Lootok

Menu

What's new?

Press release: New leadership team paves the way for the future of Lootok

For more than 10 years Lootok has pushed the boundaries of traditional crisis management and business continuity (BC). “I launched Lootok with the singular vision of doing BC differently,” said Lootok CEO, Sean Murphy. “Global volatility and increased competition have escalated the need for companies to prepare for disruptions. While everybody knows that they should have a BC program, nobody wants to do the work. BC is only important when it’s too late, and when an incident does occur, any data and plans that have been collected typically remain untouched.”

Lootok continually confronts these challenges by offering fresh points of view on industry standards and new ways to transform programs to meet today’s highly networked environment. Sean Murphy explains: “I knew that BC was an essential part of business. The negative returns I so often saw were not the result of BC itself, but rather how it was implemented. At that point, I saw a major opportunity in going beyond the cookie-cutter approach and offering something of lasting value.”

With this goal, Lootok based its services on a deep understanding of industry expertise and interdisciplinary sciences.  Why integrate interdisciplinary sciences? It is a simple answer, according to Sean: “We get better results. Through integrating cognitive sciences, gamification, and branding concepts we capture higher-quality data, buy-in at all levels of the organization, and sizable costs savings through self-service and automation.”

2017 marked a reflective period in Lootok’s history, where the company restructured areas of the organization to yield even greater innovation and sharpened its services to Lootok clients. Lootok is excited to announce that there are four changes in its talent pool that set the stage for this evolution. 

New Lootok Leadership Team

Read Post

Avoid the “wait-for-impact”​ culture - on your mark, get ready, get ready, get ready…

In our business, we can all identify with the feeling that something bad is looming—the next big power outage, unprecedented snowstorm, or vicious cyber attack is right around the corner. Sometimes it can feel like all we’re doing is getting ready for a negative event.

Many industry activities—things like assessments, plans, exercising, and auditing—help to create this “wait-for-impact culture.” As we evaluate endless industry standards, regulations, and consulting methodologies, there is a hyper-focus on documentation, policies, procedures, steering committees, and audits.

This methodical approach works with well-defined risks, or those threats that are so familiar to us that we’ve integrated them into the way we do business. But what about complex risk? The most procedural checklists and plans don’t account for managing those threats that we’ve yet to figure out. Risks that are still emerging and largely unknown are the ones that could actually leave us vulnerable.

Ten years ago, we developed Lootok’s BCM Model®* because we realized that it wouldn’t ever be enough for leaders to simply respond. For companies to stay competitive, leaders must be more proactive than ever to also consider threats that are on the horizon.

get ready,stay alert, take action, Lootok
Get ready, stay alert, take action!

Read Post

Inspiring commitment over compliance: the elusive dream of all risk managers

Why can’t risk management, crisis management, and business continuity be a rewarding experience that people actively desire to be involved with?

Lootok Experience Model

This question led us down a path of evaluating the phenomena of experience. What makes an experience good or bad or great? Why do we love some brands and hate others? Why do we join some groups and not others? Why do we love that cash-only, poor-service, overpriced empanada spot in a run-down building on the Lower East Side, but we would be outraged with the same service and accommodations at another restaurant? Unlocking the answers to these questions begins with understanding your target audience.

  1. Who are they?
  2. What do they care about?
  3. What do they struggle with?
  4. Why should they care about your program?

While the Demand Model® evaluates the engagement level of an audience, the Experience Model™ gives us the tools to increase that demand.

Read Post

Risk Management’s Sweet Spot

Chris de Wolfe, global director of risk management at Mars Inc., shares his challenges of getting the global risk management program at Mars up and running.

“The CRM group had a lot to offer but was severely underutilized, which led to high insurance premiums, a high risk profile, and a significantly reduced resiliency and recovery capability,” Chris said.

Reflecting on how Mars as a business became a major success, de Wolfe decided that he needed to market and promote his own department in the same way. Partnering with Lootok, a risk management consultancy firm, he developed a strategy to engage with the employees in a fun yet educational way. He devised a 5- to 10-year plan, broken into 12- to 18-month strategies and individual project plans by mapping out all of the products and services that risk management offers. He conducted a perception survey and drew up a program based on the ABCs of risk management.

