Seven tips for cyber exercises

Cyber%201By Dominic Cockram

Cyber attacks will continue to threaten business operations in 2016, with many commentators claiming that this year we could see ‘the big one’.

Organisations are increasingly focused on understanding the impacts a cyber attack could have on their operations and reputation. Many are now using cyber scenarios in their crisis exercises to test and validate their assumptions on how they would respond and reflect on the unique challenges a cyber attack could bring.

The exercises range from fully immersive simulations, that develop and build competence and confidence, by allowing a realistic replication of the pressures, issues and uncertainty, to desktop sessions, that provide leadership teams and broader management the opportunity to familiarise themselves with the nuances of a cyber response such as the awkward language and reporting processes.

Having run a large number of cyber exercises over the last 18 months, I thought it would be useful to share some of the common lessons.

Continue reading

Volkswagen: a long road to recovery

By Dominic Cockram

220px-Volkswagen_logo_2012.svgIt has certainly been a busy few days for the VW crisis management team. If they had a mature and practiced crisis preparedness capability in place then hopefully they will have been hard at work for some time now. Suggestions are that others did have some foresight that all was not well in the industry from the roadside test reports, so there may have been some early work going on.

But, in facing this potentially overwhelming corporate crisis, how should VW set about managing the crisis, identifying their priorities and ensuring their reputation recovery? Continue reading

Getting ahead in the reputation game

Reputation Management Concept on the Cogwheels.Reputation and the importance of a good reputation is well understood; for businesses reputation is a vital and valuable commercial asset, albeit intangible. But how do organisations actively protect their reputation and manage the risks to it being damaged?

That is a harder question to answer. The 2014 Forbes Insights Survey found that 39 per cent of companies surveyed rated the maturity of their reputation risk programmes as “average” or “below average,” and only 19 per cent gave themselves an “A” grade for their capabilities at managing reputation risk. Clearly there is still much to be done – but what? In this blog, I offer some ideas for consideration and debate.

Influencers of corporate reputation 

External perceptions of quality, transparency and trust are key influencers of corporate reputation, as found by research published in the Edelman Trust Barometer (an annual survey of more than 5,000 informed publics in 23 countries), the Fortune 500 listing of the world’s most admired companies and the Reputation Institute. But herein lie the first two problems for reputation risk management.  Reputation is an intangible asset and its gift is in the hands of your stakeholders; both factors make it harder to gauge. Continue reading

Joining the crisis dots – How simulation exercising can create a culture of crisis sensitivity

By Dominic Cockram

As a crisis dotscrisis management professional, I have worked with many different crisis teams over the years. What has become apparent is that, in the majority of cases, those conducting the operational response to a crisis (and by that I mean at both the bronze/operational and silver/tactical levels) have little understanding of the strategic drivers, priorities and concerns, and potential challenges of the executive or ‘gold’ level.

This lack of understanding can fail to give those protecting the organisation’s license to operate what they really need to fulfil their role. Resulting in delayed escalation, incorrect assumptions and the transmission of skewed information to the top. Continue reading

Launch of BS 65000, The new British Standard for Organisational Resilience

The GuildhallThe new British Standard, Guidance on Organisational Resilience (BS 65000: 2014) was launched on 27th November at the Guildhall in the City of London. The venue was an apt choice for the launch of a resilience Standard; built in the 15th century, the Guildhall is one of the older secular buildings in London not only surviving both the Great Fire and the blitz but also remaining relevant today as the high-tech home of the City of London Corporation and the setting for many banquets, receptions and corporate events.  This history of the Guildhall struck me as having parallels with the essence of organisational resilience described by Chairman of the BS 65000 committee, Dr Robert MacFarlane from the UK Cabinet Office. He emphasised that resilience is a dynamic concept requiring organisations not only to be able to continue with their business operations during a sudden change or disruption but also to adapt over time to keep pace with changes in their wider context in order to survive and prosper. It seems the Guildhall has managed this. Continue reading

Key Themes from the Crisis Management Conference 2014

IMG_0580Last month, we were delighted to welcome a capacity audience of international delegates to the Crisis Management Conference (CMC) 2014 in London.

The day had an auspicious start with the official launch of the new British Standard in Crisis Management, BS 11200 by the UK Cabinet Office and the British Standards Institution.  BS 11200 is the successor to PAS 200 and marks a significant point in crisis management as it codifies accumulated best practice into top-level guidance for organisations looking to implement a crisis management capability.

Continue reading

Launch of BS 11200 – the new British Standard for Crisis Management

bs11200In May this year, the Cabinet Office and BSI published BS 11200 – the new British Standard for Crisis Management – Guidance and Good Practice.  Its official launch will be on 18th September in London.

Many would say the new Standard is long overdue; others that crisis management is already covered by ISO 22301, the International Standard for Business Continuity Management Systems.  However, whatever your view, no one can demur from the fact that BS 11200 covers the subject in far more depth and detail than any other Standard hitherto.

Continue reading

The Crisis Management Conference 2014; Planning for Prosperity with a Coherent Crisis Management Capability

CMC2014 logo.jpgThe 2014 Crisis Management Conference (CMC 2014) will take place in London on Thursday 18th September. Delegates will be given a unique opportunity to hear speakers from the BBC, Network Rail, John Lewis, UBS, O2, UK Cabinet Office and the University of Liverpool discuss their first-hand experiences in preparing, responding and communicating in crisis. Click here to see the full programme.

Crisis management was long associated with failure and a desire to “keep covert” any crisis plans and preparations. Today, however, it is a topic of success, heralding responsible guardianship for the future well-being of an organisation’s people, performance, assets and reputation. It signals excellence in governance and leadership and is seen as an integral part of an organisation’s resilience, enabling it to thrive, survive and seize opportunity. Continue reading

GM Recall: History Need Not Repeat Itself

toyotaGMlogoAs the US Department of Justice (DoJ) concludes a 4-year, billion dollar investigation into Toyota, Mary Barra, recently appointed CEO of General Motors (GM), has stepped into the firing line.

While Toyota is set to pay out a staggering $1.2Bn fine to the DoJ for covering-up fatal mechanical defects that caused their cars to ‘unintentionally accelerate’, GM recently announced a recall of 2.6 million cars with defects linked to 13 deaths. Their own cover-up began back in 2001.

The original intention of this post was a comparison of GM’s crisis leadership with that of Toyota’s during their damaging 2009 recall. However, with Toyota facing the largest criminal penalty ever levied against a car manufacturer, substantial recalls being announced almost daily (over 11 million vehicles so far this year) and GM being fined the maximum daily amount by the US National Highway Traffic Safety Administration, it has become clear that this is a much larger issue for the automotive industry as a whole.

Continue reading

Situational Awareness – supporting the CEO’s critical decision-making in a crisis

By Dominic Cockram

Situational awarenessThis blog is the second in a series that looks at the challenges of managing information in a crisis and how to ensure the top team gets the information it needs. The first looked at “Managing the Upward Flow of Information in a Crisis – What Matters Most?” Here managing information to build situational awareness is under the spotlight – how to pull together that cohesive and informative picture that gives the boss just what he needs and no more.

It is a fact that almost all crisis teams find information management one of the greatest challenges in responding to an incident. Why does this matter? It matters because effective information management is the bedrock that allows the critical decision-making by the strategic crisis management team that will lead an organisation out of a crisis.

Continue reading