CTB Interview: coronavirus and crisis management
Counter Terror Business (CTB) talks to Brian Dillon (BD), managing director of Rubicon Resilience Limited, about the importance of crisis management planning and returning to ‘normal working’ post-coronavirus
CTB: As businesses begin to return to the 'normal’ ways of working, how easy do you think it will be to recover?
BD: Although recovery should be a consideration in the early stages of any disruption the reality is that for many the scale of challenge in facing the pandemic has forced an emphasis simply on stabilisation. Obviously there has been variation between sectors, global reach and the reliance on dependencies, such as supply chains. Some businesses have been able to adapt swiftly, for example by home working, so they’re in a different place to those that rely on direct public engagement, such as the hospitality and entertainment sector. Although the government have started to ease the lockdown, the regulations may be tightened if the infection rate rises and even if that doesn’t happen Covid-19 isn’t going away and some changes will last indefinitely.
There are also significant concerns about the economic consequences, particularly when financial support deceases and market forces prevail. In this context there’s a need to remain agile and adapt as circumstances develop. So, overall I think that recovery isn’t a destination that will be easily reached but rather it’s a continual process because of the transformational nature of the period we’re in.
CTB: How do you think security and resilience professionals can influence businesses to prepare for an uncertain future?
BD: It’s imperative as we travel through continued uncertainty that companies plan ahead and take time to consider how multiple futures impact on achieving their strategic goals. According to research by the Business Continuity Institute less than a quarter of companies believe they will return to their old business model and the truth for many is that their future state is unknown. So, contingency plans need to be continually thought through with various options considered, exercised and then revised. This applies not just in terms of the pandemic but rather on the basis of an all hazards approach because other threats haven’t gone away, they too have adapted and evolved.
Obviously, seasoned security professionals can add significant value owing to skills in threat identification, mitigation and resolution but I think their value is wider than these traditional areas. In the early stages of the pandemic there was a sense that security and resilience was recognised as a discipline necessary to negotiate the initial rocky period. But now things have settled somewhat I’m not convinced that is still the case. However, experience shows that innovation, foresight and agility are enablers of success. I think the best executive committees will recognise that security and resilience can make a broader contribution and as companies chart a course for the future they should leverage security professionals’ expertise because the challenges ahead really do require an ‘all hands on deck’ approach.
CTB: It is always said after a major incident that it is important to learn from mistakes and be better prepared for any future incidents. What do you think businesses will have learnt from this current crisis, in terms of readiness and management?
BD: Organisations that had business continuity plans in place have generally fared reasonably well. This increases even more so for those that had rehearsed their plan. Of course few will have planned for a pandemic on the scale of Covid-19 but the critical point is the evidence shows that a plan that had been exercised provided some assurance of its utility. Without doubt the pandemic has provided an opportunity to identify learning but this is different to actually ensuring that organisational learning has taken place. I’m slightly cautious about the term ‘learning lessons’ because it’s an easy expression to throw around but harder to achieve in practice. That said, there’s also been some very positive developments in terms of agility and innovation. A number of companies have been pleasantly surprised with how people and systems have adapted under pressure. There are reports of organisational change which previously were thought to be years in development suddenly coming online through necessity. Of course, not all change is necessarily good and time will tell whether some innovations will ultimately prove to be successful.
CTB: Can the above translate to the possibility of a terrorist attack?
BD: Absolutely. In the current climate terrorists and bad actors haven’t gone away and will be looking to exploit any perceived vulnerabilities. For example, lockdown has altered the risk to crowded places because the public are not gathering in numbers in the usual locations. But as we enter a new period, with the economy starting to reopen, we will see more people traveling and as hospitality venues cautiously reopen we may well see a different type of congestion as new one-way routes and distancing measures are implemented. So, safety and security needs to evolve accordingly to ensure they meet contemporary threats.
Equally, there are reports of increased hostile online activity. At one level this amounts to extremist or conspiracy messaging designed to sow hate, fear and division which could directly or indirectly inspire violence. Less obvious, but similarly damaging, are cyber attacks designed to exploit organisations at a time of potential weakness, for example because of the large numbers home working. In short, security and resilience professionals need to constantly think ahead to consider how the threat will change and adapt accordingly.
Brian Dillon is director of Rubicon Resilience Limited, a London-based international consultancy that builds strategic capability in the private and public sector with an emphasis on crisis management, contingency planning, exercising and embedding organisational learning.
Brian is also the former operational head of New Scotland Yard’s Specialist Firearms Command with responsibilities that included counter-terrorism and contingency planning. This included developing strategies to deal with armed attacks and multi-agency interoperability.
You can read our previous Q&A with Brian Dillon here, in which we discussed the role of effective partnerships and basing all contingency planning on an informed threat assessment.