Page | 9
Most cyber breaches are identified first by comments seen on social media. One of the top five
failures in a disaster or crisis is the failure to monitor all threats and risk identified. How do you
monitor your identified risks?
Lesson Ten
The biggest crisis risk factor - The rate of change
We live in an instant world that is constantly changing. The rate of change is disruptive to “business
as usual.” A crisis is business as unusual. What we did last time won’t work this time.
The only real constant is the rate of change we are experiencing in every aspect of our businesses.
As the internet of things joins the rush to the cloud, we face a world unlike what we have
experienced before. Companies that defined a brand sector no longer exist because others
recognized the new rate of change reality.
Think of what has become obsolete in your own lifetime. What are you doing to identify the
business crisis-risk indicators in your business?
Your plans will be tested in 2016. Will this be before a crisis or in a crisis?
PREDICT.PLAN.PERFORM.®
Next Steps
Do you want to know what will happen tomorrow?
Can you afford not to know?
Contact Firestorm to learn how to:
Participate in a Virtual Cyber Risk Exercise with
your team:
Page | 10
December 14th
Align your plans to best practices
Create your own Intelligence Network
Schedule CRISIS COACH® training
Attend any of our other webinars by registering here.
View previous Webinars on our YouTube Channel.
Download a Brief from previous sessions.
Page | 11
What’s Next? Download a Brief.
No-Fee Self-Assessment
Receive a no-fee, Self-Assessment & Expert Analysis ($2,500 value). Link: http://www.firestorm.com/engage-us/contact-firestorm
Contact Us
www.firestorm.com | (800) 321-2219 | 1000 Holcomb Woods Parkway Suite 130 Roswell, GA USA 30076