Crisis Management Consultants

Notifications Won’t Save Lives. Warnings Will I woke up cranky reading the ProPublica piece on warnings. Failures to use the Emergency Alert System (EAS). Wireless Emergency Alerts (WEA). The Integrated Public Alert and Warning System (IPAWS). Call it whatever you want — same problem. Too many times, nobody pushes the button. Yeah, I’ve been on the wrong end of ProPublica stories. This one? Dead on. I was FEMA Administrator when we ran the first nationwide EAS test. It bombed. Phones blew up. Congress called a hearing. But here’s the thing — it had never been tested end to end. You don’t know what works until you test the whole damn thing. Not just the shiny dashboard. The guts. And let’s get this straight: not every event needs a warning. Some are just notifications. Road closures, sandbag sites, pressers — fine. That’s information. But when time is short and people need to move to save lives and property? That’s a warning. Here’s the trap: a lot of your local systems handle notifications okay. But when it’s warning time, they fall flat. Opt-in systems? That’s not a warning. That’s a mailing list. EAS and WEA are opt-out. People get them whether they like it or not — unless they’ve turned it off. That’s what saves lives. And don’t get me started on taking AM radio out of cars. And the only way you get good at warnings — and fast — is by doing it. Document your procedures. Test them. Practice them until it’s second nature. Don’t just train the boss. Make sure the Sunday 2 a.m. rookie is trained and authorized. No “mother may I” with three layers of bureaucracy while the river’s rising. Yeah, you’ll get yelled at. I did. More than once. But nobody buries their kid because you woke them up early. They bury them because you stayed quiet. So focus on what matters: Clear procedures. Regular testing. Real practice. Empowering the person on duty to act. That’s how you build confidence. That’s how you save lives. When the time comes — issue the warning. — craig I wrote this. AI edited it to make sure the commas didn’t break AP style. Full disclosure: I serve on the board of Genasys Inc., a company that makes warning systems and IPAWS integration software. #EmergencyManagement #IPAWS #WirelessEmergencyAlerts #EAS #DisasterResponse #WarningsSaveLives

“Another Boeing plane has crashed…” That headline didn’t just inform the world. It shook it. Airlines grounded fleets. Passengers canceled bookings. Families waited in grief. And in those painful moments, everyone turned to Boeing — waiting for reassurance, compassion, and clarity. But what they received instead was silence, technical statements, and corporate coldness. ⸻ 💬 The Dialogue That Never Happened Imagine if Boeing’s CEO had stood before the world and said: 👉 “We are devastated by this tragedy. Our deepest condolences go to the families who lost their loved ones. We take full responsibility to uncover the truth, fix it, and make sure this never happens again. Every passenger’s life matters. We will not rest until trust is restored.” Instead, the company issued vague technical explanations about “software updates” and “pilot procedures.” The difference? One statement speaks to the heart. The other hides behind jargon. 📉 The Fallout of Silence Boeing didn’t just lose billions in market value. They lost something far more precious: trust. • Passengers felt unsafe. • Governments demanded groundings. • Airlines questioned contracts. • Employees lost pride. A global brand that once symbolized safety became a symbol of fear. And the leadership lesson? 👉 In crisis, your communication is your reputation. ⸻ When tragedy strikes, the human brain looks for three things immediately: 1. Reassurance (Pathos): “Do you see my pain? Do you care?” 2. Clarity (Logos): “What exactly happened? Am I safe?” 3. Responsibility (Ethos): “Can I trust you to fix this?” ⸻ Here’s a 3-step Crisis Communication Framework every CEO must remember: 1. Acknowledge Emotion (Pathos): • Show empathy immediately. • Example: “We are heartbroken by this tragedy. Lives were lost. Families are grieving.” 2. Share Facts Clearly (Logos): • State what you know, what you don’t know, and what you’re investigating. • Example: “The incident involves [details]. Investigations are ongoing. Safety checks are underway globally.” 3. Commit to Responsibility (Ethos): • Show accountability and promise change. • Example: “We take full responsibility. Here’s how we are fixing it: [specific steps].” ⸻ ✅ Do’s & ❌ Don’ts of Crisis Communication ✅ Do’s • Respond quickly. Speed signals responsibility. • Lead with humanity. Speak to emotions first, facts second. • Be transparent. Say what you know and admit what you don’t. • Take responsibility. Even partial acknowledgment builds trust. • Be consistent. Updates must be regular, not one-time. ❌ Don’ts • Stay silent. Silence is filled with rumors. • Use jargon. “Software anomaly” means nothing to grieving families. • Deflect blame. Saying “pilot error” erodes credibility. • Downplay loss. Even one life lost must be honored. • Overpromise. “It will never happen again” sounds hollow if unproven. ⸻ 💡 The Bigger Leadership Lesson Crisis doesn’t just test your company. It tests your character.

