117 industry professionals from more than 50 organizations came together at the end of February in Orlando for Everbridge’s first Critical Event Management Summit: Resilience. The theme of the meeting was elevating the value that security and business continuity groups provide to their stakeholders. Speakers and panelists came from a variety of customers, as well as expert industry analysts and consultants.
Here were some of the key messages and takeaways from Resilience.
Pathways to Elevating Value
Security and BC professionals can play an important role in both Value Preservation and Value Creation.
For Value Preservation, by aggregating threat data and analyzing it in the context of where company people, assets, suppliers, and responders are, they can anticipate major risks and speed response. For example, one speaker noted his company’s ability to confirm whether all of its people are safe within 30 minutes after a threatening event. Speed of response should be a KPI.
Marshalling a comprehensive view of risk data can shrink the “Mean Time to Know” and speed decision making. Panelists urged people to look broadly at what types of decisions they can impact: for example, adjusting plans to source raw materials or to secure inventory; risk analysis for where an organization can safely operate. Case examples from the auto industry demonstrated how averting reputational risks can have some of the biggest impact.
Ongoing deep understanding of the threat environment together with practiced plans of response can also enhance company differentiation and support growth. One panelist spoke of reflecting understanding of risks into proposals to win new business, another of the ability to gain competitive advantage by being able to safely operate where and when competitors can’t. This thread can be summed up by one quote that was used: The Brakes Are on the Car So You Can Go Faster.
Public-private coordination in managing major events like hurricanes also bestows benefits. Communications that do not send conflicting instructions and supporting resources for medical needs and evacuation make companies better partners with their local governments. This not only helps to protect residents but builds goodwill for the company as they navigate community relations.
A Call to Quantify
Sessions at Resilience focused on how to build the business case for an expanded security/BC role and also how to sort through priorities and allocate scarce resources. One speaker offered the following formula to guide quantification:
Risk = Threat x Vulnerability x Impact; meaning for each type of major threat estimate the likelihood it will occur, how vulnerable your organization is to that threat, and what would be the potential impact. Work with stakeholders from the groups that would be impacted within your company to estimate the impact so it a joint estimate not just your own.
Security and BC professional are often in the best position to understand what operational threats the organization faces and to speed initiation of response. And to sum up one speaker, People Who Have the Data are the Enablers.
Working with Other Stakeholders
A consistent theme during Resilience was that a broader organizational view to managing critical events is an imperative. Risks do not affect just one department, and you often cannot formulate the right response without a wider view. To get better and faster decisions, you need to connect the data analysis with the decision makers.
Panelists discussed techniques for working more organizationally wide. One spoke of doing exercises that demonstrate scenarios that require an integrated response. Another laid out how the GSOC started taking on tasks one-by-one for other parts of the organization and has evolved to become the communications hub for operational incidents company-wide. The GSOC began by performing communication tasks it was better able to do as a 24×7 operation.
Building Internal Support
Elevating security and BC’s role can often additional resources. Speakers provided advice on ways to build that support:
- Do independent assessments of capabilities and readiness. One company has leveraged outside vendors to capture metrics, and to measure progress over time from investments.
- Tell stories of how individual people and decisions were affected by better anticipating and more quickly responding to threats.
- Give tours of the GSOC. The onset or aftermath of a major event is a time when executive interest is often highest.
As Resilience’s first-day keynote speaker exhorted, operational risks can provide organizations that are well prepared to understand them and to act quickly an opportunity to create competitive advantage.