Seven tips for cyber exercises

Cyber%201By Dominic Cockram

Cyber attacks will continue to threaten business operations in 2016, with many commentators claiming that this year we could see ‘the big one’.

Organisations are increasingly focused on understanding the impacts a cyber attack could have on their operations and reputation. Many are now using cyber scenarios in their crisis exercises to test and validate their assumptions on how they would respond and reflect on the unique challenges a cyber attack could bring.

The exercises range from fully immersive simulations, that develop and build competence and confidence, by allowing a realistic replication of the pressures, issues and uncertainty, to desktop sessions, that provide leadership teams and broader management the opportunity to familiarise themselves with the nuances of a cyber response such as the awkward language and reporting processes.

Having run a large number of cyber exercises over the last 18 months, I thought it would be useful to share some of the common lessons.

Continue reading

‘Strategic’ and ‘operational’ resilience – establishing more comfortable bedfellows

Untitled-1By Dominic Cockram

The more I hear of the current discourse on organisational resilience, the more uncomfortable I find myself feeling.

The concept has been around for a long time and was brought sharply into focus in 2014 by the British Standard, BS 65000: Guidance on Organisational Resilience. As one of the editors, I was party to vivid and lengthy discussions and much positive disagreement as we ranged around the topic of organisational resilience, what it meant and how best to set it out in a standard. In the end, what came out was a ‘Guidance’ and that was an excellent result. Resilience is a complex and many faceted concept and it would have been wrong to go too far in framing an approach at this stage.

Continue reading

Launch of BS 65000, The new British Standard for Organisational Resilience

The GuildhallThe new British Standard, Guidance on Organisational Resilience (BS 65000: 2014) was launched on 27th November at the Guildhall in the City of London. The venue was an apt choice for the launch of a resilience Standard; built in the 15th century, the Guildhall is one of the older secular buildings in London not only surviving both the Great Fire and the blitz but also remaining relevant today as the high-tech home of the City of London Corporation and the setting for many banquets, receptions and corporate events.  This history of the Guildhall struck me as having parallels with the essence of organisational resilience described by Chairman of the BS 65000 committee, Dr Robert MacFarlane from the UK Cabinet Office. He emphasised that resilience is a dynamic concept requiring organisations not only to be able to continue with their business operations during a sudden change or disruption but also to adapt over time to keep pace with changes in their wider context in order to survive and prosper. It seems the Guildhall has managed this. Continue reading

Key Themes from the Crisis Management Conference 2014

IMG_0580Last month, we were delighted to welcome a capacity audience of international delegates to the Crisis Management Conference (CMC) 2014 in London.

The day had an auspicious start with the official launch of the new British Standard in Crisis Management, BS 11200 by the UK Cabinet Office and the British Standards Institution.  BS 11200 is the successor to PAS 200 and marks a significant point in crisis management as it codifies accumulated best practice into top-level guidance for organisations looking to implement a crisis management capability.

Continue reading

The Crisis Management Conference 2014; Planning for Prosperity with a Coherent Crisis Management Capability

CMC2014 logo.jpgThe 2014 Crisis Management Conference (CMC 2014) will take place in London on Thursday 18th September. Delegates will be given a unique opportunity to hear speakers from the BBC, Network Rail, John Lewis, UBS, O2, UK Cabinet Office and the University of Liverpool discuss their first-hand experiences in preparing, responding and communicating in crisis. Click here to see the full programme.

Crisis management was long associated with failure and a desire to “keep covert” any crisis plans and preparations. Today, however, it is a topic of success, heralding responsible guardianship for the future well-being of an organisation’s people, performance, assets and reputation. It signals excellence in governance and leadership and is seen as an integral part of an organisation’s resilience, enabling it to thrive, survive and seize opportunity. Continue reading

When the Heat is On – Social Media Fails

twitterbirdThe advent of social media has radically altered the context in which the reputation of an organisation is managed. Social media can be friend and foe. On the one hand, social media platforms are immensely powerful channels to reach stakeholders with your planned message but on the other, the same characteristics that enable this, namely speed of communication, prevalence and pervasiveness, can also precipitate and catapult an organisation into crisis.

The way that events transpire online and, more specifically, on social media platforms are now intimately linked to how organisations fare once times get tough. With 72% of all Internet users active on social media and over 500 million users on Twitter alone businesses can no longer afford to endure the potential for either reputational or financial damages that come hand in hand with todays social media crisis if poorly managed.

So, in the spirit of learning from the mistakes of others, we outline three top social media crises of last year and examine the lessons we can learn from them.

Continue reading

Crisis Management Planning 101: Learning from Asiana’s Mistakes

By Isobel Nicholas

South Korea’s Asiana Airlines was roundly criticised in the aftermath of its response to the crash of Flight 214 on Sunday 6th July 2013 at San Francisco airport, inflicting severe damage to its reputation.  The criticism largely stems from its silence in the hours after the crash and the lack of information made available to support victims of the crash and their families as they struggled to find out what had happened and whether their loved ones were involved.

Here we review what happened and look at what lessons in crisis management planning and crisis communications can be learned. Continue reading

Crisis Management in 360 degrees

By Dominic Cockram

For any Crisis Management Team to be effective, it needs a clear and shared understanding of what’s already happened, what’s happening now, and a vision of how the future might play out. This situational awareness is fundamental to managing a crisis — indeed it is the first stage in our ‘6 Steps to Controlling a Crisis’ (read the blog post here). It may seem basic, but there are too many cautionary tales of executives who had little or no idea of exactly what was going on as they tried to make critical decisions for anyone to consider it an ‘easy’ task.

Continue reading

Where next for organisational resilience?

By Dominic Cockram

Yesterday we gave a presentation at the BCM World conference entitled ‘‘Culture, Behaviour and Disciplines: Mapping the Needs for a Resilient Organisation” – Thanks to all who made it a great discussion about what creates resilience and how it can be benchmarked and mapped in a useful way.

It was excellent to gain feedback from business continuity practitioners – a (healthily) cynical and well-informed audience if ever there was one!

The key conclusions drawn from our presentation and the subsequent debate were: Continue reading

What makes a crisis ‘a crisis’?

By Dominic Cockram

The origins, causes and kinds of crises are many and varied, but all true crises share certain key features. The mix may change from incident to incident, but in any proportion they combine to create a complex, extremely sensitive and high-risk situation that demands extraordinary management.

An incident becomes a crisis to the organisation if it imposes:

  • An environment of unpredictability and surprise
  • A threat that is both dynamic and volatile
  • Disruption to normal ‘boundaries’
  • Stresses to established lines of accountability
  • Extreme complexity
  • Abnormal urgency and intense pressure on people and systems
  • Media scrutiny

Continue reading