While artists, athletes, and performers struggle to make their mark in the public eye with a memorable act or viral moment, a different type of celebrity has been emerging on the scene - the spokesperson for a crisis.
Here’s a quick exercise to highlight the point:
Jeffrey Boyd, Lew Frankfort, and Stephen Hemsley. Do these names sound familiar?
If not, don’t feel bad. They are the CEO’s of Priceline.com, Coach, and UnitedHealth Group, respectively.
Now, how about the names Tim Cook and James Comey?
We can immediately recall them as the CEO of Apple and the FBI Director, respectively, feuding over a locked iPhone involving a federal investigation of the San Bernardino shooting.
The media diligently covered Cook and Comey’s debate for more than three months. During that time, both men emerged as stars in a cast of characters ranging from lawyers, judges, politicians, and even presidential candidates. The media and public tuned in to hear their perspectives on data privacy, security, technology, civil rights, and terrorism.
“How did you go bankrupt?”
“Two ways. Gradually, then suddenly.”
- Ernest Hemingway, The Sun Also Rises
I was working with a head of risk management—the chief risk officer—at a global organization that does not have a GSOC. One night over dinner, I asked him why his organization didn’t have one, and suggested he spearhead the initiative. His response? “I’m not convinced we need one. The organization has always operated without a GSOC, so why start now?” He also said, “The reality is, we’re already doing it here and there. The system works fine. Let people do their thing.” Something that seemed so obvious to me and so unnecessary to him left me on the defensive and him on offense.
The reality is, if you’re a global organization, you need a GSOC—or some version of it. If you don’t have one, you will need to communicate the severity of the situation and get one. Allow me to illustrate the need for such capabilities so you can justify the business case to your leadership and board…
Sharing a few thoughts on cyber security…
I was on the phone last week with a data visualization expert and author discussing visualization problem solving—basically, how to solve problems or at least understand problems with pictures (i.e., drawing pictures). He asked a question about cyber security: “Why is a cyber threat so scary? Isn’t it just another threat?” He was right… in part—cyber is another threat, just like infectious disease, civil unrest, flood, power outage, fire, war, or accident. While we use common frameworks and capabilities for threats such as command and control, situation awareness, threat intelligence, common operating picture, common ground, and so forth, each threat has unique characteristics we need to consider. Why is cyber security on the top of every executive’s mind? It comes down to six (6) characteristics of a cyber threat:
There’s a mnemonic for these six (6) characteristics: “is wild.”
The risk matrix is a standard tool commonly used in risk assessments. It’s straightforward to use, and easy to explain. The only trouble is, the risk matrix doesn’t actually forecast or measure risk.
When used as a quantitative tool, the risk matrix is misunderstood. Our challenge as practitioners is to recognize the limitations of the risk matrix, so we can use it in a way that increases understanding of the threats around us. In this eBook, we explore how.
Download The risk matrix measures risk, the third myth in Lootok’s series on the five myths of business continuity management (BCM)!
The retail sector faces risk challenges ranging from cyber security threats to active shooter incidents. These threats, coupled with advances in new technologies, social media and public perceptions of risk have required the retail sector to reevaluate the resiliency of their business.
Written by Lootok’s Sweta Chakraborty and Iris Chung.
When it comes to managing risk, one oft-overlooked aspect is risk perception, or how we perceive a threat. What we believe or do not believe about risks has an enormous effect on how well we prepare ourselves for them, and the action we take when they occur. What factors into our fears, and how do they impact our decision-making?
Dr. Yossi Sheffi explains the “detectability axis,” which considers threats you can only detect only after the fact. This concept challenges our conventional methods of measuring risk using probability and impact.
Why all the ruckus about naming a winter storm? Sometimes, the intention behind the names is to draw the public’s attention to severe weather. While winter storms may not have as large of an impact as hurricanes, they can often be erratic; for example, dumping snow in one area while leaving nothing more than rain or fog in another. Now, it’s becoming clear that superstorms have hype cycles of their own.
When it comes to risk perception, we are notoriously prone to misconceptions. Whether fearing planes over bikes or elevators over stairs, we have a tendency to misjudge just how dangerous certain situations are.