Lootok

Menu

What's new?

Lootok CEO to share a revolutionary approach to crisis and risk management at two industry events

See Sean Murphy speak at OSAC Crisis Management Forum and APTA’s Risk Management Seminar this August


Sean Murphy, CEO of the crisis management and business continuity consulting and technology company Lootok, will share his expertise and insights at two high-profile events this year. On August 7, he will present at the American Public Transportation Association’s (APTA) Risk Management Seminar in San Diego. Immediately following the APTA Seminar, Murphy will be a featured speaker at the U.S. Department of State’s Overseas Security Advisory Council (OSAC)’s Crisis Management Forum in Minneapolis on August 8 and 9.

The APTA Risk Management Seminar is the only risk management seminar dedicated to risk management professionals involved in transit risk management. This year’s agenda features new and creative thinking for risk managers—presenting cutting-edge concepts and challenges. With transportation and public entity risk managers at all levels of experience, the seminar includes several sessions on issues that transit risk managers face on a daily basis. Sean Murphy’s session will explore a modern approach to crisis and business continuity management that allows companies to maneuver in today’s complex world of threats.

Read Post

Press release: New leadership team paves the way for the future of Lootok

For more than 10 years Lootok has pushed the boundaries of traditional crisis management and business continuity (BC). “I launched Lootok with the singular vision of doing BC differently,” said Lootok CEO, Sean Murphy. “Global volatility and increased competition have escalated the need for companies to prepare for disruptions. While everybody knows that they should have a BC program, nobody wants to do the work. BC is only important when it’s too late, and when an incident does occur, any data and plans that have been collected typically remain untouched.”

Lootok continually confronts these challenges by offering fresh points of view on industry standards and new ways to transform programs to meet today’s highly networked environment. Sean Murphy explains: “I knew that BC was an essential part of business. The negative returns I so often saw were not the result of BC itself, but rather how it was implemented. At that point, I saw a major opportunity in going beyond the cookie-cutter approach and offering something of lasting value.”

With this goal, Lootok based its services on a deep understanding of industry expertise and interdisciplinary sciences.  Why integrate interdisciplinary sciences? It is a simple answer, according to Sean: “We get better results. Through integrating cognitive sciences, gamification, and branding concepts we capture higher-quality data, buy-in at all levels of the organization, and sizable costs savings through self-service and automation.”

2017 marked a reflective period in Lootok’s history, where the company restructured areas of the organization to yield even greater innovation and sharpened its services to Lootok clients. Lootok is excited to announce that there are four changes in its talent pool that set the stage for this evolution. 

New Lootok Leadership Team

Read Post

Join Lootok in Philly for RIMS 2017!

As you are making plans for the RIMS 2017 Conference in Philadelphia, make sure you don’t miss Lootok’s Sean Murphy and Jeremy Stynes speaking on Monday, April 24th. They will be exploring the psychology of risk, sharing innovative ways to market your program, and breaking down traditional myths of Business Continuity Management. All in our signature, non-conventional Lootok way. We hope you come and join us!

RIMS 2017: April 23-26th, 2017 | the Pennsylvania Convention Center | Philadelphia

Lootok Sessions on Monday, April 24 :
12:00 – 12:25 pm | Market Your Program Like a Product | Jeremy Stynes, President
1:00 – 1:25 pm | Five Myths of Operational Risk and Business Continuity Management | Sean Murphy, CEO
3:00 – 4:00 pm | Risk Shrink: Exploring the Psychology of Risk | Sean Murphy, CEO, Lootok; Hester Shaw, Internal Control Framework Director, GSK

Lootok Rims 2017 Philadelphia cheesesteak
Join Lootok for some juicy sessions on Business Continuity!

 

Read Post

Risky business: the risk matrix

Risky business: the risk matrix

In my previous two posts, I explored better ways of capturing your key assets, threats, and vulnerabilities. Now, we will take these ingredients and plot them on a risk matrix.

First, download Lootok’s risk matrix.

The risk martrix
The risk matrix

The risk matrix provides a way to think about the probability and consequences of risks. Typically, risk is measured using two variables: impact and probability, which make up the axes of matrix.

Both of these variables should be specifically defined before using the risk matrix to plot your risks. The first variable, impact, is a measure of how harmed or disrupted your business would be if the risk occurred. Impacts can occur across different areas, such as finance, regulation, or reputation. Within each impact area, a risk can cause a low or high impact.