18 years ago last week, I left the Royal Marines and moved to Dubai to focus full-time on building Sicuro Group.... Two decades later - operating in some of the world’s hardest places - I’ve been tested, nearly broken, and constantly reminded why this work matters. Here are 20 lessons worth passing forward to anyone building a career or a team in this field: 1. Don’t try to predict every threat. Build systems that can respond to anything. 2. Geography matters. Where you base yourself shapes what you can reach. 3. Experience and judgment are your real moat. Tools only amplify them. 4. Build relationships before you need them. In crisis they become lifelines. 5. Speed saves lives. Preparation enables speed. 6. Conventional models break in unconventional situations. Have alternatives. 7. Trust is earned slowly and lost quickly. In this business it’s currency. 8. Layer your capabilities like body armor. Redundancy protects people. 9. Technology helps, but it doesn’t decide. Judgment does. 10. You only learn crisis management by being where crises happen. 11. Worst-case planning should feel uncomfortable. That’s the point. 12. Duty of care isn’t compliance. It’s a competitive advantage. 13. Integration beats “best of breed.” Unified response saves time when it matters. 14. When lives are at stake, cost arguments disappear. Focus on outcomes. 15. Remote capability multiplies reach. Build systems that work anywhere. 16. Expertise compounds. Each crisis prepares you for the next. 17. Partnerships extend your capability beyond what you can build alone. 18. Document everything. The next crisis will need that record. 19. Cultural competence is operational competence. Ignore it and you fail. 20. Build for the worst case. If it works there, it will work anywhere. But... the lessons aren’t only operational. I’ve been hurt by people close to me, yet shown belief and support by strangers when I needed it most... the world works in odd ways. I came close to bankruptcy - twice - early in my career - valuable lessons about business, and people that could fill a book alone! And... I’ve learned that the better you become, the more you love the job for what it is: solving problems, protecting people, and helping others protect what they care about. There are easier ways to make money, with less risk and more predictability. But this life gives you the best relationships, the hardest challenges, and the opportunities that matter most... and the odd anxiety at airport security! Don’t be afraid to fail. That doesn’t mean be reckless. Take your risks early if you can. Learn fast. Stay curious. Never stop. If even one of these helps someone prepare better....or avoid a mistake I had to make, then it’s worth sharing. SW.

🚨 My latest Forbes Opinion Piece is live! 🚨 Over the last decade I have led high stakes cyber crisis response assignments as well as facilitated dozens of executive cyber crisis simulations with my clients and global leaders who go through our flagship Cyber Leadership Program (CLP). In my latest Forbes article I discuss five critical but often overlooked measures to boost cyber crisis response: 1️⃣ Manage team burnout and stress – rotations, counselling, and clear staff briefings prevent fatigue and fear from derailing response efforts. 2️⃣ Secure legal privilege early – without airtight legal frameworks, forensic reports may be exposed in litigation, as Optus discovered in 2023. 3️⃣ Seek legal injunctions – court orders can restrict third parties from spreading stolen data, minimizing reputational and regulatory fallout. 4️⃣ Draft holding statements in advance – pre-approved templates for media, regulators, high-value clients, and customers prevent delays and missteps under pressure. 5️⃣ Adopt a board-approved ransomware payment matrix – having predefined criteria avoids chaotic boardroom debates during high-stakes negotiations. 👉 These are not theories, but practical lessons from the frontlines of cyber leadership that often spells why some organisations quickly bounce back from cyber beaches while others are hacked into bankruptcy. Link in comments section. . I’d love to hear your views. What other essential measures are often overlooked in the heat of the moment. #CyberSecurity #Leadership #IncidentResponse #Forbes

Most businesses today don’t think about geopolitical risks and they don't have geopolitical risks listed in their risk register/assessments. They assume that the wars, trade fights, or border tensions won’t hit their operations or cybersecurity posture. But that’s a risky bet. These geopolitics conflicts could lead to serious business disruptions and data breaches. Can your BCP, crisis mgmt plans manage these risks? Look at the Indo-Pak border tensions last month — if escalated, could have further sparked cyberattacks, blackouts leading to operational disruptions, or supply chain chaos. Cyber warfare is now integral part of such conflicts [ ex: Ukraine-Russia] . Now add to the list, the ongoing tensions with Israel-Iran with US stepping in. Below infographic lays out top geopolitical risks. The list may vary depending on the region. However these risks have potential to, - Trigger cyber warfare targeting your data - Conflicts messing with your supply chain - Cyber disruptions - Infrastructure damage - Disinformation campaigns and so on. These can wreck data security, trust with customers, or ability to keep the lights on. Blackouts from a conflict could stop your team from working, and a single breach could tank your reputation. Hence, its important to account for these geopolitical risks as part of your crisis mgmt. As part of our vCISO services, during our gap analysis, these risks are brought to notice of our clients. #geopolitics #supplychainattcks #tprm #riskmanagement #audit #compliance #cybersecurity #databreach CYTAD Rivedix

