Written by Brad Law, New Zealand Country Manager.
On the 30th of October, New Zealand was again rocked by a 6.2 earthquake south-west of Taumaranui. This is nothing unusual for a Cantabrian, but my hotel in Wellington swaying and rolling certainly caused some beads of sweat.
A few hours later after my first meeting of the day, a contact calls me up to give an update on his two-year Crisis Management journey.
“Brad, she finally gave me a meeting. Looks like we’re moving ahead with this” he said.
Referring to his CEO, this contact had spent the better part of two years simply trying to get sign off on a company-wide, online Crisis Management Solution. It was a 6.2 earthquake only 200kms away that finally initiated interest.
I guarantee I’m not the only one who had this conversation on the 30th. In fact, you can see a genuine spike in password updates and McAfee/SAP subscriptions after a major cyber-attack like the WannaCry Ransomware attack in May 2017.
We shouldn’t be using an event as an excuse to investigate business disruption programs, but it can take a significant event to stimulate interest, that unfortunately will never change.
If by chance your CEO didn’t arrange a meeting after the 30th October’s earthquake, did you take it upon yourself to arrange one anyway? Although I don’t recommend waiting until an event, it is a perfect time to revisit the programs you want to implement and encourage interest to the next level.
The trap to avoid is when your executive team is only inspired to act post-event. RiskLogic often sees organisations doing three things:
1. Leaving their crisis team in the docks until it’s too late,
2. assuming if we’re in a crisis it’s too late,
3. failing to over-escalate followed by rapid de-escalation during an event.
The proven way around this is through training & exercising. Get your response team in a safe environment, practice the steps and prove your point around the importance of preparedness.
During the meeting
My contact finally got the call and was ready; she’d been waiting for this moment for a long time. We had discussed six months ago that the best way to make this meeting count was to essentially go in with a prepared proposal.
During the period where you’re not getting the call-up, you should be arranging all of that. Your job is to do this in-between events and ensure it’s seamless for when it needs reviewing and actioning. I know how hard it is to generate interest in this subject, but as resilience specialist, it’s our job to highlight the risks, all the time, not just post event to the leadership team.
Make it so straightforward, it’s impossible not to move forward on it.
There are other threats outside of EQs
Yes, believe it or not, New Zealand has other major crisis events that occur all of the time. The most common being cyber-attacks. They are silent killers for organisations and often go unnoticed until it’s far too late.
“…amazingly Brad, she didn’t want to talk about just earthquake plans. She was interested in whether insurance covers everything inline with a BC plan” my contact continued on our call.
If you’re subjected to a major cyber attack and fail to have plans in place, it’s highly unlikely your insurance provider will pay out for your lack of preparation. Even with something we can’t help, like natural disasters, insurance providers may fail to compensate you in the future. As I have mentioned in a previous article the insurance landscape is changing.
If you can get the chance of that meeting with your CEO, make it count, they don’t come around too often. Highlight the risks to them now, not post event, take action and get prepared.
Until next time, plan, do, check & act…