Read Post

Risky business: Attackers and Defenders™

Risky business: Attackers and Defenders

Welcome back. In my previous post, I presented the first of three activities that Lootok uses to complete risk assessments.

Our second activity, Attackers and Defenders™, identifies threats and vulnerabilities. Remember: threats, vulnerabilities, and assets are the ingredients for a risk. Without these three ingredients, there is no risk. In this post, I will show you how to use this activity to identify your specific threats and vulnerabilities.

At Lootok we love Attackers and Defenders™ because it engages everyone in the room. It is competitive. It involves role-playing. It forces you to think creatively about your business, and most importantly it is fun, which is not a word often used in the same sentence as risk assessments and business continuity!

The Attackers and Defenders™ activity creates an environment for structured dialogue around your organization’s threats and vulnerabilities. The key objective of this activity is to define the threats and vulnerabilities facing your key assets. The activity helps you determine realistic threats to your assets, and the vulnerabilities that allow those threats to cause a disruption. You will also be asked to reach an agreed upon prioritization of your risks, complete with evidence that can be used for reporting, planning, and investment.

Read Post

Risky business: Value Map™

Risky business: Value map

In my previous posts about risk, I discussed why we need to consider it, why we have difficulty assessing it, and how to be more objective.

Next, I will explore a number of the activities that Lootok developed to help measure risk at your organization. The first activity is Lootok’s Value Map™. The Value Map™ helps you identify and visualize your organization’s assets. If you recall from the first post, an asset is one of the ingredients of risk.

The Value Map™ is exactly what it sounds like: a giant map on the wall depicting the environment for which you wish to do a risk assessment. The map can be a campus, a country, the globe, an IT map, a factory, or blueprints—whatever environment you wish to measure risk.

Lootok Value Map
Lootok Value Map™

Read Post

Crisis management expert, Eric Dezenhall, kicks off the BCI Author Series

The BCI is proud to introduce our first author interview with Eric Dezenhall on April 11th, 8:30-10:30 am, at the Harvard Club in New York City.

From Tiger Woods to Michael Jackson, Eric Dezenhall has been on the front line of high-profile crisis communications and public relations. Come hear his perspective on Trump vs Clinton, BP vs Goldman, fake news and much more. Eric is a world-renowned crisis management and public relationship expert with frequent appearances on NPR, CNN, FOX, CNBC, and MSNBC. He has written for the New York Times, the Wall Street Journal, Business Week, the Los Angeles Times, and USA Today; is a regular contributor to the Daily Beast, Huffington Post and CNBC.com. Learn more about Eric.

Seating limited to 50 seats. Register now!

Eric Dezenhall

Read Post

Risky business: Who cares about risk?

Risky business: Who cares about risk?

Welcome back to my series on risk and risk assessments. In my first post I discussed why it is hard to objectively assess risk, and I suggested ways to look at risk more objectively. If you missed it, check out post 1.

This post explores why we need to think about risk in the first place.

Risk is inherent to doing business, and there are only two strategies that organizations can employ when facing risk:

  1. You can accept your risk
  2. You can reduce or eliminate your risk

Read Post

Risky business: What is risk?

Risky business: What is risk?

Risk lurks in all facets of daily life. Luckily, many risks are small: like crossing against the light when there are no cars or trying the new, Ethiopian restaurant down the block. Other risks are high: like quitting your job and doubling down on a new start up. Through our experience working with global organizations, we’ve seen it all. 

In spite of the ubiquity of risks, we rarely analyze them objectively. We are all imperfect, and we rely on past experiences and our emotions to understand the world around us and guide our decision-making. On the one hand, it makes sense that we are wired this way— if we didn’t rely on experience and emotion, we’d have to consciously evaluate every single situation anew, and we’d become paralyzed. On the other hand, there is a downside to the efficiency of this wiring: it makes us awful at objectively estimating risk. For example, bad experiences cloud our ability to accurately measure the impact of risks, as well as their relevance. Other factors, such as media attention, immediacy, control, and choice (Psychologist Paul Slovic) work to further compound that lack of objectivity.

Read Post

Avoid the “wait-for-impact”​ culture - on your mark, get ready, get ready, get ready…

In our business, we can all identify with the feeling that something bad is looming—the next big power outage, unprecedented snowstorm, or vicious cyber attack is right around the corner. Sometimes it can feel like all we’re doing is getting ready for a negative event.

