1000 Holcomb Woods Parkway | Suite 130 | Roswell, GA 30076 | 770-643-1114 | Fax: 1-800-418-9088

www.firestorm.com

Firestorm Insights December 2015

Critical Decision Support – The Year in Review

Page Intentionally Left Blank

Page | 3

Critical Decision Support – The Year in Review

December 2015

This brief is based on the webinar “Critical Decision Support – The Year in Review” presented by Harry Rhulen, Firestorm CEO and Co-Founder.

Communication Breakdown (It’s always the same)

Last time we discussed lessons learned from bad things happening… Today, we focus on the Year in Review and Critical Decision Support. So what do you do?

Where do you start?

PREDICT.PLAN.PERFORM.® – When a problem surfaces, most jump right to ‘PERFORM,’ skipping

the first two steps. By doing so, you run the risk that you have not fully analyzed the

vulnerabilities and exposures created by that problem.

Page | 4

Crises Are More Common Than You Think

A recent survey by Dawson Associates looking at New York State businesses found that 64% of these

businesses had called 911 during the

year. Of these, several had called

multiple times, with two calling over 100

times each.

Imagine if your business had to call 911

twice a week. The reasons for the calls?

52% were medically-related; 24% were

for crime and violence; 17% were for

fires and 7% were for hazardous

materials.

Lesson One

Crises are more common than you think

Many times people think about natural disasters wild fires, hurricanes, floods, earthquakes, tornados

and more. These certainly count, if they strike your business. We experienced our share of these events

again this year. People and businesses were surprised again by these events. The Red Cross states there

are over 70,000 disasters annually in America. The majority are fires. There are thousands of workplace

accidents annually.

Disasters can impact your business even if they do not

directly strike you. The most common failure in a

disaster is supply chain failure. Who are your critical

suppliers? Are they prepared? How do you know? Are

you sure? What metrics did you use when you reviewed

their plans? When was your company’s last

vulnerability/threat analysis?

Lesson Two

Most companies are not ready

The same Dawson survey found 85% of the companies

did have a plan and 90% of those with a plan updated it

at least annually.

Firestorm has found that these plans, at best, tell people

‘what to do,’ but not ‘how to do it.’ Any confusion in a

crisis proves deadly. 30% of the companies surveyed had

Page | 5

never held a drill or exercise and 26% held just one basic drill a year. While 50% did a threat assessment,

only 35% did a Business Impact Assessment (BIA) to identify financial and operational impacts.

Emergency supplies were not considered until too late. Do you have an independent third party test

your plans?

Violence is Ever Present

Lesson Three

Violence is ever present and growing

OSHA states that there are over 2 million episodes of workplace violence annually in America. Just

watch the news tonight to see the latest story.

Parents, students and teachers see shootings in schools as an ever present reality. Daily, there are

dozens of stories of guns in schools that bring this new reality home.

Homegrown terrorism remains a top concern with the lone-believer striking in the name of a cause.

Do you have a program to identify behaviors of concern before they escalate into violence?

Page | 6

Lesson Four

Civil unrest is alive and well

Racism is a reality and an issue across

America. Whether Ferguson, Baltimore

or your town, we see racism being the

spark to bring groups into the streets.

‘Black lives matter’ is heard as a call to

action.

The presidents of two universities were

forced to resign over their responses to

racism. Civil unrest begins as a response

to acts of discrimination. The response

grows into violence, economic disruption

and more disorder. All sides of the

underlying issues use the resulting violence as proof for their actions and beliefs.

Ignoring the underlying causes or using them as reasons for violence assures racism will continue to

impact our lives. Remember ‘Occupy Wall Street’? It looks tame now. Do you have a plan for civil

unrest?

Lesson Five

Employee actions can destroy a brand

This year we have seen a franchise brand, Subway, tarnished by a spokesperson’s scandal and

criminal actions. Volkswagen engineers rigged computers to improve emissions results.

Firestorm responds several times a week to crises nationally. We find that employees make

decisions that management would never expect. There is minimal management oversight.

Page | 7

Unfortunately, these employees did exactly the wrong thing at the wrong time and in the wrong

way. We hear “no one would ever do ________ (insert statement here).”

