Critical events not only disrupt business processes, but they can also put workers, customers and other stakeholders in physical and financial peril. Today’s threat landscape has never been more complicated. From severe weather and civil unrest to the ongoing pandemic, risk is more dynamic and multi-faceted in its effects than ever before.
That’s why it’s essential to not only have a plan for managing critical events, but also to regularly assess your organization’s level of preparedness. This includes a thorough review of your plan’s viability in light of all existing and emerging threats. Given the inherent difficulty of assessing one’s own ideas, how likely is it that most organizations are objective about their readiness for critical events?
The State of Risk Preparedness
As surprising as it may seem, the majority of organizations struggle to proactively manage the increasing scope and intensity of risk, according to a new commissioned study by Forrester Consulting on behalf of OnSolve. In August 2021, Forrester asked 469 decision-makers in risk, security and business continuity at midsize to large enterprises in North America and the U.K. to evaluate the current state of their risk management and critical event management strategy.
The results indicate expectations and plans are significantly out of alignment:
- More than half of respondents indicated their organization’s risk response is less than effective.
- Only 38 percent said becoming more proactive is a key goal of critical event management today.
- The majority indicated they expect to see over 100 percent improvement in the next 18 months.
- Only 17 percent have tapped an enterprise risk management (ERM) team to lead their critical event management (CEM) efforts.
- Just one percent distribute responsibility for critical event management across the entire organization, making holistic CEM harder.
Do these results feel uncomfortably familiar?
4 Key Competencies of Critical Event Management
The disconnect indicated in this research does not bode well for critical event outcomes. Fortunately, there’s a way to resolve it – by evaluating core CEM capabilities, organizations can vastly improve their response strategy.
To do so, a practical and actionable blueprint is necessary to balance the impact of risk with the cost of the technology and resources that will reduce it. Below are the components.
How does your organization stack up in each of these areas?
- Risk Intelligence: Do you have a means of obtaining timely, contextual and relevant information as critical events unfold?
- Critical Communications: Can you reach everyone immediately with targeted and timely updates about the scope, location and expected impact of an incident?
- Incident Management: Are you able to detect, record, assess and address the crisis and then promptly return to normal functions? Can you conduct a post-resolution review via an audit trail?
- Control Center-Level Visibility: Does your existing technology provide a big picture overview including real-time status changes for informed decision-making?
The Value of an Objective Assessment
Most likely, you’re unsure about at least one of the above four areas. To obtain accurate and detailed feedback, it’s vital to remove the bias associated with a self-review. This is where a structured, objective assessment will deliver the actionable data specific to your organization, including recommendations for improvement, such as investment in technology solutions. With these insights, you can begin to enact real change.
After determining the gaps in your strategy, it’s time to focus on mastering the core capabilities of CEM. Research demonstrates this process of continual improvement leads to better proactive awareness, responses and outcomes. Organizations with highly effective CEM capabilities are more likely to:
- Monitor both information security risk and overall business risk.
- Have an effective or optimized response to all manner of business risk.
- Feel confident in their firm’s ability to keep up with increasingly complicated risk management.
These aren’t the only benefits you’ll receive – organizational resilience goes hand in hand with the growth mindset that arises out of regular objective evaluations. Knowledge is power. Get a better grip on your organization’s level of preparedness by taking the OnSolve Risk Intelligence Assessment today.