Many industry activities—things like assessments, plans, exercising, and auditing—help to create this “wait-for-impact culture.” As we evaluate endless industry standards, regulations, and consulting methodologies, there is a hyper-focus on documentation, policies, procedures, steering committees, and audits.

This methodical approach works with well-defined risks, or those threats that are so familiar to us that we’ve integrated them into the way we do business. But what about complex risk? The most procedural checklists and plans don’t account for managing those threats that we’ve yet to figure out. Risks that are still emerging and largely unknown are the ones that could actually leave us vulnerable.

Ten years ago, we developed Lootok’s BCM Model®* because we realized that it wouldn’t ever be enough for leaders to simply respond. For companies to stay competitive, leaders must be more proactive than ever to also consider threats that are on the horizon.

get ready,stay alert, take action, Lootok
Get ready, stay alert, take action!

Read Post

Inspiring commitment over compliance: the elusive dream of all risk managers

Why can’t risk management, crisis management, and business continuity be a rewarding experience that people actively desire to be involved with?

Lootok Experience Model

This question led us down a path of evaluating the phenomena of experience. What makes an experience good or bad or great? Why do we love some brands and hate others? Why do we join some groups and not others? Why do we love that cash-only, poor-service, overpriced empanada spot in a run-down building on the Lower East Side, but we would be outraged with the same service and accommodations at another restaurant? Unlocking the answers to these questions begins with understanding your target audience.

  1. Who are they?
  2. What do they care about?
  3. What do they struggle with?
  4. Why should they care about your program?

While the Demand Model® evaluates the engagement level of an audience, the Experience Model™ gives us the tools to increase that demand.

Read Post

Thomson Reuters: 2nd Annual Corporate Counsel Leadership Forum in NYC

Join me at the Thomson Reuters: 2nd Annual Corporate Counsel Leadership Forum. I will be moderating a panel on ‘The General Counsel’s Role in Business Continuity Management’. To register, contact 1-800-308-1700. Hope to see you there!

Thomson Reuters Conference NYC 2016

One of the sad realities of the “new normal” is the escalating specter of terrorism-related crises in the workplace. Though not exclusively tethered to data privacy concerns or security incidents, a business executive’s ability to manage unforeseen trauma is an essential (and largely unspoken) part of the modern day job description. This interactive workshop offers timely, practical, scenario-based coaching on how to handle the unforeseen at a moment of supreme hardship. Participants will walk away with a clear understanding of core tenets of business continuity management, as well as key techniques for coping with or better understanding terrorism’s ineffable vicissitudes.

Where: The Metropolitan Club
When: November 16, 2016, 1:45pm to 2:45 pm
Topic: Darkness Descends: The General Counsel’s Role in Business Continuity Management

 

Read Post

Lootok presents at the DC Analysts’ Roundtable

Join me at the DC Analysts’ Roundtable on November 14th!  I will be presenting on Business Continuity & Crisis Management.

The DC Analysts’ Roundtable is a collaborative body of practitioners in the fields of intelligence and risk analysis from the private sector and federal, state, and local agencies. The Analysts’ Roundtable promotes the professionalization of the intelligence and risk analysis communities through the sharing of best practices, information, and analytical training. Sign up by contacting DC.Analysts.Roundtable@gmail.com. Look forward to seeing you there!

Location: Lockheed Martin Global Vision Center Auditorium, 2121 Crystal Drive, Crystal City (Arlington), VA
Date: November 14, 2016, 12:30pm - 5:30pm
See full event details here.

DC Analysts Roundtable 2016

 

Read Post

Lootok presented at Continuity Insights 2016

Last week, Lootok presented with Matt Jarm from Mars Inc. about supply chain resiliency at the New York Continuity Insights Conference.

In our session, we covered the critical aspects of rolling out and maintaining a global supply chain operational risk – business continuity program.  Supply chain leaders are naturally gifted at managing risk, as it is part of their daily lives. But, supply chains are naturally dynamic (i.e., disruptive), which makes many of our traditional operational risk – business continuity techniques ineffective. Supply chain leaders need risk management techniques and tools to help them make decisions, solve problems, and communicate in complex environments.