Unfortunately, yes they would and have done so. Many companies will be defined by these

actions for years to come, if they can even survive. The new ISO standard for quality now

includes risk. Have you conducted a business crisis-risk audit?

Lesson Six

Speed is quality

We live in an instant world. Digital communications and smart phones make everyone a photo journalist

with the ability to reach millions instantly. Whatever is happening to your company, someone is sharing

the story and pictures. Your every action, response and words have the ability to become a part of the

public conversation immediately. You take years to build your business, and can see it destroyed in 140

characters.

Historically, we used to have binders to store business continuity plans. Then and today, they gather

dust on a shelf. They are not available as employees evacuate a building. Plans on networks become

unavailable at critical moments. Today, if your plans are not on your employees’ smart phones, you

don’t have actionable plans. When was the last time you trained your employees on your plans?

Lesson Seven

Cyber Risk impacts everyone – even if you don’t know it

A cyber breach is a business problem, not an IT problem. Criminals attack organizations daily.

Tens of millions of us see our personal information stolen by criminals. These criminals are both individuals and hostile governments. The FBI states that all businesses have been breached.

It is so common that most consumers don’t take response actions when informed that their data has been stolen.

Ted Kopple’s new book identifies a cyber-attack bringing down the grid. His interviews with numerous Homeland Security leaders indicate that the risk is real and expected. Have you identified what your company will do without energy for weeks?

Page | 8

Cyber risk is not an IT issue, it is a business

issue. Lesson Eight Insurance remains a part of the solution

New coverages like cyber breach response, crisis management, sexual molestation, deadly weapons and brand and reputation coverages have emerged to assist companies at risk.

These policies provide critical decision support and response capabilities in the face of expanding exposures. Not all policies are the same. Insurance is not a one size fits all solution.

A recent review of a company’s cyber insurance policy identified that it would not cover the very exposures identified by the test exercise that was conducted. Do you include insurance triggers in your test exercises to see how or even if your insurance responds?

Lesson Nine

Crises are predictable – Design a Predictive Intelligence

Network

Your geographic location is a

factor in many of the natural

disasters you face. There are clear

indicators of behaviors of concern

that provide warning signs before

the violence occurs.

Creating a predictive intelligence

network identifies communications regarding

potential violence. Today, 80% of the time, if a

person has violent intent, someone else

knows; 67% of the time, two or more people

know. When people know they talk. Today,

people talk on social media. Many product

problems leading to recalls are first seen on

social media.

Page | 9

Most cyber breaches are identified first by comments seen on social media. One of the top five

failures in a disaster or crisis is the failure to monitor all threats and risk identified. How do you

monitor your identified risks?

Lesson Ten

The biggest crisis risk factor - The rate of change

We live in an instant world that is constantly changing. The rate of change is disruptive to “business

as usual.” A crisis is business as unusual. What we did last time won’t work this time.

The only real constant is the rate of change we are experiencing in every aspect of our businesses.

As the internet of things joins the rush to the cloud, we face a world unlike what we have

experienced before. Companies that defined a brand sector no longer exist because others

recognized the new rate of change reality.

Think of what has become obsolete in your own lifetime. What are you doing to identify the

business crisis-risk indicators in your business?

Your plans will be tested in 2016. Will this be before a crisis or in a crisis?

PREDICT.PLAN.PERFORM.®

Next Steps

Do you want to know what will happen tomorrow?

Can you afford not to know?

Contact Firestorm to learn how to:

Participate in a Virtual Cyber Risk Exercise with

your team:

Page | 10

December 14th

Align your plans to best practices

Create your own Intelligence Network

Schedule CRISIS COACH® training

Attend any of our other webinars by registering here.

View previous Webinars on our YouTube Channel.

Download a Brief from previous sessions.

Page | 11

What’s Next? Download a Brief.

No-Fee Self-Assessment

Receive a no-fee, Self-Assessment & Expert Analysis ($2,500 value). Link: http://www.firestorm.com/engage-us/contact-firestorm

Contact Us

www.firestorm.com | (800) 321-2219 | 1000 Holcomb Woods Parkway Suite 130 Roswell, GA USA 30076