“The ABCs allowed people to understand that risk management not only provides insurance, but it also ensures that the business continues,” said de Wolfe.

Sean Murphy, CEO and founder of Lootok, said of de Wolfe:

“I’ve known Chris for 10 years and what differentiates him is that he treats his program as a business. He had a good program before but he wasn’t satisfied with it so he completely revamped it and is now reaping the benefits.”

Read full article

Read Post

Can a crisis make you a celebrity?

Picture of man speaking to the press
Ready or not.  Say, “Cheese!”

While artists, athletes, and performers struggle to make their mark in the public eye with a memorable act or viral moment, a different type of celebrity has been emerging on the scene - the spokesperson for a crisis.

Here’s a quick exercise to highlight the point:

Jeffrey Boyd, Lew Frankfort, and Stephen Hemsley. Do these names sound familiar?
If not, don’t feel bad. They are the CEO’s of Priceline.com, Coach, and UnitedHealth Group, respectively.

Now, how about the names Tim Cook and James Comey?
We can immediately recall them as the CEO of Apple and the FBI Director, respectively, feuding over a locked iPhone involving a federal investigation of the San Bernardino shooting.

The media diligently covered Cook and Comey’s debate for more than three months. During that time, both men emerged as stars in a cast of characters ranging from lawyers, judges, politicians, and even presidential candidates. The media and public tuned in to hear their perspectives on data privacy, security, technology, civil rights, and terrorism.

Read Post

Should global organizations have a global security operations center (GSOC)?

“How did you go bankrupt?”
“Two ways. Gradually, then suddenly.”

- Ernest Hemingway, The Sun Also Rises

I was working with a head of risk management—the chief risk officer—at a global organization that does not have a GSOC. One night over dinner, I asked him why his organization didn’t have one, and suggested he spearhead the initiative. His response? “I’m not convinced we need one. The organization has always operated without a GSOC, so why start now?” He also said, “The reality is, we’re already doing it here and there. The system works fine. Let people do their thing.” Something that seemed so obvious to me and so unnecessary to him left me on the defensive and him on offense.

The reality is, if you’re a global organization, you need a GSOC—or some version of it. If you don’t have one, you will need to communicate the severity of the situation and get one. Allow me to illustrate the need for such capabilities so you can justify the business case to your leadership and board…

GSOC

Read Post

Why are cyber threats on top of every executive’s mind?

Sharing a few thoughts on cyber security…

I was on the phone last week with a data visualization expert and author discussing visualization problem solving—basically, how to solve problems or at least understand problems with pictures (i.e., drawing pictures). He asked a question about cyber security: “Why is a cyber threat so scary? Isn’t it just another threat?” He was right… in part—cyber is another threat, just like infectious disease, civil unrest, flood, power outage, fire, war, or accident. While we use common frameworks and capabilities for threats such as command and control, situation awareness, threat intelligence, common operating picture, common ground, and so forth, each threat has unique characteristics we need to consider. Why is cyber security on the top of every executive’s mind? It comes down to six (6) characteristics of a cyber threat:

  1. Intentional
  2. Speed
  3. Wild
  4. Interconnectedness
  5. Location
  6. Detectability

There’s a mnemonic for these six (6) characteristics: “is wild.”

Person under cyberthreat
Cyber attack

Read Post

Fresh perspectives: biggest challenge in risk management – metrics

What’s the biggest challenge in risk management? If you ask risk analysis expert Yossi Sheffi, it’s the lack of an industry metric. For example, when you choose a supplier, how can you quantify how risky your choice is? When it comes to metrics, Sheffi says, risk still remains an area where gut feelings and opinions play a major role. And the biggest challenge for risk managers? Defuse the responsibility for managing risk throughout the whole company.