Learning objectives covered:

  • Common pitfalls (i.e. too fast, too big) of risk and resiliency supply chain rollouts.
  • The necessary methodologies, tools, and roadmaps to be successful in today’s complex, nonlinear, supply-chain environments.

Download full presentation

Supply Chain Resilincy Lootok Continuity Insights 2016
Download full presentation

Read Post

Lootok presents at the Enterprise Risk Management Summit

Join me at the Enterprise Risk Management Summit in Las Vegas on November 2, 2016!

I will be speaking with Andrew Miller from ADP about linking reputation management, business continuity and crisis planning to strengthen risk resilience.

Where: Rio All-Suite Hotel & Casino in Las Vegas
When: November 2, 2016, 9:00am
What: Linking reputation management, business continuity and crisis planning to strengthen risk resilience

ERM conference 2016
We look forward to seeing you in Las Vegas!

Read Post

Risk Management’s Sweet Spot

Chris de Wolfe, global director of risk management at Mars Inc., shares his challenges of getting the global risk management program at Mars up and running.

“The CRM group had a lot to offer but was severely underutilized, which led to high insurance premiums, a high risk profile, and a significantly reduced resiliency and recovery capability,” Chris said.

Reflecting on how Mars as a business became a major success, de Wolfe decided that he needed to market and promote his own department in the same way. Partnering with Lootok, a risk management consultancy firm, he developed a strategy to engage with the employees in a fun yet educational way. He devised a 5- to 10-year plan, broken into 12- to 18-month strategies and individual project plans by mapping out all of the products and services that risk management offers. He conducted a perception survey and drew up a program based on the ABCs of risk management.

“The ABCs allowed people to understand that risk management not only provides insurance, but it also ensures that the business continues,” said de Wolfe.

Sean Murphy, CEO and founder of Lootok, said of de Wolfe:

“I’ve known Chris for 10 years and what differentiates him is that he treats his program as a business. He had a good program before but he wasn’t satisfied with it so he completely revamped it and is now reaping the benefits.”

Read full article

Read Post

Can a crisis make you a celebrity?

Picture of man speaking to the press
Ready or not.  Say, “Cheese!”

While artists, athletes, and performers struggle to make their mark in the public eye with a memorable act or viral moment, a different type of celebrity has been emerging on the scene - the spokesperson for a crisis.

Here’s a quick exercise to highlight the point:

Jeffrey Boyd, Lew Frankfort, and Stephen Hemsley. Do these names sound familiar?
If not, don’t feel bad. They are the CEO’s of Priceline.com, Coach, and UnitedHealth Group, respectively.

Now, how about the names Tim Cook and James Comey?
We can immediately recall them as the CEO of Apple and the FBI Director, respectively, feuding over a locked iPhone involving a federal investigation of the San Bernardino shooting.

The media diligently covered Cook and Comey’s debate for more than three months. During that time, both men emerged as stars in a cast of characters ranging from lawyers, judges, politicians, and even presidential candidates. The media and public tuned in to hear their perspectives on data privacy, security, technology, civil rights, and terrorism.

Read Post

Disaster Recovery for America interview on the Federal News Radio

I appeared on Federal News Radio and shared my thoughts on new approaches to risk management and how to develop an effective approach to business. You can stream the recording for free here: Interview with Sean Murphy

Look forward to hearing your thoughts and comments!

Sean Murphy on Federal News Radio
Sean on Federal News Radio

Read Post

Shaking Up the Status Quo: Innovations in Risk Management

Chris de Wolf (Mars) and I got back together in April at the RIMS’16 conference for an overwhelmingly well-received session where we talked about transforming the risk function from a program to a business.

“Shaking up the Status Quo - Innovations in Risk Management” gave us the opportunity to tell the story of how we reinvented risk management - business continuity. Long story short: We were looking for a better way.

 

Read Post

Lootok lights up the RIMS’16 Go Beyond conference

Please join us at RIMS’ annual conference in San Diego, April 10-13, 2016.  Lootok’s CEO and President, Sean Murphy, will be speaking at three separate events. The schedule for his sessions is listed below.

You can also get a sneak peak of Sean’s session on “Five Essential Crisis Management Capabilities” live on Twitter through RIMS live tweet chat. Join the conversation by following and using #RIMS16Chat on March 9, 2016 at 2:00pm EST.

