2015: Lessons learned, part III

ManageRisk diceIn part one and part two of this series, we explored how you can prepare your organization for future disasters. Lessons were drawn from a recent MIR3 webinar, 2015: A Year of Crisis and Communication; in this final post in the series, we’ll look at our last four lessons.

Lesson Nine: Insurance is part of the solution

If you look hard enough, you can now find insurance policies that cover cyber-breach response, crisis management, sexual molestation, deadly weapons, brand impact and other modern threats. Good coverage will provide critical support and response in the face of exposure.


Be sure to include insurance triggers in your test exercises to see how—or even if—your insurance company responds. Talk to your agent and make sure that all possible threatening scenarios are covered by your plan.

Lesson Ten: Crises have warning signs

We all know that natural disasters can be more or less prevalent depending on the season or on factors such as geography—so we take steps to be prepared during particular times of the year, or because a facility is located close to a fault line.

There are also behavior indicators that provide warning signs before violence occurs. If a person has violent intent, someone else is likely to know—this is true in 80% of investigated cases of workplace violence.


It makes sense to use predictive intelligence by using tools to track customer behavior and understand customer preferences. You can then apply that knowledge to the places where conversations most visibly happen in today’s society—social media platforms like Facebook and Twitter. (Interestingly, problems with a product that eventually lead to recalls are often first seen on social media; many cyber-breaches are identified the same way.) Failure to monitor threats and identify risk can be devastating in a crisis situation; you should consider using any and all ways to monitor risks ahead of time.

Lesson Eleven: What worked then, won’t work now

The rate of change is accelerating, disrupting business as usual and creating new risks all the time. For example, with the rush to the cloud, we face a world unlike anything we have experienced before—it used to take a fire or flood to compromise a company’s data. Now that can happen in a blink of an eye because of the actions of single person a world away.


Consider what has become obsolete in your own lifetime and project the same obsolescence into the future. Factor this risk into your business continuity strategies.

Lesson Twelve: The idea of data privacy is changing

Data privacy laws are changing before our eyes, with one recent example being the 2015 invalidation of Safe Harbor laws for the European Union. More stringent regulations are in place, and each country is establishing its own regulations. This opens the door to increased risk.


Your vendors need a strategy to use in place of Safe Harbor certification. What impact does this have on your own security regulations—and how will you ensure that your collection of contact information meets EU laws?

Summing up

Risk is growing, and your organization must grow and adapt to be prepared. By looking back, you can plan for the future. If you haven’t yet already, we invited you to read part one and part two of this series.