Never just wait for something to happen, plan for it

There are always lessons to be learnt for resilience from security incidents - no matter how grave.

Crises Control partners Resilience First recently held a breakfast meeting, under Chatham House rules, with industry experts speaking openly and honestly about their own experiences. They underlined a number of verities that stand the test of time: -

  • Risk mind-sets must change; attacks might be unforeseen and unprecedented but not unimaginable. Think beyond the predictable.
  • There is no substitute for exercise. Use these to identify your weaknesses.
  • No one individual has all the skills and qualities that a response team needs. Personalities are different and may need differing assets to be successful when tested.
  • Trust your team. Executives will need information and guidance to make decisions in evolving situations. Trust is only built up over time, from exercises and action during live events.
  • All levels of management must have trust in each other so that escalation and de-escalation of response can be both effective and timely and not jeopardised by the approachable individuals.
  • All communications are dependent upon “knowing the truth, and why it is true”. In this modern age “No Comment” is no longer acceptable. Something must be said even if it is that you are looking into the matter.
  • Never just wait for something to happen. Plan for it to happen and be proactive, putting in place the processes, governance, skills and systems for the organization to respond.

The commercial world is littered with major organizations that have failed to prepare and take the necessary investment steps - the NHS, Talk Talk, Google, Tesco Bank, the House of Commons. The list is rich in organizations whose vulnerability was tested and found wanting. The belief that “it happens to other people and companies - not me or ours” has been proved to be a lie. Yet, surprisingly it still prevails.

Bottom line impact may well be the excuse for lack of investment in preventative measures and all departments including “Resilience and Continuity” live to a budget. Yet there is no need to reinvent the wheel at considerable cost– there are specialist organizations that can help. Crises Control is a scalable communications tool that enhances business continuity, resilience and recovery processes. A multi-award-winning leader within the field, Crises Control aids the containment of potentially catastrophic events as well as day-to-day incidents.

Richard Barnes