RIMS organization logo
RIMS’16 Go Beyond

Read Post

Fresh perspectives: biggest challenge in risk management – metrics

What’s the biggest challenge in risk management? If you ask risk analysis expert Yossi Sheffi, it’s the lack of an industry metric. For example, when you choose a supplier, how can you quantify how risky your choice is? When it comes to metrics, Sheffi says, risk still remains an area where gut feelings and opinions play a major role. And the biggest challenge for risk managers? Defuse the responsibility for managing risk throughout the whole company.

Read Post

Fresh perspectives: resiliency strategies

Risk analysis expert Yossi Sheffi discusses two fundamental resiliency strategies that organizations can use to recover from an incident: redundancy and flexibility. Using the examples of Intel and Southwest Airlines, Sheffi talks about the role of redundancies, flexibility and interchangeability, and communication and culture to provide risk managers with realistic and practical approaches to consider.

Read Post

Fresh perspectives: risk matrix

Risk analysis expert Yossi Sheffi explores the capabilities and limits of the traditional risk matrix, and adds another axis called “detectability.” Detectability has to do with time dimensions, or how much time we have to prepare and react to a threat. There are some events, such as a cyberattack or theft of intellectual property, that have no warning; you realize their occurrence only after they hit you. While the standard use of the risk matrix is influenced largely by the past, adding detectability means greater opportunity to tackle impending threats.

Read Post

Debunking myth #3: The risk matrix measures risk

The risk matrix is a standard tool commonly used in risk assessments. It’s straightforward to use, and easy to explain. The only trouble is, the risk matrix doesn’t actually forecast or measure risk.

When used as a quantitative tool, the risk matrix is misunderstood. Our challenge as practitioners is to recognize the limitations of the risk matrix, so we can use it in a way that increases understanding of the threats around us. In this eBook, we explore how.

Download The risk matrix measures risk, the third myth in Lootok’s series on the five myths of business continuity management (BCM)!

The risk matrix measures risk
Myth #3: The risk matrix measures risk

See Myth #1: The plan is the promised land.
See Myth #2: You need a business impact analysis (BIA).
See Myth #4: It gets cheaper and easier.
See Myth #5: Best-in-class BCM software exists.

Read Post

Dr. Yossi Sheffi on crisis management

Dr. Yossi Sheffi, author of “Resilient Enterprise: Overcoming Vulnerability for Competitive Advantage,” discusses two of his favorite crisis management case studies with Sean Murphy.

Read Post

In D.C.? Meet Lootok at the Mid-Atlantic Disaster Recovery Association

In Washington, D.C.? Lootok’s Sean Murphy will be presenting at the Mid-Atlantic Disaster Recovery Association (MADRA) on “Quick, creative ways to energize your business continuity management program” and “Command and Control: A framework for crisis management” on July 8 at 12 noon.  Here are the details.

Read Post

Business continuity and the Sony data breach

A massive data breach at Sony Pictures Entertainment, which experts believe was targeted by North Korea as retaliation for a film depicting the assassination of its leader Kim Jong Un, has led to an international incident that has gained the attention of business continuity professionals. Even large companies like Sony can sometimes put business continuity planning on the back burner.  BC professionals say that attacks like this can sometimes change their minds.

Read Post

Seven insights from superstorm Sandy: a financial sector retrospective

$18 billion dollars. That’s the number estimated in damages caused by Hurricane Sandy just in the state of New York alone. With the unexpected turns that transpired amidst the super storm, all businesses were reminded of the importance of business resiliency.

Given the vast amount of information presented to-date, it is still very important that the financial sector revisit the surprises from Sandy to ensure that critical financial services are better protected. A team of experienced BCM advisors gathered the recommendations in the accompanying table from industry thought leaders in leading global financial services companies to learn from their perspectives.

Read Post

The missing factor in your risk assessment: detectability

Dr. Yossi Sheffi explains the “detectability axis,” which considers threats you can only detect only after the fact. This concept challenges our conventional methods of measuring risk using probability and impact.

Read Post

Emergencies happen. Are you ready?

September marks the 10th annual National Preparedness Month – a nationwide, month-long effort sponsored by the Federal Emergency Management Agency (FEMA) to encourage everyone to prepare and plan for emergencies. Across the country, there are a host of free educational events focusing on topics such as CPR training, preparedness outreach, and family safety.

family safety
family safety

 

Read Post