Throughout history, natural disasters and disruptive events have had the power to throw daily life into chaos. While wildfires, earthquakes and floods have had disastrous consequences, the current COVID-19 pandemic has changed both the personal and professional landscape permanently.
With such critical events hovering on the horizon, organisations’ must intentionally consider the safety of employees, safeguarding assets and the continuity of operations. Such volatile, uncertain, complex and ambiguous (VUCA) environments do not respect organisational boundaries or borders and call for thorough risk monitoring as frequently as possible, in as efficient a manner as feasible.
Having a comprehensive situational awareness of disruptive events significantly increases an organisation’s ability to assess risk and allows them to understand, effectively manage and mitigate the impact of the critical event. They can then disseminate response-information across the entire organisation rapidly.
An effective platform, such as an integrated solution that can automate threat identification, filtration, evaluation, reporting and communication of potential threats based on an organisation’s risk profile is the need of the hour. Solutions that will help improve risk mitigation, reduce business impact, protect the health, safety and productivity of employees, streamline risk-related decision-making processes, and help reduce costs should be the focal points for most organisations’ safety procedures.
Strengthening risk intelligence in an organisation cannot be achieved by simple awareness alone. The dissemination of vital information must be real-time, thorough high quality, and applicable to an organisation’s risk mitigation profile. Furthermore, incident monitoring processes and the supporting technology must be in line with the urgency, the quality and relevance of the information, and comprehensive monitoring to cover even the smallest of risks, not just the big events.
The quantity and type of data indicating a potential threat, or an early warning indicator is so massive that one individual or even a team cannot filter through the clutter to find the relevant material needed without wasting much-needed resources. An organisation will need a robust and refined set of tools and systems to scan, detect, and evaluate potential disruptive incidents.
Utilising technology for risk assessment provides hyper-localised, highly customisable information. The detailed and contextual level of the risk intelligence system must trigger proactive notifications based on a personalised organisational profile. To develop such a management approach, organisations must know how to minimise the threats while ensuring operational effectiveness.
However, most organisations find it difficult to create an effective risk awareness programme by themselves, inhouse. To identify, track and analyse information coming from hundreds of millions of sources and then communicate effectively and efficiently across the organisation, perhaps multi-nationally is a tall order. What is needed, then, are partners and experts who can guide organisations on this critical journey of resilience.
This was the focus of the discussion during the OpenGovLive! Virtual Insight: Enhancing Organisational Risk Intelligence – Safeguarding Assets and Ensuring Operational Effectiveness on 16 March with security experts and digital executives from a wide range of organisations and business enterprises from Singapore.
Obtaining intelligence from a vast quantity of data and information
To kickstart the session, Mohit Sagar, Group Managing Director and Editor-in-Chief at OpenGov Asia highlighted a prevalent contradiction – while disasters are imminent, people, as well as organisations, illogically feel somewhat immune. Most recently is the COVID-19 pandemic that took the world by surprise because we thought we were immune or perhaps ignoring the possibility that it would ever materialise in the first place. The pandemic put an 80-mile wind behind everyone’s back, either propelling people to the next level or thrown them farther from their goals completely.
Mohit stressed that intelligence must be gathered from the available data and information but given the current situation, organisations are struggling to do this. People have too much information, mistakenly believing that raw data can be their weapon in and of itself. As the adage goes – more of something does not always mean better. The fact is that organisations are inundated with so much information, that they cannot process nor understand it properly. Thus, contrarily, forgoing the very intelligence they seek.
Human beings by nature are hoarders. And data, sometimes called the new oil, is next on the grab and stash list; everybody to get their hands on as much as they can.
Like oil, data, too, comes in many different forms and types that need to be processed carefully to extract value. Organisations need the right tools, the right mindset and the right strategy within themselves to gather actionable insights.
With this comes fundamental questions: How much data and what data to collect? How is the data gathered? How is data stored? How is the data to be processed? How do you safeguard vital information and digital assets against another catastrophe and cyber intrusions?
Mohit concluded by emphasising that there needs to a paradigm shift in organisational culture. Business outlook and thinking have been hindering growth and innovation for a while. Organisations need to broaden their vision and look outward. They must seek the right partners who specialise and champion this arena. They must empower decision-makers and the wider employee base to do what needs to be done to prevent future risks.
Transforming intelligence to empowering knowledge
Eric Boger, Senior Director of Global Intelligence and Analysis Everbridge took over the discussion. He acknowledged that 2020 proven to be a catalyst – not only with COVID-19 but with other natural disasters that had made businesses harder for everyone. It brought Critical Event Management (CEM) front and centre of all continuity plans and strategies.
