This article was originally published on Forbes.com on December 16, 2019
What keeps you up at night?
If you are an executive or an officer of a corporation or the leader of any large organization, the answer, sadly, equates to a growing number of things. Escalating threats from cybersecurity, violence, severe weather, and geopolitical unrest endanger things you care about, including your people, customers, facilities, supply chain, and brand.
Additionally, the increasing complexity of a mobile workforce and of an interconnected IT infrastructure compounds the challenge to protect your assets. While these problems might seem intractable, fortunately, emerging new technology and associated best practices can enable you to actively manage these threats and mitigate their impact.
Collectively called Critical Event Management (CEM), this digital approach represents an emerging and important set of standards that forward-looking CEOs and boards increasingly incorporate into how they govern operational risk from unplanned events. As an added benefit, use cases associated with CEM also deliver significant return on investment (ROI) through increased revenue and reduced costs.
In just the last year, independent security experts tracked nearly 980 million instances of total malware, a whopping 1,985 percent increase since 2010. The FBI reported the number of mass shootings spiked by an alarming 2,600 percent since 2000. We’ve also witnessed 432 percent growth in the number of terrorist incidents according to the Global Terrorism Database since 2000. Even Mother Nature seems up in arms: the number of significant natural disasters jumped from 515 in 2000 to 848 in 2018, a 65 percent increase, per a leading reinsurance company.
These risks come at a cost. Each year, critical events create economic losses of hundreds of billions of dollars according to Munich Re and others. The U.S. Department of Labor identified that workplace violence alone costs 1.2 million workdays every year. In another example, Gartner estimates the average cost of IT downtime at $300,000 per hour.
Macro changes add to the scope and complexity of containing the damage. With the adoption of Internet of Things (IoT), more than 75 billion devices are projected by IHS Inc. to be connected to the Internet by 2025, which dramatically increases potential vulnerabilities. Business travel and telecommuting combine to create a predominantly mobile workforce, making each company’s distributed population of employees even harder to account for and protect.
Chief executives experience more pressure than ever to not only be effective at generating returns for their investors but to also be vigilant custodians for their communities and their employees. When something goes wrong, public blame often points first to the corner office, so it’s understandable why C-suite officers and board members may be losing sleep.
Historically, most major companies have governance frameworks to assess static strategic risks. Increasingly, given the dynamic nature of today’s threat environment, business leaders require an additional operational risk framework that assesses readiness for unexpected events, from those that disrupt daily revenue generation or put people in jeopardy, to others that represent existential threats to brand and reputation.
What leaders really need to do is to get ahead of the problem. This doesn’t mean, of course, that we can stop a hurricane from raging ahead. But it does mean that we can anticipate its impact sooner, break down silos of information, and use automation, big data, and analytics to minimize the impact the disaster might have on our business or organization. As a result, we can re-route supply chains to ensure stock availability, divert travelers to protect life safety, call back available workers to operate stores or branches, restore IT operations more quickly, provide greater assistance to our communities in times of trouble, and the list goes on. The return on being proactive vastly outweighs the costs of any systems or planning required.
An emerging category of standards and related enabling software, CEM, deployed today by close to a third of the Fortune 250 and spreading rapidly, brings digital transformation to managing a business disruption. CEM delivers everything from advanced warning of potential problems to better coordination of risk intelligence and execution of recovery plans across command centers once an event happens.
How does CEM work? It aggregates risk data from multiple sources in real time, including intelligence gathered from the field and activity on social media; it determines how relevant the threats are to your organization and alerts appropriately; CEM initiates and tracks execution of response plans and procedures, informing all stakeholders; it analyzes performance so you can identify bottlenecks and improve results over time. The supporting CEM software builds in rules around standard operating procedures so organizations can meet compliance requirements, while providing decision makers with up-to-the-minute information in order to make necessary adjustments.
Most importantly, CEM systems enable organizations to reduce the time to act. More time creates more options, providing businesses with the situational awareness, automation, and therefore peace of mind to turn your response and management of a critical event from reactive to proactive, eliminating or mitigating the threat and impact to your people, business and brand.
“The return on being proactive vastly outweighs the costs of any systems or planning required…”
A few examples will illustrate how these new tools transform managing threats, going far above ordinary risk management to avoid pitfalls and open up new opportunities. During recent hurricanes, a major hotel chain more accurately and quickly identified which properties would be directly impacted by the potential of follow-on flooding. CEM allowed the organization to only close impacted properties and keep others open, proactively moving guests to properties that remained out of harm’s way while retaining revenues and improving guest satisfaction.
Similarly, a large biotechnology company that does business in more than 100 countries around the globe leveraged CEM technology in the week leading up to a major tropical storm. Because the platform enabled the company to observe possible threats in a streamlined, coherent way, its executives realized that their business depended heavily on one component, supplied by a single source located in Puerto Rico. Anticipating the disruption, the company accelerated an order for $3.5 million of material before the storm made landfall, thereby avoiding a shortage that would have otherwise risked hundreds of active clinical trials.
Other examples include a major oil services firm that determines within 15 minutes if any of its employees have been impacted by violent acts anywhere in the world, empowering the company to put in place procedures to operate safely in new geographies. A major manufacturer has eliminated downtime due to winter weather disruptions to their supply chain which was costing them $20,000 per minute. They proactively identify threats to planned shipments and reach out to suppliers to verify whether they can still ship, and if not, source from alternate suppliers or increase safety stock. A major restaurant chain has reduced its system downtime by 36 hours annually by decreasing the mean-time-to-resolution (MTTR) per incident by 85 percent, from 20 minutes down to 3 minutes, resulting in a savings of more than $3 million.
By constantly watching all of the threats that might affect the ongoing operations of a company, from its employees, customers and stores to its supply chains, and by taking action in real time whenever necessary, CEM delivers a significant ROI in multiple ways. First, CEM greatly reduces or can altogether eliminate the cost of downtime. Second, it improves the bottom line, enhancing revenue and lowering costs by enabling operations. Thirdly, CEM enhances workforce retention: employees who feel cared for and protected, even when they are away from the office, are more likely to stay with a company. And finally, it helps boost reputation, which is far more vulnerable in an era of social media where criticism can often be swift and merciless.
Unfortunately, there’s not much evidence that the threat environment will abate anytime soon. Thankfully, while risks are increasing, we continue to improve our ability to prepare, manage and contain them. Just as digitization connects more devices and brings to the forefront the ability to use analytics to improve operating performance with insight, it also enables us to become much more proactive in how we deal with the unexpected. That, at the very least, should help those of us who run companies or organizations to get a better night’s sleep.