There's not a company worth its salt that hasn’t, at least, given some consideration to crisis planning. Most of our crisis planning is based upon basic risk management strategies. Come up with a bunch of potential scenarios, apply some analysis to get a handle on likelihood and impact, and then come up with mitigation and management strategies.
You might even go as far as detailed scenario planning and carrying put practice exercise. For many of us, this can include things such as red/blue teams or corporate exercises.
But what happens when a tour business is faced with the completely unexpected disaster. Something that seemed so fantastic as to be impossible? For example, consider the devastation that was wracked by Hurricane Katrina in 2005 or the earthquakes that destroyed Christchurch in February 2011. Are there lessons that we can learn from those events?
What sets these sorts of events aside from other disasters isn't their severity – it's that they are unprecedented. For example, parts of Australia suffer from fires and floods regularly. Although these events are tragic and severe, we have lots of experience dealing with them. So, we have reasonably well understood processes and authorities for dealing with those incidents. But those other incidents are both large and completely unexpected so the established methods for dealing with crises break down.
James E. Beakley, the Director Project White Horse 084640 Research at Haines Security Solutions, points out that communication is key. In a recent presentation at the ISC West Convention in Las Vegas, he cited the example of the recent disappearance of Malaysian Airline Flight MH370.
"They revealed that they were 700 miles off where they ought to be. Why was that? The people that were working the aerodynamics and fuel consumption weren't talking to the people who were working the satellites".
The lesson – make sure that communication channels between key personnel are open. Often, traditional incident management revolves around assigning an incident manager who coordinate everything. When protocols are well understood this can work but in an unconventional crisis, knowing what information is critical and getting the right people to communicate is harder as you'll be dealing with many unknowns.
"The situations are such that when you look at what you see, you don’t get the feedback you need to make the right decisions," said Beakley.
He equates it to starting the process after having been "hit in the back of the head with a shovel". You're starting the recovery process from a position of extreme uncertainty.
In these situations, it might be tempting to go to your standard disaster process in such a process but Beakley says that taking these actions, when there are many more unknown factors than known factors, may actually exacerbate the issues.
Engaging in exercises where extreme events are played out can be a worthwhile activity. The most important thing that companies should take away from this practise is what they learn from their failures. It also helps them, in Beakley's view, to stop doing what they know to do and look for what they actually need to do.
"It's not about doing what you know, but knowing what to do," he said.
A further key element in successfully responding to an unconventional crisis is getting the right people in charge. Citing the example of what happens with the military in forward zones, Beakley said that sometimes, higher ranking officers need to delegate authority to the people on the front line and, at times, take direction for those with either better information or greater expertise.
Beakley emphasised the importance of doing the most you can to stay ahead of problems by being vigilant and prepared. It is unusual, even during an unconventional crisis, for an incident to escalate without any warning. It's important to listen to experts and deploy resources before a situation gets out of control. It's better to establish a response team and deploy resources prematurely and not use them, rather than be too cautious in deploying resources. The writer attended ISC West without any vendor sponsorship.
This article is brought to you by Enex TestLab, content directors for CSO Australia.