Read Post

Fresh perspectives: resiliency strategies

Risk analysis expert Yossi Sheffi discusses two fundamental resiliency strategies that organizations can use to recover from an incident: redundancy and flexibility. Using the examples of Intel and Southwest Airlines, Sheffi talks about the role of redundancies, flexibility and interchangeability, and communication and culture to provide risk managers with realistic and practical approaches to consider.

Read Post

Fresh perspectives: risk matrix

Risk analysis expert Yossi Sheffi explores the capabilities and limits of the traditional risk matrix, and adds another axis called “detectability.” Detectability has to do with time dimensions, or how much time we have to prepare and react to a threat. There are some events, such as a cyberattack or theft of intellectual property, that have no warning; you realize their occurrence only after they hit you. While the standard use of the risk matrix is influenced largely by the past, adding detectability means greater opportunity to tackle impending threats.

Read Post

Understanding the risk environment: Sean Murphy discusses nonlinear environment with Gary Klein

I had the pleasure to interview Gary Klein the author of “Seeing What Others Don’t,” “Streetlights and Shadows,” “Working Minds,” and “Sources of Power.” His research and experience is invaluable to anyone in the field of risk management. In this interview, Gary talks about the difference between a well-ordered domain (i.e., normal business environment) and complex domain (i.e., crisis environment). Understanding the characteristics and attributes of each environment is critical to understanding what tools, processes, and capabilities needed to be successful in each environment.

Read Post

Debunking myth #2: You need a business impact analysis (BIA)

Many of us business continuity management (BCM) professionals are convinced that a business impact analysis (BIA) is a “must-have” for any company. On top of that, we often believe the more information we gather, the better. But after the enormous effort to collect mountains of data and conduct endless interviews, we end up with little value to show for it.

Doing a BIA is expected of us, but do companies actually need a BIA? I guarantee that conducting an extensive BIA project is a quick way to exhaust your resources, stall your program agenda, and taint the reputation of your program. But if you’re willing to question why you’re doing a BIA, and then facilitate the process in a practical way for participants, you can maximize your investment. This eBook explores how to do this, and why it matters.

Download You need a business impact analysis (BIA), the second myth in Lootok’s series on the five myths of business continuity management (BCM)!

You need a business impact analysis (BIA)
Myth #2: You need a business impact analysis (BIA)

See Myth #1: The plan is the promised land.
See Myth #3: The risk matrix measures risk.
See Myth #4: It gets cheaper and easier.
See Myth #5: Best-in-class BCM software exists.

Read Post

Dr. Yossi Sheffi on crisis management

Dr. Yossi Sheffi, author of “Resilient Enterprise: Overcoming Vulnerability for Competitive Advantage,” discusses two of his favorite crisis management case studies with Sean Murphy.

Read Post

Debunking myth #1: The plan is the promised land

As BCM professionals, we’ve long believed in the myth that a plan is our key to recovery during a disruption. Often, we hyper-focus on the plan as undeniable proof that the right actions will be taken in an incident. This is the worst possible approach. Learn why in our eBook, The plan is the promised land, the first in Lootok’s series on the five myths of business continuity management (BCM)!

The plan is the promised land
Myth #1: The plan is the promised land

See Myth #2: You need a business impact analysis (BIA).
See Myth #3: The risk matrix measures risk.
See Myth #4: It gets cheaper and easier.
See Myth #5: Best-in-class BCM software exists.

Read Post

Why don’t plans work?

Sean Murphy discusses the limitations of plans with renowned author and research psychologist Gary Klein.

Read Post

What does ISO 22301 look for in a business continuity plan?

An ISO-aligned business continuity plan includes business continuity procedures for managing a disruption and continuing operations, based on recovery objectives identified in its business impact analysis.

Read Post

Challenges and opportunities of omnichannel retailing

The retail sector faces risk challenges ranging from cyber security threats to active shooter incidents. These threats, coupled with advances in new technologies, social media and public perceptions of risk have required the retail sector to reevaluate the resiliency of their business.

Written by Lootok’s Sweta Chakraborty and Iris Chung.

