5 Lessons Security Leaders Should Learn from COVID-19

TorchStone’s David Niccolini, executive vice president and co-founder, and Scott Stewart, vice president, describe insights security leaders can take away from their pandemic experiences.

  1. The need for scenario-based planning

    Tabletop exercises or “blue sky” sessions before a crisis hits are extremely useful in helping company leadership develop an understanding of probable and possible crises. This type of scenario-based planning can help prevent what the 9/11 commission called “a failure of imagination.”

  2. The importance of contingency plans to build resilience

    Based on your scenario-based planning, company leadership must develop contingency plans. While contingency planning cannot provide you with the exact solution for every possible crisis that might occur, the planning process will force leadership to think through and plan out issues such as communication, corporate priorities, and potential emergency actions. While no one could have precisely predicted how COVID-19 would unfold, in the wake of SARS and MERS, many companies did develop plans for a potential global pandemic, and when COVID-19 hit, they were much better prepared to face it than companies without plans.

  3. The need for flexibility

    Since it is very unlikely that a crisis will play out exactly as your contingency plan anticipates, a great deal of flexibility is needed during a crisis and plans must be adjusted to account for unknowns. If you attempt to follow a plan too rigidly, you can develop tunnel vision and your response will become fragile and prone to shatter. Thus, plans should be viewed as guidelines that provide general direction and guard rails, not an exact recipe for success. However, the need for flexibility does not mean that planning can be abandoned altogether, attempting to build a plan reactively during a crisis will often lead to failures or perhaps disaster.

  4. There are business opportunities during a crisis

    While many companies will suffer during a crisis event, there are always business opportunities available to those in a position to capitalize upon them. Companies who have items 1-3 above will be able to move more rapidly from “crisis mode” to “maintenance of a crisis,” which are two very different things. Once a company reaches maintenance point, they will be able to recognize and seize upon real opportunities that present themselves. This provides a distinct advantage over competitors who remain in crisis mode.

  5. The need to prepare for the next crisis

    Moving into maintenance mode also allows you to begin to look for – and plan for – the next crisis – and as we’ve learned in the post 9/11 world, the next crisis is coming. For example, at the present time many people are laser focused on the challenges that the COVID-19 crisis is presenting; and with good reason, as these are unprecedented and challenging times. However, we believe that a myopic focus on COVID-19 is preventing some from preparing for the very real possibility of a crisis caused by significant civil unrest in the U.S. (and elsewhere) in the coming months.

At this year’s GSX+, Stewart will present on Insider Threats in a Borderless Work Environment. Stewart is also a contributor to Security Management magazine, including an online exclusive Q&A earlier this year on Security’s Role During a Pandemic Response.