This week, guest writer Marcus Vaughan, discusses how to get executive and operational teams re-engaged in risk preparedness and build resilience after the world has gone through a crisis and everyone is fatigued.
Crisis fatigue hit both leadership and management teams worldwide in 2020. And 2021 feels no different with most teams being asked to do more, with less.
Unfortunately, with this, a new future exposure is beginning to emerge – a resilience capability gap. As leaders put traditional crisis and business continuity simulations on the back burner under the premise of “We just survived a crisis!”, a slow-moving exposure is creeping up on most organisations like a vine swallowing a tree.
Unfortunately, it will only be at the time of a major critical event, that this exposure materialises, sending the organisation, its staff and customer base into a whole new world of pain. And let’s be very clear, the next crisis never looks and feels like the last one. This is not a new problem. After major events, this issue arises time and time again.
An example is the 2011 Christchurch earthquakes, New Zealand. In the aftermath of the earthquakes, organisations countrywide invested huge amounts of energy and resource into managing earthquake exposures. That’s a good thing – that builds resilience against earthquakes. Unfortunately for many, the heavy focus placed on managing earthquake exposure, left many organisations scrambling during the lockdowns that occurred after the tragic Christchurch Mosque Attacks in 2019. Organisations were unsure as to their procedures and duties in a lockdown, with many caught off guard attempting to reach an ‘off site’ command centre, which they simply could not reach due to the city-wide lockdown.
So, with budget and time constraints in play, how do you get executive and operational teams re-engaged in risk preparedness and build resilience after the world has gone through a crisis and everyone is fatigued?
The answer is to keep it small, keep it simple, and focus on little wins.
By leveraging technology, we’re working with organisations to establish microsimulation programs that take minutes, not hours to complete. By keeping these simulations ‘bite-sized’, you can bring a level of regularity in achieving resilience objectives – the trick is to achieve just one objective at a time. Put a few microsimulations together over the course of a year, and those bite-size lessons build resilience and awareness that can often get forgotten between annual simulation exercises.
It is important to note that microsimulations shouldn’t replace annual crisis or business continuity simulations, but rather complement and extend the capability development across the organisation and fill the gaps between larger exercises.
To make a micro-simulation program work, you should be considering the following:
- Resilience against key exposures: What exposures do we need to consider preparing for? Building preparedness for risk scenarios that are relevant to your organisation is key. Need inspiration? Dig out the risk register and go from there.
- Communicate and connect with purpose: Just because it’s ‘micro’ doesn’t mean you avoid communicating that it’s coming. Get a message out to your stakeholder base as to what they’ll be receiving, when, how and WHY. The WHY gets capital letters as it should connect your stakeholders back to your organisation’s purpose, and the critical role they have to play in meeting that purpose. People connect with purpose, so don’t forget to explain why this program exists and why they’re involved.
- Champions of change: Who are your organisation’s champions to assist in supporting the cause across the organisation? If you have Risk Champions already embedded, these stakeholders will be a great place to start. These champions will help support your communication to team members and establish the critical buy in, reinforcing the WHY outlined above. Furthermore, champions will become a critical element in your organisation’s response network to resolve situations; and help to evolve the response beyond sole reliance on hierarchical structures.
- Measuring success: What are your objectives, and what does success look like? Objectives could include confirming that staff know who to contact in a cyber-attack; are familiar with a centralised communication channel, or assessing the speed with which they can locate a critical functions list.
- Go mobile: How often do crises take place when you’re at your desktop? Sometimes. How often do they take place when you have your phone? Always. Engage stakeholders using the device that is always with them. We’re SMS’ing microsimulations to participants and reporting on live data.
Most importantly: Keep microsimulations micro! If you’re taking up more than 10 minutes of your teams’ time… you’re probably going to lose them. Remember, little wins add up.