Download full article

Read Post

Understanding the human element of risk

When it comes to managing risk, one oft-overlooked aspect is risk perception, or how we perceive a threat. What we believe or do not believe about risks has an enormous effect on how well we prepare ourselves for them, and the action we take when they occur. What factors into our fears, and how do they impact our decision-making?

Risk perception
Risk perception

 

Read Post

Emergencies happen. Are you ready?

September marks the 10th annual National Preparedness Month – a nationwide, month-long effort sponsored by the Federal Emergency Management Agency (FEMA) to encourage everyone to prepare and plan for emergencies. Across the country, there are a host of free educational events focusing on topics such as CPR training, preparedness outreach, and family safety.

family safety
family safety

 

Read Post

Preparing for Nemo: What to do when a severe winter storm hits

With the winter superstorm Nemo rapidly approaching the Northeast with expected impact in major hubs like Boston and New York City, make sure your people know what to do in the event of a severe winter storm. Here are some last minute tips on what to do when it strikes.

nemo
A different kind of Nemo

 

Read Post

What’s in a name? Dissecting Nemo.

Why all the ruckus about naming a winter storm? Sometimes, the intention behind the names is to draw the public’s attention to severe weather. While winter storms may not have as large of an impact as hurricanes, they can often be erratic; for example, dumping snow in one area while leaving nothing more than rain or fog in another. Now, it’s becoming clear that superstorms have hype cycles of their own.

Read Post

Why spend time on business continuity? What you get out of planning for failure

In today’s business world, we are all faced with multiple responsibilities. It is easy to let things like business continuity, disaster planning, and crisis management fall to the bottom of the list, especially when there have been no recent crises to remind us of their importance. But planning for failure can contribute to your company’s success. Both in the event of an incident and in improving your current workflow, obstacles to continuity often turn out to be obstacles to success.

Read Post

How to create behavioral change for your business continuity program

Major change initiatives like business continuity take time, but many programs are often declared failures and abandoned before they are given a chance to succeed. For this reason, it’s crucial to show immediate signs of success, particularly for programs that are newly initiated or being re-launched. New behaviors also take time to become habitual, so in order for a business continuity management program to be self-sustaining, it must be gradually built and adopted as part of the company culture.

In order to accomplish this, people also need what Fogg calls “triggers.” Triggers can be thought of as a cue, prompt, call to action, or request that leads to a chain of desired behaviors. In other words, as Fogg states, “Triggers tell people to ‘do it now!’”

Read Post

A funny take on risk perception

When it comes to risk perception, we are notoriously prone to misconceptions. Whether fearing planes over bikes or elevators over stairs, we have a tendency to misjudge just how dangerous certain situations are.

Read Post

What a crisis requires, beyond a barebones plan

The fact that Tokyo found the nuclear reactors in a worse state than previously announced underscores the need for honest, factual information for public consumption, and the importance of media in delivering this communication. The age where authorities view the public as a panicky wildcard that needs to be soothed, rather than as an equal partner in mitigating and recovering from a disaster, must come to an end – especially in a world where, thanks to the internet and information networks, information is disseminated to a wider audience at a faster rate than history has ever experienced before.

Was the community immediately surrounding Tepco’s reactor integrated in mitigation efforts prior to the incident? Subsequent actions and the announcement of possibly 30 billion dollars in claims indicate the opposite.

Read Post

Can risk management ever be a revenue generating activity?

It seems like selling risk management projects internally can be like pulling teeth. So what would it take for people to be willing to pay for risk management initiatives? We posed the question to a group of risk management professionals on LinkedIn in preparation for our upcoming Building a BCM Brand webinar. Here’s some of what they had to say.

Read Post

Have yourself a crisis-free christmas

Ah, Christmas…. a time of yuletide cheer, decorating the tree, opening presents, office holiday parties, and of course, eggnog. All the things that make the holiday season so special… and so dangerous? If you’re feeling overcome with Christmas cheer, leave it to the business continuity professionals to put a damper on those holiday spirits with this list of top holiday risks.

Read Post