Is Your Organization Ready For A Critical Event?
Security and risk leaders are facing a world of growing risk complexity. Critical events can and do come from everywhere, so organizations of all kinds must ensure they can identify and respond as quickly, accurately, and effectively as possible. A recent study by Forrester Consulting, commissioned by OnSolve, found that many leaders struggle to master four key competencies of critical event management (CEM), leaving them less prepared to mitigate disruption and damage to their organizations when events occur. How mature is your organization’s critical event management?
Take our short self-assessment to find out how you stack up and what you can do to mitigate risk and strengthen organizational resilience.
For this assessment, we will be asking you to rate your organization in four key areas. For each area, you will be given four statements. The assessment will yield customized results and recommendations based on your responses and should take no more than 3 minutes to complete.
How much do you agree with each of the following statements about risk intelligence at your organization?
How much do you agree with each of the following statements about incident management at your organization?
How much do you agree with each of the following statements about critical communication/mass notification solutions at your organization?
How much do you agree with each of the following statements about control-center-level visibility at your organization?
Your Results Overview
The degree to which an organization successfully manages business disruptions depends on four core capabilities. Our assessment evaluates participants across four key areas of competency:
Organizations that focus on mastering core critical event management capabilities have more proactive risk awareness, stronger response, and better outcomes.
Based on your responses, your company’s overall critical event management maturity is:
Foundational organizations must increase visibility, coordination, and automation around critical event management (CEM).Recommendations:
At the foundational level, it’s likely your CEM program is reactive, disjointed, and primarily focused on responding to events after they occur. You may not have all the CEM capabilities, and they may be internally developed solutions or legacy technologies not fit for purpose. Your capabilities may not be integrated, and you might lack a centralized control-center capability to see all risks in one location. Work to mature your technology by centralizing CEM to gain better visibility of critical events and integrating capabilities for better, quicker response. Also, now is the time to begin the difficult work of coordinating CEM activities across the organization and communicating the benefit of organizational resilience to start on the path toward recognizing the value of CEM beyond a necessary cost center.
Moderate organizations must focus on centralizing critical event management (CEM) functions and integrating technologies.Recommendations:
At the moderate level, CEM functions are well-coordinated across a cross-functional team. You likely have all the CEM capabilities, and they may or may not be integrated. Work to centralize the management of critical events across all areas of the organization and integrate your CEM technology with other risk management systems. Although response and notification workflows are largely well-documented, drive toward automation of early warnings and frequently used actions. Track statistics and use metrics to show levels of preparedness across different risk event types (i.e., cyberattack, physical security event, IT failure, natural disaster) as well as preparedness of different business areas. Report these metrics regularly to stakeholders. Test your plans and CEM capabilities at regular intervals with the appropriate stakeholders. While you are leading your organization in the right direction, there are more steps to take in communicating the value of CEM beyond a necessary cost center.
Optimized organizations must continue to advance and mature critical event management (CEM) efforts to strengthen organizational resilience.Recommendations:
At the optimized level, your CEM program is seen as a value center that directly contributes to your organization’s ability to quickly and proactively respond to critical events that threaten your organization. Strategic business and reputational considerations are embedded into daily activities and decisions made by the team. CEM capabilities are state-of-the-art, integrated, and automated for maximum efficiency. You continually look for ways to mature your capabilities to be predictive or forward-looking for the purpose of contextualizing and communicating early warning signs of critical events on various business areas (i.e., operations, supply chain, IT). Use metrics from your CEM program to optimize the effectiveness of mobilization and response plans for emerging risk events. In addition to regular testing of plans and CEM capabilities, you proactively educate other organizations and are a thought leader on CEM implementation. You strive for organizational resilience and know that it is an ongoing activity that your team continues to assess and optimize.
Read the research
Thank you for taking the time to complete this assessment! Click here to read the full Forrester report commissioned by OnSolve.
Ready to get started?
Schedule a free, no obligation risk consultation with one of OnSolve's risk intelligence experts.
Schedule a free, personalized risk assessment with one of OnSolve's risk intelligence experts.
Schedule a demo to see how the OnSolve platform for critical event management can help you strengthen your organizational resilience
Methodology And Disclaimers
In this study, Forrester conducted an online survey of 469 decision-makers in risk, security, and business continuity at midsize to large enterprises in North America and the UK to evaluate the current state of their risk management and critical event management strategy. The study was completed in August 2021.
Although great care has been taken to ensure the accuracy and completeness of this assessment, OnSolve and Forrester are unable to accept any legal responsibility for any actions taken on the basis of the information contained herein.