Managing Dynamic Risk: How Your Campus Can Achieve Organizational Resilience in 2022

To set up for success, not only must your people be focused on a unified goal, they need to be in constant communication across departmental lines while they’re working to achieve it. During both emergencies and day-to-day operations, a well-integrated critical event management strategy and the technology to back it are crucial for getting and keeping everyone on the same page.

• By Dustin Radtke
• March 22, 2022

Hospitals, universities and other campus-based organizations are feeling the impact of multiple, simultaneous threats. In addition to the pandemic, they’re also contending with extreme weather, civil unrest and a rise in the number of active assailants—just to name a few challenges.

Even as isolated events, such threats present a significant security challenge. However, when risks cascade—that is, risk A is followed by risk B, or even causes risk B—they become more complex and difficult for organizations to manage.

This dynamic risk presents itself in three core elements: Rapid change, a threat emerging from a secondary direction or event and some level of surprise. The outcome is an ultimate harm different than the initially expected harm. For example, an organization might have a plan in place to shelter during a tornado, but not one for the evacuation that would be needed if the storm were to cause gas leaks on or near campus, or power outages during the middle of winter. Without a line of sight into what’s happening in the area on and around campus, institutions will find it exceedingly difficult to make fast, informed decisions. To do so, they need faster, more relevant intelligence.

Though dynamic risk has become more common, many organizations remain unprepared. Only 30 percent of security and risk management professionals feel confident they can handle the growing complexity of future risk management, as a survey we recently commissioned with Forrester Consulting found.

While 99 percent of organizations experienced a critical event in the last 18 months, only 38 percent cited “becoming more proactive” as a goal for their future risk management endeavors.

This disconnect must be addressed head-on if campus security leaders are to execute more effective responses to dynamic risk. Here are three steps organizations must take to safeguard their people and achieve organizational resilience.

Step 1: Define What Organizational Resilience Means to You

Organizational resilience is broadly defined as “the capacity to absorb stress, recover critical functionality, and thrive in altered circumstances,” according to Harvard Business Review. But across your organization’s size (and industry), it will look different to each individual group or team. At universities, upper management priorities are focused on reputation and enrollment, while coaches want to ensure athletes can travel safely from the practice fields to the next competition. In healthcare systems, the top priority of surgical teams will be the patient on the table, while healthcare administrators are primarily concerned about ambulances reaching their destinations as quickly as possible and ensuring the safety of patients and their families who reside inside the doors of the building.

Rather than assume each department in your organization—care management, population health, senior leadership, etc.—has the same definition of organizational resilience, begin the conversation with senior leadership and bring the right individuals to the table to create a holistic view of resilience.
Ask questions such as: What are my benchmarks for both business continuity and organizational resilience? In other words, what does optimized performance look like for every team in your organization—and your organization as a whole? The answer will depend on the specifics of your mission and your organizational goals.
Consider potential risks and threats, or threats which have occurred recently and how they unfolded, and then identify your corresponding metrics for a successful response. Developing a clear picture of what resilience looks like and how all the pieces will fit together is the first step to making it happen.

Step 2: Align All the Elements within Your Organization

After you’ve defined organizational resilience, the next step is to identify the gaps in your plan and ensure everyone—from executives and department heads to individuals—thoroughly understands their role in responding to an unfolding crisis.

The truth is, organizations are still very likely to manage threats to their people or places in silo, from other departments. This ultimately leaves your organization exposed on multiple fronts, especially in light of the unpredictable nature of dynamic risk. When it comes to taking advantage of technology to mitigate risk, a siloed approach is particularly troublesome.

Conversely, research has demonstrated that integration builds business continuity. Alignment and integration go hand-in-hand. Highly capable firms are as much as five times more likely than less capable organizations to have an effective or optimized response to all manner of business risk. This includes information security, travel, employee welfare, data privacy and customer experience.

To set up for success, not only must your people be focused on a unified goal, they need to be in constant communication across departmental lines while they’re working to achieve it. During both emergencies and day-to-day operations, a well-integrated critical event management strategy and the technology to back it are crucial for getting and keeping everyone on the same page.

Step 3: Leverage Technology Powered by Artificial Intelligence

As a security leader, you know that timely, accurate information and effective communications are equally important when it comes to managing cascading and interconnected critical events. In many situations, getting the right information to the right people at the right time means the difference between life and death.

For example, in an active assailant event, advanced warning gives you an opportunity to lock down your campus. And if the shooter is already on your premises, you can potentially isolate their location in order to separate and protect students, patients and medical staff.

However, when it comes to risk intelligence and critical communications, traditional human-driven methods are no longer sufficient, accurate or fast enough to mitigate risk. Our world has become dominated by data, and this creates a key opportunity for security leaders. There’s too much information and it comes too fast for any individual to sort through manually. As an example, one healthcare security and safety director tried to monitor the state of local protests using multiple social media accounts and unverified tips called in by the community, only to be frustrated by the lack of clarity and accuracy. Not only was the process inefficient and time consuming, but the information gleaned was often inaccurate or already obsolete.

In a dynamic situation, you need technology that leverages artificial intelligence to vet sources and filter out the noise, allowing you to receive only information relevant to your campus operations. Thus, to enable better decisions in real time, an AI-enabled CEM platform should provide four key competencies:

• Risk Intelligence: Delivers timely, contextual and relevant information about critical events as they unfold.
• Critical Communications: Facilitates prompt and targeted communications about the scope, location and likely impact of an incident to targeted groups.
• Incident Management: Detects, records, analyzes, addresses and learns from incidents in order to return to normal function as quickly as possible.
• Control Center-Level Visibility: Collects, integrates and organizes unstructured data to improve situational awareness of the overall threat landscape.

Relative to how these four competencies will manifest, your technology selection and configuration should take into account:

• The speed of changing information
• The relevance of that information
• The usability of the interface that delivers it

In a dynamic situation, you need technology that leverages artificial intelligence to vet sources and filter out the noise, allowing you to receive only information relevant to your campus operations. Focus on granular risk intelligence with full coverage of threats that correlate to your people and property, with tightly woven filters, so you’re capturing and communicating only the most important data. You also need highly customizable information routing, so your people receive only the communications that pertain to their location or role.

The combination of speed, relevance and usability enables campus administrators to send timely and targeted alerts based on reliable information. When recipients know they can not only trust every communication as valid but know that it’s important to their well-being, security teams gain greater credibility and confidence that their messages and instructions will be followed.

Boost Your Confidence and Resilience in 2022

Without question, risk will continue to be more complex and dynamic, leaving organizations more vulnerable than ever before. To keep ahead, organizations must look at how they can achieve organizational resilience and how modern technology, like AI and big data, can help.

This is the year to say farewell to the old-school reactive approach and usher in a proactive approach backed by powerful technology. When you have an effective system and strategy for critical event management in place, campus administrator and security professionals can save time, money, effort and – most importantly – lives.

This article originally appeared in the March / April 2022 issue of Campus Security Today.