We’ve all had them.
They’re that moment when a critical event or disruptive incident you’ve either theorized about or worse, failed to theorize about, happens.
They can be big, with wide sweeping societal impacts (e.g. COVID, Colonial Pipeline, 9/11 attacks, Black Summer bushfires) or acute to your organization (supply chain failure, regulatory breach, corporate network breach).
Either way, when they happen, you know about it and you’re in either one of two places:
- Shocked, but prepared and moving through it
- Shocked and scrambling
Obviously, the latter is not where any organization, team, or person wants to be.
Identifying opportunities from ‘oh s#!t’ moments
While no good-minded person ever wants a disruptive incident evolving into a full-blown crisis, with every “Oh S#!t” moment comes a powerful realization that risks can and do materialize with impacts that often exceed our initial preconceptions.
This realization naturally sparks intention to minimize the impact, subsequently driving the business case to invest more resources and time into strategies that protect people, operations and reputation. In short, it sends resilience up the priority list for that person.
The question is, how do we have more “Oh S#!t” moments before a crisis materializes?
Traditional tabletop exercises
Tabletop exercises have always been a great way to illuminate a risk and all of its potential impacts.
By having teams experience a critical event, they consider not only the necessary response activities, but also the preventive risk measures that may reduce the likelihood of the event occurring, or the impact when it does occur.
Unfortunately though, tabletop exercises have a few limitations:
- They’re not scalable or highly repeatable. The amount of time and planning that goes into a tabletop exercise means that the very few stakeholders who are lucky enough to be involved, will only experience one or two in any given year. This means that the cohort involved, gets exposure to “Oh S#!t” moments, for two different risk exposures in any one year. This intrinsically means less support for risk management and resilience.
- They miss an opportunity to engage at an operational level. Embedding a risk-aware and crisis-ready culture organization-wide is not a simple exercise. While tabletop exercises can drive awareness and engagement at the executive level (and sometimes into senior management), the rest of the organization is left to its own devices to truly engage in and understand why they need to proactively manage risks and prepare for incident response. We know where this leads to – a state of shocked and scrambling.
At this point, it’s important to note that we do advocate for Tabletop exercises. If you’re doing them, keep doing them! They do assist with top-down support and drive awareness of key risk exposures. But, there is an opportunity to create more engagement in risk and resilience organization-wide using “Oh S#!t” moments.
A new approach – Microsimulations
Our approach to driving a more active and continuous approach to engagement is through iluminr’s microsimulations.
Microsimulations are quick yet memorable bite-sized scenario exercises that require participants respond to an aspect of a simulated incident or critical event. Taking anywhere between 5 and 15 minutes, microsimulations provide the perfect medium for Risk and Resilience practitioners to engage the organization at all levels.
Importantly, microsimulations leverage experiential learning, provide each participant with a little “Oh S#!t” moments relevant to their world. This brings risk awareness and critical event management down to every level of the organization, creating purpose and buy-in at scale.
By engaging a broader cohort more regularly, this approach empowers the organization to:
- Create awareness of risks and impacts
- Build individual and team capability in risk and incident response
- Meet governance and compliance requirements on training and testing
- Build familiarity with toolsets such as business continuity plans (BCPs), playbooks and procedures
- Build awareness of the organizations’ resilience program and structures
Benefits of conducting regular bite-sized crisis simulations
As microsimulations are smaller than tabletop exercises, risk and resilience managers can deploy pre-developed scenarios across the organization on a regular basis.
This means that the insights which may have traditionally been attained on an annual or bi-annual basis from the executive level, multiplies into insights generated by Executive + Senior Management + Regional Management + Workers, on a monthly basis.
That’s a lot of insight and whole lot of awareness on a variety of risk exposures. These could include Riots, Ransomware, Hurricanes, Floods, Power Outages, Telecommunication Outages, Heatwaves, Supply Chain Failure, Gas Leaks, Wildfires, Solar Storms, Earthquake, Port blockage, Ash Clouds… just to name a few.
It’s also a lot of action-orientated lightbulbs switching on across the organization as to:
- “How can I escalate that I have a suspiciously locked computer, when my computer is suspiciously locked?”
- “Where else should we store our data privacy register, so we can access it when our corporate network is compromised and unavailable?”
- “Which applications are now deemed critical to maintain operations during a supply chain cyber disruption?”
- “How many of my staff are unable to perform critical duties during a sustained power outage in suburbia?”
This approach not only creates risk awareness and engagement at an operational level, but it also drives participants to use the response tools they’re required to use during response, throughout the year.
Ultimately, this works towards closing the disconnect that often exists between executive and operational workers on key risk exposures, and creates stronger communication channels for escalation purposes.
With time, this ultimately raises the capability of teams who haven’t had the luxury of a tabletop exercise, to move from a state of shocked and scrambling, to shocked but prepared and moving through it.
Learn more about deploying iluminr’s pre-developed microsimulations to build engagement in resilience across your organization, or download our complimentary playbook to get started on establishing an effective microsimulation program.
Authored by Marcus Vaughan
Co-Founder & Chief Growth Officer
iluminr
We’ve all had them.