⚠ Updated Executive Guidance on Cyber Security Incident Response Planning! The latest updates from the Australian Signals Directorate, which has just released the revised "Cyber Security Incident Response Planning - Executive Guidance" (11 April 2024). This document is crucial for businesses across all sizes, from SMEs to large corporations and government entities. ☑ Preparation is Key ~ Organisations must identify critical systems and data, establish business continuity and disaster recovery plans and ensure they have an up to date, tested cyber security incident response plan. ☑ Communication Plans ~ The guidance stresses the importance of having a clear public communication strategy in place for when incidents occur. This includes defining roles for information release and maintaining consistent communication channels. ☑ Reporting to ASD ~ It's vital to report cyber security incidents promptly to the ASD for timely assistance, which can include investigations or remediation advice. ☑ Legislative Obligations ~ The document outlines the need for organisations to understand their legislative obligations regarding cyber security incident reporting. This guidance not only provides a structured approach to managing cyber threats but also integrates well with Australia's Cyber Security Strategy 2030, supporting our goal to position Australia as a global leader in cyber security. 📘 For a detailed understanding and to ensure your organisation is aligned with the best practices, access the full document here ~ https://lnkd.in/gYnRQU9e Stay ahead in securing your operations and safeguarding your business' future. #CyberSecurity #BusinessResilience #ASDGuidance #MurFinGroup #AustraliaCyberSecurityStrategy2030

🚨 New Research Alert! 🚨📢Grappling with Grand Crises: An Ecosystem Approach! 🌍 Big challenges like pandemics, terrorism, & climate disasters require more than just individual efforts. We need Crisis Management Ecosystems (CMEs)! 🤝 Think of CMEs as multi-layered networks of diverse players – government, businesses, communities etc – united by a common goal: crisis containment. Key CME features: ⏰Shared value & urgency 🌐Diverse actors & multilateral connections 🤼Dynamic collab & managed competition 💪Strong capacity for fast response The COVID-19 pandemic showcased CMEs in action: 🎯USA, India & Spain all used CMEs, with variations in structure, approach & dynamics 🎯Pre-existing capacity & prior crisis experience boosted responses . Key takeaways: 🧠Think Ecosystems: Move beyond individual plans to collaborative strategies. 🛠️Boost Resilience: Invest in resources & adaptable structures BEFORE a crisis. 🤝Foster Partnerships: Work across sectors for a unified response. ⚖️Manage Coopetition: Balance collaboration & competition. 📚Learn & Adapt: Use past crises to improve future responses. Grand crises aren't going away – let's embrace the ecosystem approach for greater resilience! 🌱 Audio summary of the paper - https://lnkd.in/exUB_gRn Read the full article published in Journal of Management Inquiry - @JMgmt_Inquiry here - https://lnkd.in/eyRez4nX (co-authored with Sarah Kovoor-Misra, Dr. Shanthi Gopalakrishnan, Ana Pérez-Luño and Bárbara Larrañeta) #CrisisManagement #Resilience #Collaboration #Leadership #COVID19 #Ecosystems #Innovation University of Glasgow Adam Smith Business School