Eric agreed that an effective CEM system always starts with intel. However, organisations know the true definition of intelligence. Intelligence is the result of a systematic process where raw materials are transformed into relevant and reliable knowledge. This knowledge should empower decision-makers and operators to act for their organisations.
Eric and his team provide organisations with a platform for disaster management with different phases.
The landscape of delivering intelligence varies across many service providers. Some churn out results quickly while some take their time in evaluating the possible conclusions. Eric stressed that organisations must find the right partner, tailor-fit to their profiles and immediate needs in terms of data and information that affects their operations.
Irrespective, Eric believes that there is a sweet spot when it comes to CEM. It is not just about speed; the information must be factual, especially in the social-media age, where information and intelligence can be received at an instant.
Assessing the situation is the starting point – discovering what is going on. A group or team should be in place to monitor and assess information coming from various sources. Putting adequate and appropriate resources to improve risk intelligence is vital in mitigating possible threats.
Eric explained that intelligence cannot be just one layer. It should be fused with other elements that affect business operations. Experts can help organisations nuance and peel all these layers. In improving risk intelligence, the right partner will provide a platform that supports all business cases in all forms and will find the appropriate solutions for different use cases proactively.
Eric concluded his presentation by pointing out that understanding the situation and acting on it with a sense of urgency will provide organisations with efficient critical event management strategies.
Utilising acquired knowledge to mitigate risks
After Eric’s informative presentation, the session was followed up by Dr Peter Simpson, Global Head, Safety and Security Standard Chartered.
Peter revealed that his organisation treats risk intelligence not merely as a data-gathering exercise but as a way to protect their people, buildings, assets and ensuring that their operations are unhindered. He acknowledged that risks such as natural disasters, protests, pandemics, etc. would happen, like it or not. They are inevitable. Accepting this, they aim to minimise the effects of these imminent threats.
He solidly agreed that more data and information is not needed. What is needed is the intelligence and wisdom to analyse the data so that organisations can make or shape decisions that will have a meaningful impact to mitigate risk.
When decision-makers in the organisation need important details to arrive at a verdict, people around should be well equipped to provide supporting data. The information needs to be relevant, timely and granular. Peter reiterated that organisations need to know when data is not valid and unreliable.
Peter understands that organisations get their share of information from a huge number of data or news sources including social media. while it is not bad to get intelligence from various sources, organisations need to take this information, validate it, automate it, evaluate what details will prove useful. Only then should they disseminate the information within the organisation to further ease possible threats. He shared several case studies on various risks and threats. One example was a physical protest that happened worldwide which was simultaneously being mirrored online with a cyber protest (where demonstrators takedown systems in the digital space).
Organisations affected by such threats such, who have a presence in multiple countries, do not want to go on full alert and disrupt their operations just because of one isolated incident. Organisations can just address the ongoing issues in the selected areas beforehand, by utilising intelligence gained from early risk management measures.
For Peter, it is all about organisations mitigating the present and future effects of threats in all proportions through relevant and reliable intelligence and knowledge gained from vast amounts of data and information.
Polling questions and discussion
After the engaging and informative presentations by the speakers, the session transitioned to an interactive discussion with polling questions posed to the audience.
The first question was about what level of risk awareness an organisation can attain given its capabilities. Over 80% of the delegates said that they have some clarity on risk awareness, and they want to improve it.
A senior executive delegate said that they have SOS platforms and numerous risk management companies, but they currently do not have the overview to pull things together and process information thoroughly. Other delegates also said that they do not have the templates to do the assessment needed.
The next question was asked what the biggest threat to the organisation’s physical safety and security was. More than half the delegates agreed that disruptive events like the ongoing pandemic takes the pole position.
A representative from the Commonwealth Bank of Australia said that manmade disasters are on the top of his list because of threats of a cyber shutdown. Another delegate from Johnson & Johnson said that natural disasters like typhoons that cut communication platforms that hinder government services are his organisation’s biggest threat.
Eric supported the fact that communication platforms are essential regardless of the threat and attack. Digital communication plans should be in place beforehand and speed is of the essence when it comes to disaster management strategies.
The delegates were also asked about how critical is it for their respective organisations to have a robust system or technologies in place that enables them with full risk awareness. About 63% of the delegates said having a system in place for risk awareness is critical for an organisation.
A delegate from PLUS Malaysia Berhad said that having a system in place will further help them manage information dissemination across their organisation and other related parties while mitigating physical and cyber threats at the same time.
Conclusion
The session ended with the closing remarks by Eric Boger. He thanked the delegates for attending the virtual event and for their insightful contributions.
He reiterated that they are in the critical event management business to help and enable organisations and their people with the technology and platforms to mitigate the forthcoming risks in all forms and all timelines in the best way they can. He encouraged the participants to reach out to his team to explore ways to collaborate on their risk intelligence journey.