They’re that moment when a critical event or disruptive incident you’ve either theorized about or worse, failed to theorize about, happens.
They can be big, with wide sweeping societal impacts (e.g. COVID, Colonial Pipeline, 9/11 attacks, Black Summer bushfires) or acute to your organization (supply chain failure, regulatory breach, corporate network breach).
Either way, when they happen, you know about it and you’re in either one of two places:
- Shocked, but prepared and moving through it
- Shocked and scrambling
Obviously, the latter is not where any organization, team, or person wants to be.
Identifying opportunities from ‘oh s#!t’ moments
While no good-minded person ever wants a disruptive incident evolving into a full-blown crisis, with every “Oh S#!t” moment comes a powerful realization that risks can and do materialize with impacts that often exceed our initial preconceptions.
This realization naturally sparks intention to minimize the impact, subsequently driving the business case to invest more resources and time into strategies that protect people, operations and reputation. In short, it sends resilience up the priority list for that person.
The question is, how do we have more “Oh S#!t” moments before a crisis materializes?
Traditional tabletop exercises
Tabletop exercises have always been a great way to illuminate a risk and all of its potential impacts.
By having teams experience a critical event, they consider not only the necessary response activities, but also the preventive risk measures that may reduce the likelihood of the event occurring, or the impact when it does occur.
Unfortunately though, tabletop exercises have a few limitations:
- They’re not scalable or highly repeatable. The amount of time and planning that goes into a tabletop exercise means that the very few stakeholders who are lucky enough to be involved, will only experience one or two in any given year. This means that the cohort involved, gets exposure to “Oh S#!t” moments, for two different risk exposures in any one year. This intrinsically means less support for risk management and resilience.
- They miss an opportunity to engage at an operational level. Embedding a risk-aware and crisis-ready culture organization-wide is not a simple exercise. While tabletop exercises can drive awareness and engagement at the executive level (and sometimes into senior management), the rest of the organization is left to its own devices to truly engage in and understand why they need to proactively manage risks and prepare for incident response. We know where this leads to – a state of shocked and scrambling.
At this point, it’s important to note that we do advocate for Tabletop exercises. If you’re doing them, keep doing them! They do assist with top-down support and drive awareness of key risk exposures. But, there is an opportunity to create more engagement in risk and resilience organization-wide using “Oh S#!t” moments.
A new approach – Microsimulations
Our approach to driving a more active and continuous approach to engagement is through iluminr’s microsimulations.
Microsimulations are quick yet memorable bite-sized scenario exercises that require participants respond to an aspect of a simulated incident or critical event. Taking anywhere between 5 and 15 minutes, microsimulations provide the perfect medium for Risk and Resilience practitioners to engage the organization at all levels.
Importantly, microsimulations leverage experiential learning, provide each participant with a little “Oh S#!t” moments relevant to their world. This brings risk awareness and critical event management down to every level of the organization, creating purpose and buy-in at scale.
By engaging a broader cohort more regularly, this approach empowers the organization to:
- Create awareness of risks and impacts
- Build individual and team capability in risk and incident response
- Meet governance and compliance requirements on training and testing
- Build familiarity with toolsets such as business continuity plans (BCPs), playbooks and procedures
- Build awareness of the organizations’ resilience program and structures
Benefits of conducting regular bite-sized crisis simulations
As microsimulations are smaller than tabletop exercises, risk and resilience managers can deploy pre-developed scenarios across the organization on a regular basis.
This means that the insights which may have traditionally been attained on an annual or bi-annual basis from the executive level, multiplies into insights generated by Executive + Senior Management + Regional Management + Workers, on a monthly basis.
That’s a lot of insight and whole lot of awareness on a variety of risk exposures. These could include Riots, Ransomware, Hurricanes, Floods, Power Outages, Telecommunication Outages, Heatwaves, Supply Chain Failure, Gas Leaks, Wildfires, Solar Storms, Earthquake, Port blockage, Ash Clouds… just to name a few.
It’s also a lot of action-orientated lightbulbs switching on across the organization as to:
- “How can I escalate that I have a suspiciously locked computer, when my computer is suspiciously locked?”
- “Where else should we store our data privacy register, so we can access it when our corporate network is compromised and unavailable?”
- “Which applications are now deemed critical to maintain operations during a supply chain cyber disruption?”
- “How many of my staff are unable to perform critical duties during a sustained power outage in suburbia?”
This approach not only creates risk awareness and engagement at an operational level, but it also drives participants to use the response tools they’re required to use during response, throughout the year.
Ultimately, this works towards closing the disconnect that often exists between executive and operational workers on key risk exposures, and creates stronger communication channels for escalation purposes.
With time, this ultimately raises the capability of teams who haven’t had the luxury of a tabletop exercise, to move from a state of shocked and scrambling, to shocked but prepared and moving through it.
Learn more about deploying iluminr’s pre-developed microsimulations to build engagement in resilience across your organization, or download our complimentary playbook to get started on establishing an effective microsimulation program.
Authored by Marcus Vaughan
Co-Founder & Chief Growth Officer
iluminr