Navigating Crisis: A Business Owner's Essential Checklist Today, I am sharing my views and learnings on importance of Crisis Management and how to deal with crisis effectively in business. You can not ignore the international conflict, political stability and market conditions even though you are having domestic, regional business set up only. In today's ever-changing world, marked by international conflicts, fluctuating market conditions, and unprecedented challenges, crisis management has become the cornerstone of successful business navigation. The ongoing conflicts in regions like Israel-Palestine and Ukraine-Russia, coupled with expected inflation, cost-cutting measures, and market recessions, demand astute strategies for survival and growth. Here's a practical checklist, born from decades of financial expertise, to guide you through these turbulent times: 1. Swift Crisis Response: Procrastination is not an option. Decisiveness is your ally. The quality of your management and the choices made now will shape your company's future. 2. Acknowledge Unprecedented Challenges: Unlike crises of the past, the present challenges, amplified by international conflicts and economic uncertainties, are unparalleled. Be prepared for a prolonged recovery and navigate the unpredictable with agility and adaptability. 3. Empathetic Employee Support: Understand the unique challenges your employees face, from remote work hurdles to economic uncertainties. Infuse hope, provide assurance, and communicate a well-crafted plan to guide your company and your team through these trying times. 4. Brace for a Prolonged Recovery: Anticipate an 18-24 month slowdown. Update your financial forecasts, reevaluate loan covenants, and prioritize liquidity. Patience and a long-term perspective are the linchpins of resilience. 5. Focus on Liquidity: Cash is king. Conserve it. Explore credit lines, trim non-essential costs, freeze new hires, reconsider marketing budgets, and optimize your workforce. Maintaining liquidity is your lifeline in turbulent waters. 6. Communication is Paramount: Transparency is your bedrock. Keep all stakeholders informed – employees, customers, suppliers, and partners. Clear, honest communication fosters trust and stability amidst uncertainty. 7. Play Offense: Assess your financial standing. Explore strategic mergers and acquisitions, identify key talent, leverage low interest rates, and consider prudent investments. Position your business strategically for a robust recovery post-crisis. Stay resilient.

Want a no‑cost jump‑start for OT/ICS incident response? Build your stack with these battle‑tested open‑source tools: 1. MISP – share & correlate IoCs across plants in minutes. 2. The Hive – case‑management engine that keeps responders and evidence in sync. 3. Cuckoo Sandbox – detonate suspicious firmware or payloads off‑line before they reach the PLCs. 4. Snort – still the workhorse IDS/IPS; tune rules for Modbus & DNP3 and you’re protected on day one. 5. Zeek – deep‑dive traffic analysis that turns raw packets into actionable OT metadata. 6. Wazuh – all‑in‑one SIEM/HIDS for log analytics + vuln detection, perfect for small SOCs. 🔖 Pro tip: chain MISP → The Hive → Zeek for an “alert‑to‑action” loop that costs $0 in licence fees yet rivals many commercial suites. ✨ Save, share with your incident‑response team, and start hardening today. #OTSecurity #ICS #IncidentResponse #OpenSource #CyberResilience

It's a common fear for anyone in tech: the dreaded "oopsie" that wipes out your data. 😱 What if a tiny hiccup became a huge catastrophe? We've all been there, panicking after accidentally deleting a file or a critical piece of data. Now, imagine that on a massive, organizational scale. It's enough to make you lose sleep. 😴 Did you know that 75% of businesses lose some or all of their data from downtime or a natural disaster? 📈 That's a staggering number, and it highlights a major problem: data disaster recovery isn't just a "nice-to-have," it's a "must-have." The Problem: The 'Oh-Crap' Moment 👉 Disaster recovery is a lot like a fire drill. You practice it to be prepared, but you're always a little worried that the practice itself might cause a problem. For organizations, running a real disaster recovery test for their data warehouse could mean risking up to 15 minutes of data loss. 🤯 👉 Imagine telling your CEO, "We practiced for the worst, and in doing so, we accidentally caused a small-scale disaster." It's a lose-lose situation that keeps teams from properly testing their systems and ensuring they're truly ready for an unplanned outage. The Solution: A Gentle Nudge, Not a Hard Shove 👉 This is where the new soft failover feature for BigQuery Managed Disaster Recovery comes in. Instead of a "hard failover" that aggressively switches your system, soft failover is like a gentle, controlled transition. 👉 It waits until all your data has been fully replicated to the secondary region before it promotes the datasets and compute. It's a safe, confident way to simulate a disaster without the risk of data loss. ✅ The Benefits: Sleep Soundly at Night 👉 Zero Data Loss: You can run disaster recovery drills without the fear of losing valuable information. This ensures your data is always safe, even when you're testing your defenses. 👉 Boosted Confidence: Teams can confidently perform simulations to meet compliance requirements and prove their readiness. 👉 Greater Control: This feature gives you the power to manage your disaster recovery process with precision, knowing that the system won't transition until everything is perfectly aligned. In a world where data is everything, having a reliable way to protect it is non-negotiable. This feature isn't just about technology; it's about giving teams the confidence they need to focus on innovation instead of worrying about a potential disaster. Disaster recovery should be a smooth, stress-free process, not a gamble. BigQuery's new soft failover feature is a big step towards that reality, making it easier for businesses to test their readiness and protect their most valuable asset: their data. It's about being prepared, not paranoid. Stay safe out there! 🛡️ #DataAnalytics #BigQuery #DisasterRecovery #CloudComputing #GoogleCloud #DataProtection #TechTrends